SUBRAMANIAN SWAMINATHAN

Projects & Solutions

• AWS PAM: Designed and implemented a Privileged Access Management System for AWS across the organization, integrating Slack workflows for seamless approval and rejection processes.
• Chatbot Framework: Developed a serverless solution to handle various AWS notifications, including Health, Cost Anomaly, GuardDuty, and Shield DDoS alerts, delivering updates to Slack channels in real-time.
• CloudFront Implementation: Played a key role in implementing CloudFront for Straits Times' web application, designing efficient caching strategies to optimize performance.

Infrastructure Lifecycle Management

• Contributed to internal and open-source Terraform modules for AFT, application infrastructure, and workload identity management.
• Managed multi-cloud resources across AWS, GitHub, Opsgenie, New Relic, and HashiCorp Cloud Platform (Terraform Cloud, HCP Vault, HCP Consul).

Cost Optimization

• Reduced GitHub-hosted runner usage by transitioning tasks to self-hosted runners, cutting costs significantly.
• Optimized Terraform Cloud to Vault authentication mechanism, reducing the number of clients by 60% and achieving significant savings while maintaining security.

Vendor Management & Commercial Governance

• Led vendor tenders and RFQs for GitHub, HashiCorp tools, and New Relic, supporting procurement and cost governance.

Compliance and Governance

• Implemented AWS Organizations and Control Tower to manage multi-account environments with centralized governance. Aligned designs with the AWS Well-Architected Framework pillars to enhance performance, reliability, and security.
• Automated Shield alerts integration with OpsGenie and Slack for operational efficiency.
• Deployed GitHub Advanced Security to monitor vulnerabilities and enforce secure coding practices.
• Developed and enforced HashiCorp Sentinel Policies for Terraform Cloud to maintain compliance.
• Defined Service Control Policies (SCPs) for AWS accounts and GitHub rulesets to ensure governance protocols.

Security

• Managed DDoS mitigation using AWS WAF rules, rate limiting, and application-level threat protection.
• Leveraged AWS Security Lake to debug and analyze WAF, CloudTrail, and VPC Flow logs.
• Deployed Vault Radar for secret monitoring across GitHub, Terraform Cloud, JIRA, Confluence, and Slack.
• Integrated CodeQL, Checkov, and Trivy into CI/CD pipelines for proactive security enforcement.

Monitoring and Dashboards

• Built QuickSight dashboards for Security Hub, Terraform Cloud, and GitHub, providing actionable insights using S3, Glue Catalog, and Athena.
• Analyzed AWS CloudFront and ECS logs to identify performance bottlenecks and optimize workflows.
• Led org-wide credential incident response, rapidly revoking and rotating GitHub credentials and driving adoption of GitHub Apps over PATs for most application use cases.

Developer Experience Enhancements

• Reduced Terraform Cloud workspace modification time from 14 minutes to under 1 minute.
• Accelerated CI/CD merge queue security checks from 17 minutes to 5 minutes.
• Developed a reusable GitHub Action workflow to track deployments across the organization.
• Implemented Backstage as an internal developer platform to enhance team productivity.

Innovation and Exploration

• Contributed feedback to HashiCorp on Terraform Stacks, Vault Radar, and Sentinel Policies, driving operational improvements.
• Evaluated tools like Semgrep and Open Policy Agent (OPA) for advanced policy-as-code implementation.

Team Guidance and Ownership

• Led a team of 5 engineers, mentoring them in various projects including HCP Vault workload identity and Terraform optimizations, resulting in a 30% improvement in deployment efficiency.
• Took ownership of key infrastructure automation tasks, driving alignment with business objectives and technical excellence.

• Cloud Architecture & Development:
  Designed and managed applications on AWS, supporting 50+ sites with shared codebases and custom workflows. Led backend API development and product feature enhancements using Drupal/PHP.
• Integration Projects:
  Integrated 3rd-party services like Zoom, Turnitin, and Twilio. Implemented standards like SCORM and LTI, and search functionality with AWS CloudSearch.
• Serverless & Automation:
  Built and automated tasks using AWS Lambda, Step Functions, and Zapier. Developed SSO solutions (SAML, OAuth 2.0) for platforms like AzureAD and OneLogin.
• Performance Monitoring & Optimization:
  Improved application performance with tools like New Relic and AppDynamics. Conducted MySQL query analysis using Percona Toolkit and load testing with JMeter and Loadium.
• Security Enhancements:
  Implemented AWS WAF ACLs for OWASP Top 10 protection. Analyzed WAF logs with Kibana and secured S3 assets with CloudFront Signed Cookies. Identified and fixed API vulnerabilities with SQLMap.
• DevOps & CI/CD:
  Streamlined deployments with Bitbucket and Jenkins pipelines. Containerized applications using Docker and automated infrastructure provisioning with Terraform and Ansible.

• Part of Application Development & Support team, supporting applications of Sun Micro systems
• Involved in development of web interface for user management using Java, Java Server Pages, Servlet, JDBC, MySQL