Srinivas Yenuganti
IT Infra, Cloud & Security Architect · Azure, DevOps & Information Security

IT Infrastructure, Cloud & Security Architect with 21+ years across enterprise IT, hybrid cloud, and information security — including 8+ years designing and operating Microsoft Azure platforms. Specialises in target-state cloud architecture and Azure landing zones, Infrastructure-as-Code (IaC), DevSecOps, network and security baselines, identity and Zero Trust, observability / SIEM, and business continuity and disaster recovery (BCDR) across multi-customer SaaS environments. Combines architecture leadership with hands-on engineering across Terraform, WAF, and KQL. Delivers solutions aligned to HIPAA, ISO 27001, HITRUST, and SOC 2, with proven leadership of certification programmes and information security operations (SOC, SIEM, NGFW, DLP, PAM).

Core Competencies
  • Cloud Architecture & IaC: Design Azure landing zones and hub-spoke reference architectures with subscription / management-group topology and policy guardrails, codified as reusable Terraform modules and Bicep templates (parameterised, source-controlled, PR-reviewed).
  • DevSecOps & Release Engineering: Define CI / CD and DevSecOps standards implemented as Azure DevOps YAML pipelines with SonarQube quality gates, branch policies, environment approvals, and GitOps-style promotion across staging / production.
  • Network & Edge Security: Architect secure ingress and segmentation — Front Door and Application Gateway WAF (OWASP CRS with custom rules, exclusions, geo-filtering), Azure Firewall, and Private Link / Private Endpoint topology.
  • Identity & Zero Trust: Define and implement the Zero Trust identity model — Microsoft Entra ID RBAC, Privileged Identity Management (PIM), Conditional Access (sign-in risk, named locations, device compliance), and Azure AD B2C.
  • Observability & SecOps: Establish monitoring and detection standards — Application Insights metrics, Azure Monitor alert rules, Log Analytics KQL, and Microsoft Sentinel analytics / hunting rules.
  • Resilience & BCDR: Design BCDR architecture with defined RPO / RTO — Azure Backup policies, Azure Site Recovery (ASR) replication, and Key Vault secret rotation, validated through recovery drills.
Credentials
AZ-305 – Azure Solutions Architect Expert (Microsoft)
AZ-400 – Azure DevOps Engineer Expert (Microsoft)
AZ-500 – Azure Security Engineer Associate (Microsoft)
AZ-104 – Azure Administrator Associate (Microsoft)
Azure AI Engineer Associate – Microsoft
AWS Certified SysOps Administrator – Associate (Amazon Web Services)
CEH – Certified Ethical Hacker (EC-Council)
FortiGate – Network Security Engineer (Fortinet)
Professional Experience
Cloud Engineer (Azure / DevOps) Jun 2025 – Present
iSpace, Inc. – Los Angeles / El Segundo, CA, USA
  • Engineer and operate Azure infrastructure for iSpace’s proprietary healthcare-payer SaaS platform across U.S. customer environments.
  • Provision customer subscriptions and environments — author IaC modules and runbooks; configure logical segregation, RBAC role assignments, and policy-based access controls per customer.
  • Build and harden application ingress — Azure Front Door, Application Gateway with WAF (OWASP CRS + custom rules, exclusions), Private Link / Private Endpoints, Azure Firewall rule collections, and S2S / P2S VPNs.
  • Operate platform compute and integration: App Services, Functions, and Logic Apps; diagnose end-to-end issues using Application Insights traces and Log Analytics KQL queries.
  • Operate platform data and integration layer: Azure SQL, Cosmos DB, Azure Data Factory pipelines, and Blob Storage — tune throughput, indexing, and ADF triggers.
  • Write IaC modules to standardise staging and production deployments — parameterised, source-controlled, validated through PR review.
  • Author and tune Azure DevOps CI / CD YAML pipelines with SonarQube quality gates; debug release failures and execute controlled roll-forward / roll-back.
  • Instrument observability — Application Insights custom metrics, Azure Monitor alert rules, KQL queries, and Microsoft Sentinel analytics rules for security telemetry.
  • Configure Microsoft Entra ID (and Azure AD B2C where applicable) — RBAC role assignments, Conditional Access policies (sign-in risk, named locations, device compliance), MFA, and least-privilege role design.
  • Configure and validate Azure Backup policies and Azure Site Recovery (ASR) replication; run recovery drills and document RPO / RTO outcomes.
Senior Manager, IT Infra, Cloud & Security Mar 2022 – May 2025
iSpace Software Solutions India Pvt Ltd – Hyderabad, India
  • Led a team of 15 engineers and administrators across IT infrastructure, cloud, and security operations, supporting 24×7 SaaS delivery environments; designed, deployed, and supported Azure infrastructure including VMs, networking, serverless (Function Apps / Logic Apps), and integration workflows.
  • Established SOC and NOC frameworks using Microsoft Sentinel, SentinelOne, CyberArk PAM, and Splunk SIEM — improving threat visibility and reducing mean time to detect (MTTD) and respond (MTTR) across security incidents.
  • Implemented Zero Trust, IAM, and PIM models using Microsoft Entra ID with on-prem Active Directory integration; enforced SSO, RBAC, MFA, and Conditional Access for least-privilege governance.
  • Deployed cloud and edge security controls using Azure Front Door, Private Endpoints, Azure Firewall, Fortinet NGFW, Forcepoint DLP, and Proofpoint Email Security.
  • Embedded DevSecOps into Azure DevOps CI / CD pipelines (Git / GitOps) with SonarQube code quality / security checks and automated vulnerability scanning.
  • Configured monitoring and security monitoring using Azure Monitor, Log Analytics Workspace, and Azure Sentinel; performed vulnerability assessments using Nessus and coordinated remediation.
  • Led ISO 27001, HITRUST, and SOC 2 certification programmes — audit coordination, finding remediation, and continuous compliance posture.
  • Supported cloud adoption and on-premises → Azure workload migrations with controlled cutover and minimal downtime.
Head – IT Infra Operations Nov 2021 – Mar 2022
LCGC Resolute Appliance LLP – Hyderabad, India
  • Managed day-to-day IT infrastructure operations covering systems, networking, and virtualization support to maintain availability and performance of enterprise services.
  • Supported security administration activities including firewall / security controls and access controls in accordance with organizational procedures.
  • Managed identity and access administration using Active Directory-based processes (provisioning, permissions updates, policy enforcement).
  • Supported backup / recovery readiness and participated in DR / BCP activities to maintain continuity during outages and disruptions.
Manager — IT Infrastructure, Cloud & Security Operations Dec 2014 – Nov 2021
GGK Technologies – Hyderabad, India
  • Owned end-to-end IT infrastructure, cloud, and security operations across Azure and GCP, leading enterprise digital transformation programmes over a 7-year tenure.
  • Led full datacenter modernisation and migration to Microsoft 365 and Azure — decommissioning on-premises workloads, consolidating estate, and improving reliability while reducing on-premises maintenance overhead.
  • Achieved ISO 27001, HITRUST, and SOC 2 certifications through governance framework design, risk management, control implementation, and audit readiness programmes — establishing an audit-ready compliance posture for enterprise customer onboarding.
  • Implemented Fortinet NGFW, Endpoint Detection & Response (EDR), and Data Loss Prevention (DLP) to strengthen perimeter security and data protection posture.
  • Built automation frameworks using PowerShell, Ansible, and Azure Policy for monitoring, configuration management, drift detection, and compliance tracking.
  • Managed enterprise infrastructure operations (systems, network, virtualization) and Active Directory identity / access; coordinated incident, change, and DR / BCP activities across the estate.
Senior System Administrator Mar 2014 – Nov 2014
Gensource Pharma Solutions Pvt Ltd – Hyderabad, India
  • Administered and supported Windows / Linux environments to maintain availability of business services; performed troubleshooting, monitoring, and operational support.
  • Supported infrastructure reliability initiatives as applicable; assisted with maintenance and issue resolution.
  • Supported security administration activities including firewall / security controls and endpoint protection practices per procedures.
  • Performed identity and access management tasks using Active Directory and supported backup / recovery readiness.
Datacenter Administrator Apr 2011 – Mar 2014
Ramky Group – Hyderabad, India
  • Oversaw complete datacenter operations including Exchange, SAN storage, network security, and enterprise application hosting.
  • Led mail platform migration from Linux to Exchange 2010 and implemented MPLS WAN connectivity across branch offices.
  • Supported day-to-day datacenter operations: server / storage / network administration, environmental and hardware monitoring, scheduled maintenance, change windows, and end-user support; coordinated with internal teams / vendors and OEMs.
  • Administered identity and access using Active Directory; supported security administration, backup / recovery, and continuity activities for datacenter-hosted services.
System Administrator Mar 2010 – Apr 2011
GCET – Hyderabad, India
  • Supported IT infrastructure operations, systems administration tasks, basic network troubleshooting, access administration, and operational documentation.
  • Supported endpoint security practices and backup / recovery readiness activities as required.
System Administrator Aug 2006 – Feb 2010
JB Group of Institutions – Hyderabad, India
  • Managed and supported on-prem IT infrastructure operations including system setup / configuration support, troubleshooting, routine maintenance, and user support.
  • Supported connectivity troubleshooting, access administration, endpoint protection practices, and backup / recovery support tasks.
Support Engineer (Database Administrator) Jun 2005 – Jul 2006
IDenizen Smartware Pvt Ltd – Bengaluru, India
  • Provided technical support for IT systems and end users including incident logging, troubleshooting, and resolution of hardware / software and connectivity issues.
  • Assisted with installation / configuration of user systems; escalated complex issues per support procedures.
  • Maintained support documentation and performed preventive maintenance / support tasks as assigned.
Technical Skills
Cloud Platform & Architecture
Microsoft Azure; Azure Landing Zones; Enterprise Architecture; Cloud Governance; Cloud Center of Excellence (CCoE); Hybrid Cloud; FinOps / cost governance; environment standardization; incident response; change management; runbooks / SOPs
DevOps / CI-CD & IaC
Azure DevOps (Repos / Pipelines / Artifacts); Git; GitOps workflows; SonarQube integration; release & deployment coordination; Terraform; Bicep
App Hosting, Data & Integration
Azure App Services; Azure Functions; Azure Logic Apps; API integrations; Azure SQL Database; Azure Cosmos DB; Azure Data Factory (ADF); Azure Storage (Blob / File)
Networking & Edge Security
VNet / Subnets; NSG; routing; DNS; Load Balancing; Azure Front Door; Application Gateway; WAF; Private Link / Private Endpoints; Azure Firewall; VPN (S2S / P2S)
Identity & Access Management
Microsoft Entra ID (Azure AD); Azure AD B2C (as applicable); Active Directory integration; RBAC; Conditional Access; MFA / SSO; access governance
Monitoring / Observability & SIEM
Application Insights; Azure Monitor; Log Analytics Workspace; Azure Sentinel; alerting; diagnostics & log analysis
Backup, DR & Secrets
Azure Backup; Azure Site Recovery (ASR); business continuity / DR planning; Azure Key Vault (secrets & certificates)
Security & Compliance
Zero Trust; secure configuration baselines; network segmentation; least-privilege access; Microsoft Defender for Cloud; Microsoft Sentinel; SentinelOne; CyberArk (PAM); Proofpoint; Forcepoint DLP; vulnerability management (Nessus); HIPAA / HITRUST / SOC 2 / ISO 27001 / PCI DSS-aligned operations