Varun Chandak

Cloud Security Engineer specializing in Cloud security and Automation

Email: contact.varunchandak@gmail.com

Web: https://www.vrnchndk.in

About Me

Multi-cloud infrastructure expert with 10+ years of experience securing high-scale workloads across AWS, GCP and Azure. Evolved from a deep Linux systems engineering background into architecting automated, “secure-by- default” cloud platforms.

I specialize in integrating security benchmarks directly into the DevOps lifecycle through Infrastructure as Code (IaC) hardening, automated cloud governance, and platform-level threat mitigation. Proven track record of building resilient, scalable architectures that maintain rigorous security standards without sacrificing deployment velocity.

I am most skilled in AWS, Cloud Security, Automation, and DevOps.

Career Highlights

  • 10+ years across cloud security, platform engineering, and DevSecOps automation.
  • Built and scaled security programs across AWS, GCP, and Azure with measurable risk reduction.
  • Automated compliance and access-governance workflows that reduced manual review effort by approximately 90%.
  • Delivered practical, automation-first controls that improved security posture without slowing delivery.

Core Skills

  • Cloud Platforms: AWS, GCP, Azure
  • Cloud Security: Cloud Custodian, AWS Security Hub, AWS Config, GCP Security Command Center, Azure Sentinel, Defender for Cloud, DivvyCloud, CloudView, Rapid7, Elastic Stack, AI security governance
  • Endpoint and MDM: CrowdStrike Falcon, CyberArk EPM, Jamf, Kandji, Microsoft Intune
  • DevOps and IaC: Terraform, CloudFormation, GitHub Actions, Jenkins, GitLab, Docker
  • Identity and SaaS: Okta, AWS IAM Identity Center (SSO), Azure AD, SAML, CyberArk, Google Workspace, Microsoft 365
  • Programming and Automation: Python, Bash
  • Leadership and Delivery: Strategic planning, team leadership, stakeholder management, project execution, JIRA, Confluence

Detailed Cloud and Platform Stack

  • Amazon Web Services (AWS)
    • IAM, IAM Identity Center (SSO), Organizations, Control Tower
    • EC2, ALB, VPC, Route53, CloudFront
    • API Gateway, Lambda, ECS, ECR
    • RDS, DynamoDB, OpenSearch, Athena, S3, Glacier
    • Security Hub, GuardDuty, WAF, KMS, Config, CloudTrail
    • CloudFormation, CloudWatch, Backup, Budgets, Cost Explorer
  • Google Cloud Platform (GCP)
    • Cloud Armor, Cloud CDN, Cloud DNS, Load Balancing
    • Cloud Network, VPC, Cloud Functions, App Engine, Compute Engine
    • IAM, Security Command Center, Cloud SQL
    • Stackdriver
  • Microsoft Azure
    • Azure AD, Azure Sentinel, Defender for Cloud, Defender for Cloud Apps, Defender for Endpoint
    • Log Analytics Workspace
  • Tooling and Operations
    • GitHub and GitHub Actions, Jenkins, GitLab
    • Linux, macOS, Windows, shell scripting, Terraform
    • Google Workspace security and administration
    • JIRA, Confluence, Slack
    • Jamf MDM solution
    • SOC 2 and ISO 27001 audit support
    • CodeCommit, CodeBuild, CodeDeploy, CodePipeline
    • SES, SNS

Experience

TripleLift

Security Engineer

Jun 2024 - Present

  • Continuously matured the security program by deploying and tuning SIEM, EDR, and cloud monitoring controls for near real-time detection and response.
  • Hardened cloud infrastructure against CIS benchmark controls and drove closure of high-impact gaps across services.
  • Built and maintained internal security automation using GitHub Actions, Python, and Bash across cloud, identity, endpoint, and developer tooling.
  • Automated AWS security compliance scorecards and recurring reporting (Security Hub and AWS Config) to Google Sheets and Slack, saving approximately 3 to 4 hours weekly.
  • Implemented identity-driven access governance by reconciling Okta with access platforms and enforcing approval gates for high-impact actions.
  • Generated recurring User Access Review and permissions inventory reports for AWS and GitHub administrators for audit-ready evidence.
  • Standardized severity assignment for AWS Config findings imported into Security Hub to reduce noise and improve prioritization consistency.
  • Integrated security alert workflows into ticketing and monitoring pipelines to improve ownership and tracking of vulnerability findings.

Ollion (formerly CloudCover)

Lead DevSecOps Engineer

Aug 2021 - May 2024

  • Directed cloud security risk mitigation across AWS, GCP, and Azure, reducing vulnerabilities by 30% through posture management and automated patching.
  • Led and mentored a 6-member DevSecOps team with KRAs and growth planning, contributing to a 40% promotion rate.
  • Standardized audit and compliance procedures to support SOC 2 and ISO 27001 readiness, improving audit outcomes by 25%.
  • Delivered SaaS migrations and cloud modernization roadmaps for enterprise clients across regions and time zones.
  • Designed and implemented secure, resilient cloud infrastructure and governance controls for high-scale environments.

Ollion (formerly CloudCover)

Senior DevOps Engineer

Feb 2018 - Aug 2021

  • Built automation-first cloud infrastructure and operational tooling across AWS, GCP, and Azure.
  • Architected secure, scalable IaC foundations using Terraform and CloudFormation with reusable modules and templates.
  • Designed CI/CD strategies and deployment pipelines with Jenkins and ChatOps integration.
  • Implemented monitoring, logging, and alerting with CloudWatch, Stackdriver, and Elastic Stack to improve MTTR and RCA quality.
  • Executed cost optimization, capacity tuning, and high-availability improvements across multi-account environments.
  • Led on-premises/private-cloud to public-cloud migration initiatives with minimal downtime.

Ollion (formerly CloudCover)

DevOps Engineer

Feb 2017 - Feb 2018

  • Automated deployments with Jenkins and supported production monitoring using Nagios, NewRelic, and RunScope.
  • Built reusable Terraform and CloudFormation stacks for rapid environment provisioning.
  • Worked across infrastructure, security, and operations teams to deliver cloud solutions and reliability improvements.
  • Developed shell automation to reduce repetitive operational effort.

Ollion (formerly CloudCover)

SysOps Engineer

Feb 2016 - Feb 2017

  • Managed AWS compute, storage, and networking resources and improved operational consistency through CLI and shell automation.
  • Supported migration workloads from on-premises infrastructure to AWS.
  • Monitored and troubleshot infrastructure reliability and customer-impacting incidents.

Mithi Software Technologies Pvt. Ltd.

Systems Engineer

Apr 2014 - Jan 2016

  • Improved network and server uptime through proactive troubleshooting and performance optimization.
  • Supported storage and NAS management, Linux hardening, and operational maintenance.
  • Led migration efforts from hardware/on-premises infrastructure to AWS.
  • Deployed and managed ConnectXF (Mithi SkyConnect) environments on Linux.

Mithi Software Technologies Pvt. Ltd.

Linux Support Engineer

May 2013 - May 2014

  • Configured and supported Linux-based hosted email infrastructure.
  • Delivered remote deployments and reconfiguration for distributed client environments.
  • Monitored, managed, and troubleshot multi-server email and network systems.

Selected Projects

Multi-Cloud Security Governance and Compliance Engine (AWS)

  • Architected an automated governance framework across 12+ AWS accounts using AWS Config and Security Hub.
  • Centralized findings and standardized severity normalization through OIDC-authenticated workflows.
  • Built AI-assisted weekly trend summaries, executive scorecards, and Slack notifications.

Enterprise Identity Governance and Lifecycle Automation

  • Engineered automated offboarding workflows reconciling Okta identities with AWS IAM Identity Center and GitHub access.
  • Developed recurring User Access Review reporting with audit-ready exports, reducing manual review time by approximately 90%.
  • Streamlined GitHub organization administration with automated sync and approval gates for lifecycle and permission changes.

Automated Endpoint Security and Fleet Orchestration

  • Built a cross-platform inventory orchestrator for CyberArk EPM, Microsoft Intune, Kandji, and HR systems.
  • Automated endpoint workflows including scheduled upgrades and metadata-based grouping.
  • Added AI-assisted anomaly insights and action summaries for security channels.

Cloud Logging and SIEM Integration (Google Workspace and Rapid7)

  • Designed a log streaming pipeline for Google Workspace telemetry into Rapid7 through S3.
  • Automated API watch subscription renewals to avoid monitoring gaps.

Google Cloud Foundation Landing Zone

https://github.com/ollionorg/gcifi-lz

  • Provides a series of reference templates for Terraform stages and environments which reflect Google Cloud best practices.
  • Templates are used to quickly build a repeatable enterprise-ready foundation in Google Cloud.
  • Enables teams to focus on deploying applications on top of a pre-configured secure environment.

Streaming Service on AWS

  • This was for Asia’s leading video streaming service.
  • Multiple monolithic services were containerized on AWS.
  • Terraform was used extensively for the AWS infrastructure.
  • Jenkins was used to create Docker images and deploy them to the registry.
  • Automated deployments used Slack and Jenkins integration.
  • Periodic cost optimization, resizing, security reviews, and OS patching were carried out with minimal downtime.
  • Monitoring covered APIs and services via NewRelic and RunScope.
  • Tools: Jenkins, Slack, RunScope, NewRelic
  • Technologies: Shell scripting, Python, AWS, Node.js

Migration from On-Premises to Google Cloud

  • This was for an Indian diversified financial services company headquartered in Mumbai.
  • The goal was to migrate core infrastructure and multiple websites from on-premises data centers to Google Cloud.
  • Migrated workloads including Apache, MySQL, and Solr to Google Cloud.
  • Successfully set up Windows Server Failover Clustering as part of the migration.
  • Performed periodic cost optimization, security reviews, and OS patching with minimal downtime.
  • Tools: Ansible, shell scripting
  • Technologies: Google Cloud

Video Rendering Farm on AWS

  • Leveraged elastic AWS compute power by launching a fleet of 50+ c4.8xlarge EC2 instances.
  • Used proprietary software with deep Linux integration.
  • Used shared storage for rendering output.
  • Tools: Thinkbox Deadline, Aspera, Maya
  • Technologies: Shell scripting, AWS

In-house Security and Automation Programs

  • Successfully integrated Google Workspace with AWS, Azure AD, Slack, GitHub, Jira, and Confluence for automatic access control and user provisioning.
  • Leveraged Cloud Identity and Google Workspace to implement zero-trust and SAML 2.0-based access patterns across internal applications.
  • Drove automatic access enablement for internal tooling when users were onboarded in the identity provider.
  • Took ownership of organization-wide security best practices across tooling and public cloud environments.

Active Participation in Compliance and Audits

  • Took initiative to help the organization stay compliant with audits such as ISO 27001, SOC 2, and HITRUST.
  • Contributed to maintaining the risk register and developing policies and processes in coordination with HR and IT teams.

Installation of ConnectXF

https://skyconnect.mithi.com/

  • Set up multiple Linux machines and installed Mithi ConnectXF on client machines and in-house mail servers.
  • Ensured the Linux machines were hardened and secured using industry best practices.

Mini Projects

Sudoku Solver

Mileage Calculator

Housie Caller

Housie Prize Splitter

Certifications

AWS

  • Security Specialty, DevOps Engineer Professional, SysOps Administrator Associate, Developer Associate, Advanced Networking Specialty, Solutions Architect Professional, Solutions Architect Associate

Google Cloud

  • Associate Cloud Engineer, Professional Cloud Security Engineer, Professional Google Workspace Administrator

Microsoft

  • Security, Compliance, and Identity Fundamentals (SC-900)

HashiCorp

  • Terraform Associate (002)

Education

Bachelor of Technology (Information Technology)

Poornima Institute of Engineering and Technology, Jaipur, Rajasthan

2007 - 2011

Beyond Work

Outside engineering and security work, I enjoy:

  • Long bike rides
  • Table tennis
  • Fitness training
  • Board games and strategy games
  • Automating stuff and exploring latest tech

Varun Chandak - contact.varunchandak@gmail.com - References on request