Dice Resume CV Ehsan Teymourian
Dice Resume CV Ehsan Teymourian
Dice Resume CV Ehsan Teymourian
PROFILE
Independent Consultant with more than thirteen years working experience with both vendors and clients in IT
networking industry.
More than six years’ experience as a Cloud and Security Architect, with holding Security Clearance.
Spearheading and ownership of concepts and architectural areas of need across IAM security domains as it related to
cloud security.
Serve as trusted advisor to key business and technology partners – CIO, CISO, Head of Cloud, Head of Infrastructure.
Lead Cloud Architect of First Canadian Government Cloud Migration Project of Public Services and Procurement
Canada, PSPC.
Hands on experience in architecting, designing and implementing of Microsoft Azure, Amazon Web Service, Cisco,
Palo Alto and F5 solutions.
Assets: Cisco CCIE, CCDP, AWS Certified Solutions Architect - Professional and Azure Solutions Architect Expert.
Expert at migration of on-premise DCs and Applications to AWS and Azure Public Cloud.
SKILLS
Microsoft Azure Services:
VNet, ARM Template, PowerShell DSC, Azure Automation, VM Availability, VM Scaling, Dockers, Container,
Traffic Manager, Load Balancer, Application Gateway, Log Analytics, Network Watcher, Express Route, Azure Site
Recovery, Azure Back up, Azure Migrate, Azure app service, Logic App, Functions, Cosmos DB, Relational DB.
AAD, AAD B2C, ADFS, AD Connect, Web Application Proxy(WAP),PIM, Azure Firewall, NSG, ASG, WAF, DDOS,
Azure SQL Firewall, VPN, Azure Monitor, Azure log analytics, Azure Security Center, Sentinel(Azure SIEM), Azure
Policy, Azure Threat Prevention(ATP), Key Vault, Network Watcher.
Amazon Web Service:
EC2, EBS, Auto Scaling Group, ASG, Different Load Balancer types in AWS, ALB, NLB, CLB, Hybrid DNS
Architectures in AWS, Route53, AWS VPN Tunnels, Open Swan, EC2 VPN, RDS, S3, DynamoDB, RedShift, EFS,
Kinesis, CloudWatch, CloudTrail, SQS, SNS, CloudFront, ElastiCache, Lambda, ECS, AWS OpsWorks, AWS Control
Tower, Elastic BeanStalk, Storage Gateway, AWS Server Migration Service, AWS Service Cataglog, WAF.
AWS IAM, AWS SSO, Amazon Cognito, AWS Directory Services, AWS Resource Access Manager, AWS security
Hub, Amazon GuardDuty, Amazon Inspector, Amazon Detective, AWS Shield, AWS WAF, AWS Firewall Manager,
Amazon Macie, AWS KMS, AWS CloudHSM, AWS Secrets Manager, AWS Artifact, AWS Cloudwatch, CloudTrail
Google Cloud:
Compute Engine, Cloud Interconnect, Network Service Tiers, Virtual Private Cloud. Cloud IAM, Stackdriver, Cloud
SQL, Cloud Spanner, Cloud Bigtable, Cloud Datastore, Cloud Storage, Persistent Disk, App Engine, Cloud Functions.
Cloud Security, Identity and compliance features:
Tenant security, RBAC, MFA, SAML Auth, Application onboarding, Conditional Access, Account managements, SSO,
Just in time Access (JIT), Data security in motion and at rest, Storage security, container security, Governance and
RBAC, VM and End-Point Security, vulnerability scanning and risk assessment.
Load balancing: F5, GLSB, HA, LTM, ASM, APM, CGNAT, SSL Orchestrator, GTM, iRule and Automation with
Ansible. NetScaler, Securing traffic, Load Balancing, SSL Offloading, Traffic Handing, Content Switching, NS
Gateway,
Routing & Switching: Nexus NX-OS, leaf and Spine, FabricPath, VXLAN, VDC, EIGRP, OSPF, BGPv4, GRE,
MPLS, IPv6, Traffic Engineering, Policy Based Routing PBR, Route Filtering, Redistribution, Summarization,VTP,
STP, MST, RSTP+, Trunking, VLANs, Layer 3 Switches, Logical Ether Channels, VPC and MLS.
Security: Working with vulnerability assess management tools, Radius, TACACS+, Cisco Authentication Proxy,
Access Lists, IOS Security, 802.1x, DDoS prevention, Cisco IDS, Cisco IPS, Cisco CSA.PKI, CA, Cisco Secure ACS,
Cisco VPN Client, Cryptography, AAA. Manage Cisco PIX/ASA, Palo Alto, Checkpoint and Juniper Firewalls.
Various Features & Services: IOS Features, HSRP, VRRP, GLBP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS,
HTTP, TFTP and FTP Management, Frame Relay.
Cisco Software’s: Cisco SDM, CCP, ACS, ASDM, vWLC, WCS, CSM, Cisco ISE
Coding: Python, AWS CLI, CloudFormation, ARM Template, KQL, PowerShell, Terraform, Ansible, Chef & Puppet.
Network Monitoring and analysis tools: Wireshark, SolarWinds, PRTG, Zabbix, Qualys, ArcSight and Splunk.
Operation systems: Unix, Linux Ubuntu/CentOS/Red Hat, MS Windows Server 2016R2/2012R2.
CERTIFICATE
Cisco Certificate Internetwork Expert – CCIE Routing & Switching (51417)
AWS Certified Solutions Architect - Professional
AWS Certified Security – Specialty
Azure Solutions Architect Expert
Microsoft Azure Architect Technologies
Palo Alto Networks Certified Network Security Engineer- PCNSE
Check Point Certified Security Administrator - CCSA
F5 Certified Big-IP Administrator - F5-CA
Citrix Certificate Professional (Netscaler) - CCP
Cisco Certificate Design Professional - CCDP
Cisco Certificate Network Professional - CCNP
Cisco Certificate Design Associate - CCDA
Cisco Certificate Network Associate - CCNA Security
Cisco Certificate Network Associate - CCNA Wireless
Cisco Certificate Network Associate - CCNA Voice
Cisco Certificate Network Associate - CCNA Routing & Switching
Certified Information System Security Professional (CISSP) - 40 hours training by Global Knowledge
Certified of Cloud Security Knowledge (CCSK) – 60 hours training at Udemy and ccskcloudsecurity.com
CompTIA Linux + Certificate
Project Management Diploma (PMD)
LTM, GTM, APM and ASM- Courses were provided by F5 Networks.
ACHIEVEMENTS
Member of the Golden Key International Honor Society. (Top 15% students in Concordia University).
Graduation Bonus Award, in recognition of good academic progress towards degree completion and best efforts to
graduate as early as possible.
EDUCATION
Master of Engineering with major in Telecommunication and Network GPA: 4.03/4.3 06/2013
Concordia University, Montreal, Quebec
Bachelor of Engineering with honors, Electronics and Telecommunications Engineering 05/2006
Mashad University, Mashhad, Iran (Rank 3rd among 120 Students)
WORK EXPERIENCE
Lead Cloud Architect 04/2019-Present
Infosys (www.infosys.com)
First and Most important Canadian Government cloud migration Project, 90 Million Dollar project of moving Public
Services and Procurement Canada (PSPC) from on-premises to Public Cloud, Primary at Azure and second DR at AWS.
Create, evolve, mature and execute a cloud migration plan that includes detailed road map and risk assessment and
mitigation approach.
Architect and implement Azure and AWS IaaS, 4 VNet for each Prod, Pre-Prod and test environment by hub and spoke
model and creating access to internet only through hub VNet.
Creating hybrid AD, Identity Canadian Access Management, ICAM after 6 months rejection of Azure AD by GC.
Solution included migration of GC AD to a VM in Cloud and connecting to ADFS, AD Connect and WAP.
Install and maintain Sentinel, Azure SIEM solution, collect data from all azure and non-azure resources, analyse and
automate the response for all abnormal behaviour with Azure playbook and Azure notebook.
Install AWS control Tower for many B2B TD Banks clients, creating Landing Zone, SSO, account template, detective
Guardrail to notify changes to IAM roles and log access to monitor and police near 20 Organization Units.
Architect and implement ICAM, SSO, MFA, JITs, Conditional Access, Resource Groups, VPN, Express Route, Traffic
Manager, Application Gateway, Load Balancer, VMs, Storage, SQLs, Application Gateways, and Auto Scaling, NSG.
Architect and Implement high availability and resiliency to meet RTO of 12 hr and RPO of 30 minutes by Azure Back
up and Azure ASR. Used ASR for IAM service to have near real time high availability.
Architect and implement SOC for GC with Azure Security Center, Azure Sentinel, Azure Policy and Azure Monitor.
Implementing PBMM and CIS benchmark for compliance across GC cloud by Azure Policy and Azure Security Center.
Automated OS patches and VM auto startup and stop operations and other changes via Azure Automation account.
Architect and implement AWS Warm DR at AWS by CloudFormation and AWS Lambda, VPC, S3, EC2, ALB, ASG,
AWS Firewall, Security group and many other services.
TD. (www.td.com)
Team Lead of Cloud Architecture team 05/2017-04/2019
Team Lead of twelve Senior Architects to provide supervision and overarching leadership to the technical staff.
Providing a point of coordination for all security related activities, coordinating between Technology Risk Management
& Information Security (TRMIS), Risk & Control, Internal/External Audit and TDS Technology Solutions team.
Architecture and implementing Azure IaaS and AWS IaaS Data Center from scratch to migrate TD Bank Applications to
public cloud. Main Services included Azure IAM, PIM, VNet, Resource Groups, VPN, Express Route, Traffic Manager,
Load Balancer, VMs, Storage Account, Application Gateways, and Auto-Scaling, Network Security Group (NSG), ASR,
Office 365, Azure AD, ADFS, Azure Automation and Cost Reduction.
Lead Architect of migrating over 50 on premise applications and servers using Azure Site Recovery (ASR) and securing
environment by Azure Firewall, NSGs, VPCs, VPNs also providing access to those applications through RBAC, MFA
and conditional access.
Building AWS IaaS in two regions including 22 EC2 instances, 8 Private VPCs, Route53, ALB, NLB, EBS, S3 and RDS
to host many client applications.
Lead a project of Private Cloud to design and implementation of Virtual Palo Alto and BIG IP VE integrating with
VMware NSX for downstream and Cisco 9K and 7K for upstream to host TD applications.
Design and implementation of Office 365 at Microsoft Azure Cloud with AAD and IAM and PIM services.
Developed an AWS security roadmap which included the AWS Services and 3rd party tools to be utilized in the AWS
Cloud for security Monitoring.
Enabled and configured CloudTrail logs for all VPC’ in all AWS account. Also created and encrypted S3 Bucket for all
CloudTrail Logs Encrypted Bucket and adjust Bucket policy to allow MSSP to access the logs.
Installed and configured Amazon’s Inspector. Create Targets and templates and scheduled assessment runs on all EC2
instances in the AWS account and notified instance owner of vulnerabilities found. Also created Lambda function to
automate Inspector scans in 15 AWS accounts.
Enabled AWS Config to monitor changes in company AWS accounts. Developed AWS Config rules to monitor for
unencrypted volumes and untangles resources in all accounts. Also used AWS Config rules to evaluated AWS resources
for compliance and set up SNS notification for that.
IaaS Infrastructure design, such as VPC, VNet, Express route, VPN at Azure and AWS for many applications.
Design and implementation of network analysing tools of Splunk and NetScout across TD network.
Working with internal and external vulnerability assessment scanning tools such as Qualys to align TD applications with
TDS and PCI compliance governance rule.
Direct relation with clients to outsource their Infrastructure and assisting them to move their applications to AWS cloud.
Create SOW, HLD, LLD and POC for all cloud and infrastructure projects.
AWS services including VPC, LB, NLB, Security group, Route 53, Cloud Front, S3, EC2, EBS and etc.
Cisco Nexus Family of 3K, 5K, 7K and 9K, Cisco Load Balancers (ACE), Cisco Firewalls, Cisco Security Manager.
Palo Alto, Check Point and Juniper, Firewalls/VPN appliances.
F5 Local traffic managers LTM, Global traffic managers, GTM, Access security Manager, ASM, Access Policy Manger,
APM and Netscaler Load Balancer.
Design and implement many projects including Fabric Path, STP, VTP, EIGRP, OSPF, BGP. and VPN technologies,
etc…) to determine scope and effort required.