Avatar
Rohit Gudi - Lead DevSecOps and Platform Engineer

Navigation

Rohit Gudi

Professional Summary

Highly accomplished Lead DevSecOps and Platform Engineer with over 9 years of experience in architecting, implementing, and securing robust, scalable, and highly available cloud-native infrastructure. Proven ability to lead transformational initiatives, seamlessly integrating security (“shift-left”) into CI/CD pipelines and the SDLC. Expertise in Kubernetes orchestration, cloud security (AWS, Azure), Infrastructure as Code (IaC), automation (Python, Bash, Go), and container security (Docker). Adept at fostering Site Reliability Engineering (SRE) practices and driving operational excellence in fast-paced, complex environments. Seeking to leverage deep technical skills and a security-first mindset to build and protect cutting-edge platforms.

Download Resume (PDF)

Skills Summary

Cloud Platforms & Security

  • AWS (EKS, Lambda, Step Functions, CloudFormation/CDK, IAM, VPC, S3, RDS, API Gateway, CloudFront, WAF, Security Hub, Quicksight)
  • Azure, GCP (Basic)
  • Cloud Security Best Practices, Shared Responsibility Model, IAM, Network Security (Security Groups, WAF)
  • Data Encryption, CSPM Concepts

Containerization & Orchestration

  • Kubernetes (EKS, Generic), Docker, Helm
  • Container Security (Image Scanning - Trivy/Clair concepts, Runtime Security - Falco concepts, RBAC, Network Policies)
  • Distroless Images, Service Mesh Concepts (Istio)
  • OCI Artifact and Registry Management

CI/CD & Automation

  • Jenkins, GitLab CI, GitHub Actions, Codefresh, Spinnaker, Artifactory
  • CI/CD Security Integration (SAST, DAST, SCA, Secrets Scanning)

Infrastructure as Code (IaC)

  • Terraform, Ansible, CloudFormation, AWS CDK, Packer
  • IaC Security Scanning (Checkov, Terrascan concepts)

Security Tools & Practices

  • SAST (e.g., SonarQube concepts), SCA (e.g., Snyk concepts), DAST (e.g., OWASP ZAP concepts)
  • Secrets Scanning, Vulnerability Management, Threat Modeling Concepts
  • Incident Response Concepts, OWASP Top 10, Compliance Frameworks (PCI-DSS, GDPR, HIPAA concepts)

Scripting & Programming

  • Python3, Golang, Shell (Bash), Javascript (Node.js), Rust (Basic)

Observability & Monitoring

  • Prometheus, Grafana, Datadog, ELK Stack, Splunk, New Relic, AppDynamics
  • Sysdig, SignalFx, AWS X-Ray, SumoLogic, OpenTelemetry (otel), Zabbix, Nagios

Databases & Data

  • PostgreSQL, MySQL, MSSQL, NoSQL (DynamoDB, MongoDB)
  • ElasticSearch, Redshift, Snowflake, Databricks

Operating Systems

  • GNU/Linux, Windows Server

Version Control

  • Git, GitHub, GitLab

Soft Skills

  • Collaboration, Communication, Problem-Solving, Leadership, Mentoring
  • Adaptability, Security Mindset, Proactive Ownership, SRE Principles

Professional Experience

Capital One | Principal DevSecOps Engineer / Software Engineer | Remote | 07/2022 – Present

  • Engineered a reusable serverless framework using AWS Lambda (Python) and Step Functions for Quicksight resource lifecycle management, incorporating secure IAM roles and data handling practices, reducing Quicksight setup time by 50%.
  • Led the design and implementation of a Helm-based deployment strategy for a BYOC solution, ensuring secure configurations and integrating container vulnerability scanning, reducing customer onboarding time by 30%.
  • Authored secure and reusable AWS CDK projects to scaffold multiple Kubernetes distributions in air-gapped environments, establishing a secure K8s platform for commercialized products.
  • Developed “platform agents” in Rust using wstunnel for secure, bidirectional tunnels for remote cluster management and automated configuration updates, reducing manual configuration errors by 70%.
  • Automated secure AWS infrastructure deployments using Jenkins pipelines and IaC (Terraform/CDK), significantly improving developer self-reliance and reducing provisioning time by 80%.
  • Championed the adoption of Site Reliability Engineering (SRE) practices, resulting in a 15% improvement in key service reliability metrics.
  • Led a team in architecting and deploying serverless machine learning model training and inference solutions.
  • Spearheaded the development of a Direct-to-Consumer (DTC) product platform, focusing on Kubernetes-native deployments and developer experience.
  • Architected and secured the software supply chain, including OCI artifacts, implementing robust security measures and best practices.
  • Developed automated tooling for scanning Kubernetes environments for vulnerabilities and misconfigurations, enhancing overall security posture.
  • Created and maintained Helm charts to enforce security best practices, hygiene, and prevent common security misconfigurations in Kubernetes deployments.
  • Built and managed an internal platform for hosting and distributing open-source artifacts, streamlining developer access and improving efficiency.
  • Implemented and took ownership of SPIRE/SPIFFE, providing secure workload identity and authentication within the Capital One infrastructure.
  • Led the initiative to integrate SigStore projects for automating artifact signing and providing attestations, SBOMs (Software Bill of Materials), and other critical artifacts to customers.
  • Focused on enhancing Kubernetes security and management, while empowering developers with automated tools for testing and deploying their products on Kubernetes.

Slalom | Cloud Engineering / Cloud Enablement Consultant | Remote | 09/2020 – 07/2022

Consulted for Salesforce:

  • Orchestrated YubiKey FIDO-compliant authentication architecture using Golang microservices.
  • Designed and implemented reusable monitoring dashboards (Grafana/Prometheus), reducing MTTR by 20%.
  • Architected and managed secure cloud/hybrid solutions with secure identity management.
  • Integrated Mulesoft services securely into EKS using Spinnaker CI/CD.

Consulted for Capital One (via AWS Professional Services):

  • Managed secure Kubernetes (EKS) deployment and automation with SAST/SCA scanning.
  • Modularized Terraform scripts and achieved 95% deployment consistency.
  • Provided expertise in secure configuration of API Gateway, CloudFront, and AWS WAF.
  • Implemented gRPC and REST services on multi-region ECS clusters with automated security checks.

Cadent | Senior DevOps Engineer | Remote | 05/2019 – 09/2020

  • Standardized secure infrastructure deployment with reusable Terraform modules.
  • Led Cadent’s initial AWS environment setup with optimized network design.
  • Championed the adoption of Datadog (improving monitoring by 60%) and Docker (reducing setup time by 75%).
  • Automated critical production tasks using Ansible, saving 15 hours weekly.
  • Architected and implemented AWS microservices strategy leveraging Kubernetes (EKS), Lambda, Kinesis, Fargate, and AppSync.
  • Streamlined Kubernetes deployments with standardized Helm chart templates, improving reliability by 40%.

iCIMS | Systems Engineer | Tinton Falls, NJ | 03/2016 – 04/2019

  • Led the migration of 4,000+ customers to SparkPost ESP with 98% delivery success.
  • Re-architected communication systems into secure microservices.
  • Enhanced email security and reduced spam complaints from 15% to under 2%.
  • Scaled and managed monitoring infrastructure for 11,000+ web portals.
  • Introduced Docker-based microservice deployments.
  • Led configuration management using CloudFormation and Ansible, reducing server setup time by 50%.

Education

B.S. Information Technology – New Jersey Institute of Technology (NJIT), Newark, NJ