Summary
Overview
Work history
Education
Skills
Certification
Accomplishments
Timeline
Generic
Viraj Gosavi

Viraj Gosavi

Abu Dhabi,UAE

Summary

Cloud & Security Specialist professional with 10+ years of experience designing, securing, and operating large-scale Azure cloud infrastructures, hybrid networks, modern workplace environments, and enterprise security platforms across government and large enterprise organizations. Deep technical expertise in Azure Landing Zones, AKS, APIM, Azure AD B2C, WAF, Azure Firewall, ExpressRoute, and M365 E5 security stack including Defender, DLP, and Zero Trust identity governance.

Experienced in leading security operations, incident response, vulnerability management, access governance, and lifecycle management of 1,000+ users in Azure AD/Entra ID. Strong alignment with cloud security frameworks (ISO 27001, NIST, CIS) and driving compliance, uptime, DR resilience, and cost‑efficient cloud operations.

Overview

11
11
years of professional experience
4031
4031
years of post-secondary education
1
1
Certification

Work history

Senior Cloud & Security Specialist

Alpha Data (Client - Department of Culture and Tou
Abu Dhabi
2024.07 - 2026.04
  • Architected secure Azure Landing Zones with CAF governance, RBAC, Azure Policy, management groups, tagging & cost controls.
  • Designed full-stack Azure solutions including AKS, APIM, Azure AD B2C, Front Door, Application Gateway WAF, Azure Firewall, load balancers, hybrid connectivity & private networking.
  • Built resilient hybrid networks using ExpressRoute, VPN, BGP & multi-region routing.
  • Implemented Zero Trust across identity, endpoints, apps, networks & workloads.
  • Enforced M365 E5 security including Defender for Endpoint/Cloud Apps/O365, DLP, AIP, threat protection & secure score improvements.
  • Conducted vulnerability scans, compliance checks & security baselines aligned to NIST & ISO 27001.
  • Managed full lifecycle of Azure AD identities across enterprise workloads.
  • Enforced Conditional Access, PIM, hybrid identity, SSO & MFA for users and privileged accounts.
  • Implemented external identity trust with B2C custom policies.
  • Designed multi-region DR using Azure Backup, Azure Site Recovery, Recovery Plans & automated failover testing.
  • Built enterprise dashboards using Azure Monitor, Log Analytics & Dynatrace.
  • Integrated Sentinel SIEM, configured alerts, automation rules & investigation workflows.
  • Led incident investigations, root-cause analysis & forensic reviews across cloud workloads.

Cloud Infrastructure Engineer

HALIAN (Client - Abu Dhabi National Energy Company TAQA)
Abu Dhabi
2020.12 - 2024.06
  • Responsible for implementing, designing and managing On-Premise environment (like Active Directory for Users and Computers, ADDS, Group Policy Management, configure OnPrem File & Print servers, ADFS, Single Sign-on and SCCM related services).
  • Implementing, designing and supporting cloud environment (MS Azure & Office 365 admin center components like Endpoint/Tune Management including Enterprise Apps SSO implementation, Teams Admin Center, Exchange Admin Center, Teams Admin Center, Azure AD).
  • Worked on On-Prem to Cloud VM migration project using Azure AD Connect and was responsible for setting up Azure environment, configuring and managing Hybrid environment.
  • Working closely with IT Security team, have designed and implemented M365 security components like MS Defender for Endpoint, MS Defender for Cloud Apps, MS Defender for Office 365, IAM Management (PIM, MFA, Conditional Access Policy, RBAC) and DLP solutions and Advanced Threat Protection.
  • Designed and implemented MS Exchange Hybrid migration & configuring and managing O365 Exchange security policies, permissions, and performing eDiscovery and defining retention policies.
  • Implemented & configured system/Exchange (Azure and Veeam) backups are performed regularly by corporate backup software and stored securely.
  • It also comprises designing & deploying Azure PaaS & SaaS resources with implementing automatic deployment of VMs using ARM templates, configuring VMs, creating and configure containers, Azure App service, Azure and Veeam backups, and networking.
  • Implementation of Modern Workplace Infrastructure so far implemented - Endpoint Management, M365, Autopilot, Azure AD integration.

Infrastructure Engineer

Ministry of Education NZ
Auckland, NZ
2019.08 - 2020.10
  • Worked on Office 365 & Exchange 2016 (Hybrid), Email Archiving, Microsoft Infrastructure products like Active Directory, ADFS, SCCM, BitLocker, LAPS, CA, Windows Server Administration/Wintel.
  • Worked on Exchange Server migration project from On-Prem to Exchange online.
  • Implemented Poly Trio meeting room system for Office meeting rooms.
  • Involved advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense in depth and common security elements.

Systems Support Engineer

Fujitsu NZ
Auckland, NZ
2017.07 - 2019.07

IT Engineer

Convergys India Pvt. Ltd.
Mumbai
2015.06 - 2015.11

Education

Graduate Diploma in Computing - Cloud Computing

Unitec Institute of Technology
New Zealand

Bachelor of Science - Information Technology

University of Mumbai
India

Skills

Microsoft Azure

  • Cloud Infrastructure enthusiast with experience of designing, implementing, and supporting MS Azure Cloud Infrastructure - IAAS, PAAS, SAAS with proven experience
  • Designing, Implementing, and Supporting On-Prem to Azure Cloud migrations
  • Experience and knowledge of Azure PaaS Services - Azure Web Apps, Azure Cloud Services, web/worker roles, Azure SQL, and application hosting models
  • Architected secure Azure network infrastructures including hub-and-spoke and mesh topologies, multi-tier VNet/subnet designs, VNet peering (regional/global), IP planning segmentation using NSGs/ASGs, Private Endpoints/Private Link, and hybrid routing models using UDRs, route tables, BGP, and forced tunneling
  • Implemented advanced network security and traffic management with Azure firewall (DNAT/SNAT, App Rules, Network Rules), Application Gateway WAF (OWASP/custom rules, end-to-end TLS/SSL Load Balancers, Front Door, Traffic Manager, and NVAs for deep inspection and custom routing, ensuring global availability, security, and performance
  • Delivered resilient hybrid connectivity and deep operational visibility through ExpressRoute (Microsoft/Private Peering, ER VPN coexistence, S2S & P2S VPNs with active-active gateways), and advanced troubleshooting using Network Watcher (packet capture, NSG flow logs, connection validation), while integrating ACR, APIM, AKS, Functions, and Services via private networking and VNet integration

Advanced Azure Implementations

  • Implemented Azure API Management for centralized API gateway management including policies (throttling, header rewrites, JWT validation, VNet integration, private endpoints, custom domains, and Developer Portal publishing
  • Deployed and customized Azure AD B2C for external user identity management with MFA, Conditional Access, custom policies (IEF), API connectors, SSO integration, and claims transformations
  • Designed and executed Azure Disaster Recovery architecture using Azure Backup, geo- redundant storage, automated failover routing, cross-region DR designs, and periodic DR drills with documented RTO/RPO compliance
  • Designed and deployed Azure Site Recovery for business-critical workloads with replication policies, multi-VM consistency groups, Recovery Plans, test failovers, fallback operations, and network mapping for seamless DR
  • Designed and customized Azure Virtual Desktop with host pools (pooled/personal), FSLogix profiles, Azure Files Premium, MSIX App Attach, scaling plans, Image management (AIB Shared Image Gallery), and integrated security with Defender and Conditional Access

Microsoft 365 Security

  • Expert in deploying and managing the full Microsoft 365 E5 Defender suite including Defender for Endpoint, Defender for Office 365, and Defender for Cloud Apps, enabling advanced threat protection and automated risk mitigation
  • Strong experience designing and enforcing enterprise DLP, Information Protection (AIP), Safe Links, Safe Attachments, and email security governance across large organizations
  • Advanced identity security skills using Azure AD/Entra ID, including MFA, Conditional Access, RBAC, SSO, user lifecycle governance, and Privileged Identity Management (PIM)
  • Skilled in SIEM/SOC operations with Microsoft Sentinel, performing alert triage, threat investigation, incident response, and forensic log analysis for cloud and M365 workloads
  • Hands-on with Endpoint Management (Intune) for device compliance, Autopilot, configuration baselines, and modern workplace security aligned with ISO 27001, NIST, and CIS frameworks

Certification

  • ISC2 - CERTIFIED IN CYBERSECURITY
  • Microsoft Certified: Azure Administrator Associate
  • Microsoft Certified: Cybersecurity Architect Expert
  • Cisco Certified Network Associate (CCNA)
  • AWS Certified Solutions Architect - Associate
  • CompTIA Security+ Certification
  • Qualys Certified Specialist: VMDR
  • Microsoft Certified: Azure Solutions Architect Expert
  • Microsoft Certified: Security, Compliance, and Identity Fundamentals.
  • Microsoft Certified: DevOps Engineer Expert
  • Microsoft Certified: Azure Identity & Access Administrator Associate

Accomplishments

Zayed National Museum & Natural History Museum Ticketing Platform, Azure Architecture Delivery, API & Secure Cloud Design

  • Built the Azure foundation for Museums' ticketing system with APIM-secured APIs, Azure AD B2C for identity, App Services for backend logic, and Private Endpoint/Private Link-based connectivity.
  • Ensured secure visitor authentication and high-performance ticket validation workflows.

Zayed National Museum & Natural History Museum Website Launch, Azure Hosting & Platform Deployment

  • Architected and deployed the complete Azure platform for the museums' public website, including App Services, VNet-integration, WAF/Front Door protections, CDN acceleration, Key Vault integration, and full monitoring using Azure Monitor, Log Analytics, and Dynatrace. Delivered a highly available, secure, and optimized launch platform.

Zayed National Museum & Natural History Museum Speed Gate System, Access Control & Real-Time Integration

  • Integrated museum speed gates with Azure APIs, enabling secure entry/ exit operations. Designed API routes via APIM, optimized latency through VNet routing, and ensured real‑time synchronization between ticketing systems and gate‑control hardware.

Infrastructure Migration from On-Premises to Azure, Cloud Transformation & Modernization Program

  • Led the end‑to‑end migration of on‑premises infrastructure to Microsoft Azure, modernizing legacy systems into scalable, secure, cloud‑native architectures. Enabled a full cloud transformation program with improved performance, automation, DR readiness, and operational efficiency across enterprise workloads.

Microsoft Fabric Integration with Azure Services, Unified Reporting Architecture

  • Designed and implemented Microsoft Fabric integration with Azure to streamline analytics and reporting pipelines. Connected Azure Data Lake, Azure SQL, and operational systems into Fabric workspaces, enabling unified data modeling, semantic layers, real-time dashboards, and cross-domain reporting for business and museum operations.

Cross-Tenant User Migration, Identity & Access Consolidation

  • Executed a seamless cross‑tenant user migration by consolidating identities, permissions, and access policies into a unified Azure AD structure. Strengthened security and governance through standardized Conditional Access, MFA, and role-based access controls across all merged tenants.

Azure Arc Deployment & Microsoft Sentinel Implementation, Hybrid Governance & Policy Control

  • Deployed Azure Arc to unify governance and policy enforcement across hybrid servers, Kubernetes clusters, and multi‑cloud resources under a single Azure control plane. Implemented Microsoft Sentinel as the centralized SIEM, enabling integrated threat detection, automated incident response, and end‑to‑end security visibility across on‑prem and cloud workloads.

Timeline

Senior Cloud & Security Specialist

Alpha Data (Client - Department of Culture and Tou
2024.07 - 2026.04

Cloud Infrastructure Engineer

HALIAN (Client - Abu Dhabi National Energy Company TAQA)
2020.12 - 2024.06

Infrastructure Engineer

Ministry of Education NZ
2019.08 - 2020.10

Systems Support Engineer

Fujitsu NZ
2017.07 - 2019.07

IT Engineer

Convergys India Pvt. Ltd.
2015.06 - 2015.11

Graduate Diploma in Computing - Cloud Computing

Unitec Institute of Technology

Bachelor of Science - Information Technology

University of Mumbai

Similar Profiles

Create profile
Viraj Gosavi