Vaibhav Kanchan, Developer in Hyderabad, Telangana, India
Vaibhav is available for hire
Hire Vaibhav

Vaibhav Kanchan

Verified Expert  in Engineering

Cloud Security Developer

Hyderabad, Telangana, India

Toptal member since July 28, 2024

Expertise
LinuxAWSTerraformDevOpsPythonAWS LambdaOpenStackCybersecurity
Bio

Vaibhav is a seasoned cloud security specialist with multi-cloud security posture management expertise and has substantial experience implementing zero-trust architecture, conducting security assessments, and modeling threats for payment processing clients, product-based firms, and global executive search firms. He has good expertise and understanding of DevSecops and its implementation. Vaibhav has good hands-on experience in deploying infrastructure as code (IaC).

Portfolio

Techrev Solutions
AWS Cloud Security, AWS Certified Advanced Networking - Specialty...
HighRadius
AWS HA, Azure, GCP Security, CSPM, Cloud Security, SIEM...
ThoughtWorks
AWS Cloud Security, Azure Cloud Security, DevOps, Amazon EKS, CSPM...

Experience

  • Linux - 11 years
  • AWS Cloud Security - 5 years
  • DevOps Engineer - 5 years
  • DevSecOps - 4 years
  • Terraform - 4 years
  • Azure Cloud Security - 3 years
  • Bash Script - 3 years
  • GCP Security - 2 years

Availability

Part-time

Preferred Environment

Linux, AWS Cloud Security, Azure Cloud Security, DevSecOps, GCP Security, DevOps Engineer, Terraform, Threat Modeling, Security Architecture Assessment, Zero Trust

The most amazing...

...thing I've done is establish comprehensive cloud security for HighRadius Corporation, enhancing the security posture from 30% to 75% within 12 months.

Work Experience

Cloud Security Architect

2024 - PRESENT
Techrev Solutions
  • Served as cloud security architect for an ATM-based financial service provider, enhancing DevSecOps and DevOps practices and establishing secure network connectivity.
  • Utilized GitHub Actions for DevOps and employed AWS security services.
  • Deployed a secure network environment for production within two months.
Technologies: AWS Cloud Security, AWS Certified Advanced Networking - Specialty, Security Operations Centers (SOC), DevOps

Cloud Security Architect

2023 - 2024
HighRadius
  • Developed a security roadmap for the organization, defining short-, mid-, and long-term goals. Conducted security reviews to identify gaps, anti-patterns, and harmful practices within the cloud engineering operations team.
  • Developed a ransomware mitigation plan, implemented a multi-cloud backup strategy, and configured AWS single sign-on (SSO).
  • Enhanced the security posture from 30% to 75% within 12 months. Collaborated with the compliance team to get PCI and SOC 1 certification for cloud engineering environments.
Technologies: AWS HA, Azure, GCP Security, CSPM, Cloud Security, SIEM, Ransomware Attack Response, Wiz Cloud Security Platform, SOC 1, PCI

Senior Cyber Security Engineer

2020 - 2023
ThoughtWorks
  • Designed secure landing zone solution for Azure Cloud Platform using IaC code. Set up CSPM and threat detection capability using MS Defender for Cloud and SIEM setup using Sentinel. Performed threat modeling and security assessment for the aaplications.
  • Implemented least privileged model for access. Set up processes for DevSecOps, like secret detection and Snyk for SaST. Deployed Snyk check in all development and Azure provisioning pipelines.
  • Created an IaC for deploying customized EKS clusters in AWS using the AWS Service Catalog and worked on setting up AWS security controls for the client.
  • Worked on mitigating AWS security alerts using AWS Lambda and Python code.
Technologies: AWS Cloud Security, Azure Cloud Security, DevOps, Amazon EKS, CSPM, Security Architecture Assessment, Threat Modeling, DevSecOps, Snyk, Terraform, Python, AWS Lambda

Senior System Administrator

2018 - 2020
Oracle
  • Deployed OpeSstack cloud across multiple data centers. Worked on automation of patching of OpenStack clouds. Worked on a health check of OpenStack services using bash and set the Jenkins pipeline.
  • Performed a POC on multi-node Kubernetes for the Oracle development team's Prometheus and Grafana set up. Worked on the OpenStack image hardening process and image scanning using Qualys.
  • Worked on OpenStack to Oracle Cloud Infrastructure Migration and assisted in migrating one site to OCI.
Technologies: OpenStack, Oracle Cloud Infrastructure (OCI), Bash Script, Python, Jenkins Pipeline, Mirantis Certified OpenStack Administrator

Experience

Cloud Security Posture Management

Established comprehensive cloud security for HighRadius Corporation. I streamlined access management by integrating AWS Identity Center and Azure AD with multi-factor authentication (MFA). For centralized security posture management, I utilized the cloud security posture management (CSPM) tool Wiz. Additionally, I collaborated with ransomware protection firm Cohesity to implement a multi-cloud ransomware backup strategy. Finally, I provided guidelines for securing microservice workloads in Kubernetes across AWS, Azure, and GCP.

Azure Landing Zone for Global Executive Search Firm

Designed secure landing zone solution for Azure Cloud Platform as part of security services offering, which includes Management group creation, subscription setup, and Policy as Code setup. Added security gates like Snyk, truffle hog, and Microsoft security center in DevOps and application pipelines as part of DevSecOps initiatives.

Zero Trust Architecture for Fintech Client

Designed a zero trust architecture for a fintech-based client (the US) and was instrumental in designing the network architecture using AWS services (Transit Gateway, VPN, Network Firewall Manager). I also worked on designing the landing zone setup for the client and implemented SSO using Azure AD.

Certifications

MAY 2024 - MAY 2026

Professional Cloud Security Engineer

Google Cloud

JANUARY 2024 - DECEMBER 2026

Certified in Cybersecurity

ISC2

DECEMBER 2022 - DECEMBER 2023

Microsoft Certified: Azure Security Engineer Associate

Microsoft

DECEMBER 2021 - DECEMBER 2023

Certified Kubernetes Security Specialist

CNCF

OCTOBER 2021 - OCTOBER 2024

AWS Certified Security - Specialty

AWS

Skills

Libraries/APIs

Jenkins Pipeline

Tools

Terraform, GCP Security, AWS CloudFormation, Amazon EKS, TruffleHog, Amazon CloudWatch, HashiCorp Vault

Platforms

Linux, Amazon Web Services (AWS), Azure, AWS Lambda, OpenStack, Oracle Cloud Infrastructure (OCI)

Languages

Bash Script, Python

Paradigms

DevSecOps, DevOps

Frameworks

AWS HA

Industry Expertise

Cybersecurity

Storage

Amazon Aurora

Other

AWS Cloud Security, Identity & Access Management (IAM), Azure Cloud Security, DevOps Engineer, Cloud Security, Security Architecture Assessment, Threat Modeling, Snyk, SecOps, Infrastructure as Code (IaC), Security, AWS Certified Advanced Networking - Specialty, Security Operations Centers (SOC), CSPM, SIEM, Ransomware Attack Response, Database Analytics, Mirantis Certified OpenStack Administrator, Compliance, Wiz Cloud Security Platform, SOC 1, PCI, Kubernetes Security, Zero Trust, AWS Transit Gateway, AWS VPN, AWS Control Tower, Business Continuity Planning (BCP)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring