profile-pic
Vetted Talent

Subhendu Sekhar Patro

Vetted Talent

A passionate DevOps Engineer with 4+ years of relevant experience. I aim to leverage my expertise to optimize and automate infrastructure management, streamline CI/CD pipelines, and ensure robust monitoring and security practices. With a particular focus on Kubernetes, I seek to enhance container orchestration, deployment scalability, and cluster management within a dynamic and forward-thinking organization

  • Role

    AWS DevOps Consultant

  • Years of Experience

    5 years

  • Professional Portfolio

    View here

Skillsets

  • Terraform - 4 Years
  • AWS - 4 Years
  • Git - 5 Years
  • automation
  • CI/CD
  • Containerization
  • Kubernetes - 4 Years
  • Orchestration
  • Scalability
  • Security practices
  • AWS Tools
  • Sast & dast tools
  • Build Tools
  • Operating Systems
  • cluster management
  • Docker - 4 Years

Vetted For

15Skills
  • Roles & Skills
  • Results
  • Details
  • icon-skill_image
    Senior Software Engineer, DevOpsAI Screening
  • 62%
    icon-arrow-down
  • Skills assessed :infrastructure as code, Terraform, AWS, Azure, Docker, Kubernetes, 組込みLinux, Python, AWS (SageMaker), gcp vertex, Google Cloud, Kubeflow, ml architectures and lifecycle, pulumi, seldon
  • Score: 56/90

Professional Summary

5Years
  • Feb, 2023 - Present3 yr 3 months

    AWS DevOps Consultant

    Minfy Technologies
  • Feb, 2023 - Present3 yr 3 months

    Consultant

    Minfy Technologies
  • Mar, 2019 - Apr, 20223 yr 1 month

    DevOps Engineer

    Globallogic
  • Mar, 2019 - Apr, 20223 yr 1 month

    Support Engineer

    Globallogic

Applications & Tools Known

  • icon-tool

    Docker

  • icon-tool

    Kubernetes

  • icon-tool

    ECS

  • icon-tool

    Jenkins

  • icon-tool

    AWS CodePipeline

  • icon-tool

    Terraform

  • icon-tool

    CloudFormation

  • icon-tool

    EC2

  • icon-tool

    EBS

  • icon-tool

    VPC

  • icon-tool

    IAM

  • icon-tool

    Lambda

  • icon-tool

    API Gateway

  • icon-tool

    EKS

  • icon-tool

    SQS

  • icon-tool

    SNS

  • icon-tool

    CodeDeploy

  • icon-tool

    S3

  • icon-tool

    Grafana

  • icon-tool

    Prometheus

  • icon-tool

    ELK

  • icon-tool

    Cloudwatch

  • icon-tool

    Dynatrace

  • icon-tool

    Rapid7

  • icon-tool

    OWASP ZAP

  • icon-tool

    Maven

  • icon-tool

    Gradle

  • icon-tool

    NPM

  • icon-tool

    Windows

  • icon-tool

    Linux

  • icon-tool

    Jira

  • icon-tool

    Github

  • icon-tool

    ServiceNow

Work History

5Years

AWS DevOps Consultant

Minfy Technologies
Feb, 2023 - Present3 yr 3 months
    Centralized Ci-Cd setup with Aws Code-pipeline for Cross account Deployments. Created infra with CFT. (Lambda, Api gateway, SQS, SNS, RDS, CodeBuild, CodePipeline, S3, Cloudfront, WAF, Cloudwatch) Ensured app admins to receive a mail triggered each time application produces an ERROR log. Implemented Lambda functions with SQS and API gateway triggers. Lambda layers were updated with required modules. Configured API gateway to route traffics to appropriate backend microservice with resource and method settings. Enabled Authorization at API Gateway with Cognito to ensure users with valid JWT tokens only can access our backend application. Creation of api-keys and attaching them with Usage plans based on customers requirement.

Consultant

Minfy Technologies
Feb, 2023 - Present3 yr 3 months
    As a part of Dr. Reddys, roles and responsibilities were diversified. Administrated Jenkins and aws accounts and closely worked with CloudOps, InfoSec, Monitoring and Development teams. Enabled matrix-based authorization strategy and Fine-Grained Access policy to restrict users access to their particular project. Provision of EKS cluster with Addons and HPA enabled. Provision of Ingress Controller and fluent-bit for logs exporting to cloudwatch/ELK. Creating namespaces with RBAC enabled and giving Fine-grained access to developers. Deployed application in ECS which involves creating Task-definitions, Services, Service discoveries and load balancers based on requirements. Deployed frontend application in AWS Amplify/Cloudfront. Configuring URL path parameters and query string parameters in REST Api gateway to tweak the incoming request and integrating with backend services like Private NLB with VPC Links. Attached SQS, Lambda as target to API method integration to route the traffic effectively. Created Pipeline jobs in Jenkins in collaboration with DevSecOps team. Maintaining Jenkins server. Writing jenkinfiles, managing Jenkins agents, Plugins etc.

DevOps Engineer

Globallogic
Mar, 2019 - Apr, 20223 yr 1 month
    Created required infrastructure and networking setup for Developers to deploy their applications. Integrated AWS Rest API Gateway for Routing the Backend microservices. Enabled mTLS in REST Api Gateway by creating a trust store in s3 bucket. Maintaining DNS records in route53, Creating SSL certificates with ACM. Deployed application in Kubernetes which involves provision of CRDs, Deployments, Statefulsets, PV, PVC, Secrets, CSI drivers.

Support Engineer

Globallogic
Mar, 2019 - Apr, 20223 yr 1 month
    Communicating with Developers and Implementing best security practices in SDLC. Implemented Git Branching strategy, Shadowed senior team members during Critical tasks/failovers. Monitored Grafana Dashboards and reported respective App owner in case of Alerts. Created Jenkins jobs with Maven, Junit, Sonarqube and deployed in Ec2 instance. Was a part of DevOps team in a support role during the migration of application form Ec2 to ECS.

Major Projects

4Projects

MATSON

Feb, 2023 - Present3 yr 3 months
    Centralized CI-CD setup with AWS CodePipeline for cross-account deployments. Created infrastructure with CloudFormation templates. Ensured app admins receive mail triggered each time application produces an ERROR log.

Dr Reddys

Mar, 2023 - Present3 yr 2 months
    Administrated Jenkins and AWS accounts closely worked with CloudOps, InfoSec, Monitoring, and Development teams. Provision of EKS cluster with addons and HPA enabled.

USAA

Mar, 2019 - Apr, 20223 yr 1 month
    Created required infrastructure and networking setup for Developers to deploy their applications. Integrated AWS Rest API Gateway for routing the backend microservices.

Technoxander

Aug, 2021 - Apr, 2022 8 months
    Communicating with Developers and implementing best security practices in SDLC. Monitored Grafana dashboards and reported respective App owner in case of alerts.

Education

  • B.Tech

    Vignan Institute of Technology and Management, Berhampur, Odisha (2018)

AI-interview Questions & Answers

Hey. Hi. So first of all, thanks for the opportunity. So this is Shubhinde. It will basically belong to Odisha. We are currently staying in Hyderabad. So, I hold around 4 and a half years of experience in AWS, which includes various AWS tools such as EC2, EBS, S3 buckets, and API gateway, load balancer, ECS, and EKS, all those things in AWS. But apart from that, in DevOps tools, I have good experience in Jenkins, Docker, Kubernetes, and there are few DevSecOps tools as well, such as JAP, SonarQube, HadoLink, and Kubelinter. These are the few tools which I have worked on. And for monitoring and logging cases, I have worked with ELK, CloudWatch, and OpenSearch. These are the few tools I have worked with. So, I am currently working in MinuFi Technologies. It's been 1 and a half, 1.7 years to be precise. I have been working in MinuFi Technologies. So, that's pretty much it. Thank you.

Docker, Python, and AWS services. So we've been exploring the option of automating infrastructure using Terraform or Cloud Development Kit. We can use Docker, specifically Python-based Docker images. So we can run them as Lambda functions, or we can simply run them as an ECS service or if you prefer, go with Kubernetes because if you're going for EKS service, we have thought that if your application is communicating with other microservices and certified cases, we can go with the case. Otherwise, ECS would be more preferred in my point of view. So we need to create a robust CI/CD pipeline that might be if you want AWS services, we do have AWS CodePipeline using AWS CodePipeline. We'll code deploy all those agents. Using that, we can deploy our code. And the same thing, if you want to replicate the production environment, we just have to use the same safety or same tool to create a similar kind of infrastructure in higher environments as well. And for deployment, the CD is there anyway. So we can create an approval stage and move it to further environments. So that's how we can design this workflow using Docker, Python, and internal AWS services. Suppose we are communicating with Adi or something, it will be easier to communicate and establish a communication. In terms of Adi, also previously, there were services and limitations. Like, it used to be difficult creating those using OIDC and annotating that role to the service account. But now as the port identity agent came, so it becomes easier for them also to communicate.

We can use AWS CDK for infrastructure as a code. To be honest, I have never worked with AWS CDK, but I have a good idea of using TypeScript with AWS CDK. We can provision the AWS resources. The same thing applies to Terraform. If you're using Terraform as an edge infrastructure as a code tool, and you want to focus on a specific use case like network provisioning. So, in that case, both of them work fine, but Terraform gives us additional benefits. We can create one artifact, and that artifact can be deployed. Other than that, Terraform uses a state file. We can create our network in these VPCs with an internet gateway, NAT gateway, DHCP settings, route table associations, security groups, and all those technical things. We can create using both of them.

So just an automated approach to scale, Kubernetes deployment in response to increased web traffic. We can set up Horizontal Pod Autoscaling. That's something we can do. Based on requests, we can automate auto-scaling our number of pods. That too, again, we have to count the CPU and memory usage. We have to keep the resource limits as well, because in case of data centers, we should not over-provision the resources. That's one thing we can do. We can create a deployment. In a deployment, we can keep the number of replicas, the desired replica count, the minimum, and the maximum number of replicas. Again, for infrastructure level, the node groups and node pools will also have auto-scaling groups. There will be a target node group option as well, which you can choose.

Okay, for a zero downtime deployment strategy for cumulative charge data, we will be having various things, such as blueprint deployment, canary deployment, and other deployment methods like A/B testing. There are various methods, but highly, what I have seen is people are using deployment or canary. In deployment, there will be another replica of our existing application. Suppose v1 is existing, v2 will be created, and the traffic will be shifted to v2. Then v2 will be live, and v1 will be getting deprecated. That approach we can go, but in that one, resource allocation will be more. Other than that, we can do a canary deployment. The traffic will be moving slowly using a gradual traffic shift. We can also use a service mesh. In that, the traffic will be moving slowly, for example, 10% traffic will be going to v2, and 90% will be going to v1. If everything is working fine, we can slowly move forward, like 30/70, 40/60, and then eventually, v1 will be deprecated, and v2 will be fully active.

How would you include a Terraform module? Yeah, we can define Terraform modules and while we want the Terraform module in our main.tf file, we just need to call that module. If you want to reuse them in multi-cloud environments, we'll have TFR files so we can get multiple TFRs, or else we can use Terraform Registry in that case to reuse this knowledge in multiple stages. You know? So, multi-cloud infrastructure components in the sense that we need multiple providers, block and based on my understanding.

First of all, we should not be using the default key. We need to create a key each time we launch in an instance, then using data block, and we have to import that. Yeah. We just have to keep an output of that key into a file, and we need to define that file here. And security group IDs, we should not hard code. I am a spine. Extension type is fine. The key name is something that keeps this risk at bay. And the security ID should be fine. Apart from this listing, the SSS key which is being created is. We need to create that SSS key also needs to be in contact. That's one thing.

I'm not able to find an error. Maybe the three statements which have been written, I'm not sure whether that might be one issue. Other than that, Docker will have been "t" and then come. The tag needs to be very light in this case, apart from the time.

First of all, if you are going for hybrid cloud, we need to do all these steps, direct connect checkup for the network connectivity from on prem or it might be some other cloud to headless cloud. So once the network setup has been done, using Kubernetes in the sense, suppose there are a few models, not more than the models which are running the front end, we can do here. And that using Glue, we'll be able to work with the tools, the Airflow, and we will be using SalesMaker, something we might use from AWS. Those things will be communicating with each other, how to design a system to auto scale content? Like, normal given is the deployments with HP enabled. The secret should be kept in secret managers. The configuration file should be in a config map. That's it. Coming up from there. The volumes we can mount are EFS or EBS. That's how the EKS stuff works.

What methodologies would you apply in the DevOps website? Yeah. So the first of all, the assigned methodology would be applied. So there should be some sprint plans in place initially. Then once the code is there, we can check using GetGuardian or CheckMaths. And we have these tools that will be checking if there are any credentials or any vulnerabilities in our code, then we can scan the code using SonarQube. Once the scan is done, we can build it. During the build, the dependencies will be there. We can use dependency track to get an edge on the field of material. Then comes the step where once the build is done, the Docker file will be there to scan. We'll be scanning the Docker file in place. Once the Docker file is scanned, a Docker image will be created. Then we will use a few other tools to scan the Docker container. Once the Docker container is running fine and there are no vulnerabilities, we can deploy it in Kubernetes. Before deploying the application, the QB intern would be used to check the YAML files to see if they are following any complaints. Then once the deployment has been done, we need to make sure no secrets are exposed. We need to check that in terms of networking, there should not be any ports initially open to the Internet. The application should be in private subnets and exposed via a load balancer at the API gateway. If it's an API gateway, we need to make sure that the authorization step is in place. There are a few things you need to keep in consideration while deploying an application to meet the compliance guidelines. That's it. Thank you.