Open to opportunities

Anuj Varma

@anujvarma

Enterprise security architect and multi-cloud architect delivering secure landing zones, migrations, and API/ML protection.

Zimbabwe

Message

What I'm looking for

I’m looking for a role where I can lead secure multi-cloud architecture—building landing zones, identity and zero-trust, API/ML protections, and migration plans—while balancing security outcomes with FinOps-driven cost efficiency in a collaborative, delivery-focused environment.

I’m an enterprise security and cloud architect with “28 years of n-Tier Apps, SOA, EAI and Database Development/Architecture” and “28 years of experience in designing, developing, and securing enterprise applications, distributed applications, web applications, Win32 software” and large database systems. I work at architect level design with hands-on delivery, mentoring, and performance-focused engineering across .NET and J2EE environments.

My core specialty is securing multi-cloud platforms end to end—public, hybrid, and containerized. I’ve owned “overall public cloud security posture,” “Threat Modeling,” encryption and key management (KMS, TLS/SSL automation), and landing zone designs (including “Cloud Landing Zones” and “Complete landing zones”), while building/leading zero-trust and identity foundations such as “Azure RBAC,” “SSO,” “Federation,” and “AD/ADFS to AAD Migration.” I also bring FinOps discipline (“FinOps Certified” / “FinOps Practitioner”) to balance security and cost.

In recent roles, I’ve architected and secured API and ML workloads—“AI/ML Security - Fraud and Anti Money Laundering SaaS security,” GCP/AWS/Azure networking, IAM, and encryption for ECS/GKE/Cloud Run style environments, plus MLOps and governance foundations (drift monitoring, audit frameworks, and responsible-AI style evaluation). From “Azure Landing Zone with AVD Implementation” and ExpressRoute/NSG/Fortinet designs to AWS reference architectures (Shared VPCs, Firewall Manager, GWLB) and Terraform-based delivery, I’m the architect who turns security requirements into reliable systems.

Experience

Work history, roles, and key accomplishments

Current

Enterprise Security Architect

Current

Empower Finance

Oct 2023 - Present (2 years 7 months)

Served as Enterprise Security Architect for cloud and API security, including threat modeling and risk documentation for 3+ dozen acquisition-based applications. Designed AWS security reference architectures (Shared VPCs, GWLB firewall patterns) and architected fraud/anti–money laundering AI/ML security using Vertex AI and SageMaker workflows with IAM and encryption controls.

Threat Modeling API Security AWS Security Terraform FinOps AI ML Security

API & ML Security Architect

CHS.net

Jun 2023 - Oct 2023 (4 months)

Owned API security for a healthcare HIPAA data pipeline, securing GKE clusters and healthcare API integrations and performing threat modeling for hosted and consumed APIs. Supported ML/dataflow transformations for reshaping and preparing datasets used by patient processing workloads.

API Security Threat Modeling GCP Networking GKE HIPAA Dataflow BigQuery Data Governance

Multi-Cloud Security Architect

Kimberly Clark

Mar 2021 - Jun 2023 (2 years 3 months)

Defined multi-cloud security standards for a SAP ecosystem migration and remediated over 1,000 Prisma CSPM findings across AWS and GCP. Led zero-trust evaluation and PoCs to reduce VPN reliance and created a GCP CIS benchmarking matrix covering 115 benchmarks, routing CIS violations through Security Command Center dashboards and remediation plans.

CSPM (Wiz Prisma)GCP VPC Service Controls AWS Security Security Operations

AD and Azure Identity Specialist

Andersen Corp

Oct 2020 - Mar 2021 (5 months)

Migrated 80+ SaaS and on-premises applications from ADFS SSO to Azure AD, implementing AAD Connect Sync/Cloud Sync, SCIM-based provisioning, and Conditional Access/RBAC. Built OAuth 2.0 provider protections and automated user/group onboarding with PowerShell and Microsoft Graph API.

ADFS To Azure AD Migration Azure AD Connect Cloud Sync Conditional Access OAuth 2.0 RBAC SSO PowerShell

GCP F5 Terraform Specialist

Box Inc.

Aug 2020 - Dec 2020 (4 months)

Implemented a Terraform-driven GCP deployment of F5 instances across 3 zones for high availability, including health checks, static/NAT IPs, SSH key setup, and automated F5 onboarding. Configured FedRAMP FIPS-2 compliant settings, APM module, HA, and modularized Terraform for repeatable environment provisioning.

Terraform High Availability Startup Scripts FedRAMP

AWS & GCP Security Architect

USAA

Aug 2019 - Aug 2020 (1 year)

Designed and implemented AWS and GCP security and infrastructure patterns, including EC2 automation with IAM roles and SSM profiles and Terraform-based DevSecOps workflows. Automated certificate lifecycle and encryption controls using AWS PKI/KMS, Venafi, AWS ACM, LetsEncrypt/Certbot, and GCP KMS/IAM for encrypted workloads and compliant key management.

AWS KMS DevSecOps GCP KMS & Encryption AWS SSM Automation

Principal Cloud Architect

SHI International

Jun 2017 - Aug 2019 (2 years 2 months)

Led a team of 8 cloud architects delivering 2+ dozen complex customer projects spanning AWS, Azure, and GCP landing zones, security audits, and cloud migrations. Provided FinOps cost-optimization and migration readiness assessments using multi-cloud governance, monitoring, and rightsizing tooling.

Multi Cloud Architecture AWS Landing Zones Security Audits Cost Aggregation Visualization

Docker Containerization Architect

Shell

Feb 2017 - May 2017 (3 months)

Containerized a .NET/SQL Server gas monitoring sensors application using Docker (Compose/Swarm) with production-ready Dockerfiles for SSL/TLS and Windows gMSA configuration. Automated host configuration via PowerShell and delivered monitoring and CI/CD using Prometheus-based container metrics and ADO pipelines.

Docker Docker Compose Docker Swarm Windows GMSA Production Dockerfile Design PowerShell Host Automation CI CD Pipelines

AWS Cloud Migration Architect

DSHS

Jun 2013 - Jan 2017 (3 years 7 months)

Conducted cloud readiness and migration strategy discovery by assessing ~200 applications (COTS/SaaS/custom) and mapping on-prem-to-cloud dependencies. Performed security architecture activities including HP Fortify/WebInspect assessments, WAF PoCs, IAM evaluations, and performance troubleshooting with centralized reporting via Tableau and CMDB approaches.

AWS Cloud Architecture Cloud Migration App Performance Troubleshooting Tableau Reporting CMDB Dependency Mapping DR HA Planning