Mohannad Emhemed

MOHANNAD EMHEMED

I am a

Cloud Infrastructure Engineer | Hybrid Connectivity | Automation & Security

Manchester, United Kingdom

mohannad.emhemed@gmail.com

+44 7737 103 208

LinkedIn Credly GitHub

About Me

Cloud Infrastructure Engineer delivering governed multi-account platforms, resilient hybrid connectivity, and automated operations across AWS, Azure, and on-premises estates.

Recent work includes rolling out AWS IAM Identity Center with Microsoft Entra ID, scaling AWS Control Tower landing zones, automating tag compliance with Config and Step Functions, and securing traffic through Transit Gateway, Network Firewall, and Sentinel integrations to keep regulated workloads available and auditable.

Certifications

AWS Solutions Architect Professional AWS DevOps Engineer Professional AWS Advanced Networking Specialty AWS Security Specialty AWS Machine Learning Specialty AWS ML Engineer Associate AWS Data Engineer Associate AWS Solutions Architect Associate AWS Developer Associate AWS SysOps Administrator AWS AI Practitioner AWS Cloud Practitioner Microsoft Azure AI Fundamentals Google Cloud Digital Leader Google Cloud Generative AI Leader Cisco CCNP Enterprise Cisco Enterprise Core Cisco Enterprise Advanced Cisco CCNA Cisco DevNet Associate Cisco CyberOps Associate ITIL 4 Foundation ITIL 4 Specialist Terraform Associate CompTIA A+ CompTIA Network+ CompTIA Security+ CompTIA Linux+ CompTIA Server+ CompTIA Cloud Essentials+ CompTIA Project+ CompTIA IT Operations Specialist CompTIA Linux Network Professional CompTIA Network Infrastructure Professional CompTIA Secure Infrastructure Specialist CompTIA Systems Support Specialist JNCIA-Junos JNCIA-SEC JNCIA-DevOps Aviatrix Multi-Cloud Network Associate Aviatrix Multi-Cloud Automation GitHub Foundations Google & CompTIA Dual Credential Google IT Support

Certification Details

AWS Certifications (12x)

  • AWS Certified Solutions Architect - Professional
  • AWS Certified DevOps Engineer - Professional
  • AWS Certified Advanced Networking - Specialty
  • AWS Certified Security - Specialty
  • AWS Certified Machine Learning - Specialty
  • AWS Certified Machine Learning Engineer - Associate
  • AWS Certified Data Engineer - Associate
  • AWS Certified Solutions Architect - Associate
  • AWS Certified Developer - Associate
  • AWS Certified SysOps Administrator - Associate
  • AWS Certified AI Practitioner
  • AWS Certified Cloud Practitioner

Cisco Certifications (6x)

  • Cisco Certified Network Professional Enterprise (CCNP)
  • Cisco Certified Specialist - Enterprise Core
  • Cisco Certified Specialist - Enterprise Advanced Infrastructure
  • Cisco Certified Network Associate (CCNA)
  • Cisco Certified DevNet Associate
  • Cisco Certified CyberOps Associate

Microsoft Azure Certifications (4x)

  • Microsoft Certified: Azure Fundamentals (AZ-900)
  • Microsoft Certified: Azure AI Fundamentals (AI-900)
  • Microsoft Certified: Azure Data Fundamentals (DP-900)
  • Microsoft Certified: Azure Security Fundamentals (SC-900)

Google Cloud Certifications (2x)

  • Google Cloud Digital Leader
  • Google Cloud Generative AI Leader

CompTIA Certifications (12x)

  • CompTIA A+
  • CompTIA Network+
  • CompTIA Security+
  • CompTIA Linux+
  • CompTIA Server+
  • CompTIA Cloud Essentials+
  • CompTIA Project+
  • CompTIA IT Operations Specialist (CIOS)
  • CompTIA Linux Network Professional (CLNP)
  • CompTIA Network Infrastructure Professional (CNIP)
  • CompTIA Secure Infrastructure Specialist (CSIS)
  • CompTIA Systems Support Specialist (CSSS)

Juniper Certifications (3x)

  • JNCIA-Junos (Junos)
  • JNCIA-SEC (Security)
  • JNCIA-DevOps (Automation and DevOps)

Other Certifications

  • ITIL 4 Foundation Certificate in IT Service Management
  • ITIL 4 Specialist: Create, Deliver and Support
  • HashiCorp Certified: Terraform Associate
  • Aviatrix Multi-Cloud Network Associate
  • Aviatrix Multi-Cloud Network Automation Specialty
  • Google & CompTIA Dual Credential
  • GitHub Foundations
  • Google IT Support Professional Certificate

Professional Experience

09/2024 – Present

Cloud Infrastructure Engineer

Northern Gas Networks - Leeds, England

  • Led design and implementation of AWS Control Tower Landing Zone, integrating with existing AWS Organization to establish standardized baselines for governance and scalable growth
  • Architected and deployed centralized tag compliance monitoring and automated remediation system using AWS Config, Lambda, Step Functions, SSM Automation Documents, EventBridge, and SNS, managing comprehensive tag policies across EC2, ENI, EBS, RDS, DynamoDB, FSx, and EFS resources
  • Designed and implemented centralized private connectivity solution using VPC Interface Endpoints across multiple VPCs, regions, and accounts, enhancing security and reducing data transfer costs
  • Engineered hybrid DNS architecture integrating Active Directory Domain Controllers with AWS Route 53, including VPC DHCP options configuration for seamless on-premises and cloud DNS resolution
  • Led centralized network egress initiative using Transit Gateway and AWS Network Firewall, improving security posture and network traffic visibility
  • Designed and implemented AWS SSO integration with Microsoft Entra ID using SAML 2.0 and SCIM for automated user provisioning and centralized access management
  • Spearheaded migration from AWS CodeCommit to GitLab and CloudFormation to Terraform, modernizing infrastructure-as-code practices and improving deployment workflows
  • Developed automated RDS instance update notification system using EventBridge, Lambda, and SNS for proactive database maintenance management
  • Managed and optimized Site-to-Site VPN and AWS Direct Connect connections, ensuring reliable hybrid cloud connectivity
  • Led Microsoft Sentinel integration with AWS for centralized log aggregation, SOC alerts, and security event monitoring across multi-cloud environment
  • Orchestrated migration of DNS domains from third-party registrars to AWS Route 53, consolidating DNS management and improving reliability
  • Migrated AWS WAF ACLs and rules from Classic (v1) to WAF v2 following AWS WAF Classic retirement, ensuring continued web application protection
  • Enhanced security posture by removing root user credentials from all AWS accounts except the management account, implementing security best practices
  • Managed AWS Security Hub for Cloud Security Posture Management (CSPM), including evaluation of new Security Hub preview features
  • Administered AWS Trusted Advisor for operational excellence, cost optimization, and compute optimization recommendations
  • Upgraded Elastic Load Balancer (ELB) security policies to meet higher security standards and compliance requirements
  • Deployed and managed Azure Monitoring Agent (AMA) on AWS instances and on-premises infrastructure, integrating with Azure Arc, Azure Analytics Workspace, and Azure Data Collection Rules
  • Managed Azure environment lifecycle, securing access between AWS instances, on-premises infrastructure, and Sentinel SIEM platform
  • Collaborated with technology partners to design, evaluate, and implement cloud solutions aligned with business objectives
05/2023 – 09/2024

Cloud Infrastructure Engineer

Connex One - Manchester, England

  • Designed, deployed, and maintained highly available, fault-tolerant, and scalable cloud infrastructure solutions on AWS
  • Implemented and automated CI/CD pipelines using GitLab, Jenkins, Terraform, and CloudFormation for Infrastructure as Code (IaC)
  • Automated tasks using Python, Bash, and PowerShell across cloud infrastructure, network administration, and server management
  • Configured and managed Azure, GCP and AWS services: VPC, EC2, IAM, S3, EBS, EFS, API Gateway, Lambda, CloudFront, Cognito, CloudWatch, SQS, SNS, System Manager, Config, S2S VPN, WAF, Client VPN, VPC Peering, Private Link, Control Tower, AWS Organization, SSO, NAT Gateway, and Transit Gateway
  • Performed end-to-end AWS migrations, including planning, testing, and execution
  • Administered network devices (Cisco WAPs, Routers, Switches) and configured networking protocols (EtherChannel, VLANs, VTP, NTP, BGP, OSPF, STP, RSTP, QoS, HSRP, EIGRP)
  • Managed firewalls (Cisco ASA, Sophos, Juniper, Palo Alto, FortiGate) and configured NAT rules, VPN filtering, ACLs, and S2S VPN tunnels
  • Performed Linux server administration (Ubuntu, CentOS, SUSE, Red Hat), Radius server and containerization (Docker, Kubernetes)
  • Configured and managed VOIP/Telephony solutions (SIP, WebRTC, QoS, Voice VLAN)
02/2021 – 05/2023

IT Support Associate II

Amazon - Liverpool, United Kingdom

  • Led troubleshooting efforts and ensured seamless operation of network and server infrastructure, including various Linux, Mac and Windows operating systems
  • Proactively monitored and managed infrastructure devices, encompassing Cisco, Commodity, HPE, and Juniper technologies
  • Demonstrated commitment by responding to after-hours and weekend emergencies, upholding high system availability
  • Played key role in shaping technical strategies aligned with company mission and objectives
07/2016 - 11/2020

IT Consultant

Sendian - Tripoli, Libya

  • Estimated project costs and budgeted based on client needs, supporting various Linux, Mac and Windows operating systems
  • Ensured architectural compatibility and resolved issues effectively
03/2011 - 07/2016

IT Systems Administrator

Dar Africa - Tripoli, Libya

  • Established service level agreements and planned technology upgrades
  • Managed diverse environment with various Linux distros and Windows operating systems
  • Aligned technology with business growth

Key Projects & Achievements

Personal Portfolio Website

Architected and deployed production-ready static website using AWS serverless architecture with enterprise-grade Infrastructure as Code. Implemented CloudFront with Origin Access Control (OAC), S3 with versioning and encryption (AES256), Route 53 DNS management, and ACM SSL/TLS certificates. Developed comprehensive Terraform and CloudFormation templates following best practices: separate resource files, pessimistic version constraints (~>), default tagging, S3 native state locking, HTTP/3 support, and managed cache policies. Includes professional Python deployment automation with logging, type hints, and error handling. Cost-optimized architecture (~$2-5/month) with 90-day lifecycle policies and global CDN performance.

AWS S3 CloudFront Route 53 ACM Terraform CloudFormation Python IaC

Tag Compliance & Governance

Architected automated tag compliance monitoring and remediation system using AWS Config, Lambda, Step Functions, SSM Automation Documents, and EventBridge. Managed comprehensive tag policies across EC2, ENI, EBS, RDS, DynamoDB, FSx, and EFS, with SNS-based reporting for compliance violations.

Temporary Elevated Access Management

Implementing AWS-native temporary elevated access management solution using IAM Identity Center. Architecting time-bound privilege escalation with automated approval workflows, session monitoring, and audit trails. Enables just-in-time access for administrative tasks while maintaining least privilege principles and compliance requirements through centralized access governance.

AWS Control Tower Implementation

Led design and deployment of AWS Control Tower Landing Zone, integrating with existing AWS Organization. Established standardized security baselines, guardrails, and account provisioning workflows for enterprise-scale governance.

Centralized Private Connectivity

Designed and implemented VPC Interface Endpoints architecture across multiple VPCs, regions, and AWS accounts. Enabled secure, private connectivity to AWS services while reducing data transfer costs and improving security posture.

Hybrid DNS Architecture

Engineered hybrid DNS solution integrating on-premises Active Directory Domain Controllers with AWS Route 53. Configured VPC DHCP options and AD instances for seamless DNS resolution across hybrid infrastructure.

Centralized Network Security

Led implementation of centralized network egress using Transit Gateway and AWS Network Firewall. Enhanced security visibility, traffic inspection, and threat prevention across multi-account AWS environment.

Enterprise SSO Integration

Designed and implemented AWS SSO integration with Microsoft Entra ID using SAML 2.0 and SCIM protocols. Enabled automated user provisioning, centralized access management, and enhanced security compliance.

IaC Modernization

Spearheaded migration from AWS CodeCommit to GitLab and CloudFormation to Terraform. Modernized infrastructure-as-code practices, improved deployment workflows, and enhanced team collaboration.

RDS Update Notification System

Developed automated notification system for RDS instance updates using EventBridge, Lambda, and SNS. Enabled proactive database maintenance planning and reduced unplanned downtime.

Multi-Cloud SIEM Integration

Led Microsoft Sentinel integration with AWS for centralized log aggregation and security monitoring. Implemented SOC alerts and automated incident response across multi-cloud environment.

DNS Consolidation

Orchestrated migration of DNS domains from third-party registrars to AWS Route 53. Consolidated DNS management, improved reliability, and reduced operational complexity.

Hybrid Connectivity Management

Managed and optimized Site-to-Site VPN and AWS Direct Connect connections. Ensured reliable, high-performance connectivity between on-premises data centers and AWS cloud infrastructure.

Multi-Cloud Environment Management

Managed Azure environment lifecycle, securing access between AWS instances, on-premises infrastructure, and Sentinel. Handled service provisioning, access control, and cross-cloud integration.

AWS WAF Migration & Security Enhancement

Migrated AWS WAF from Classic (v1) to v2 following retirement. Removed root credentials from all accounts except management account. Managed Security Hub CSPM and Trusted Advisor for security and cost optimization.

Azure Monitoring Integration

Deployed Azure Monitoring Agent (AMA) on AWS instances and on-premises infrastructure. Integrated with Azure Arc, Analytics Workspace, and Data Collection Rules for unified monitoring across hybrid environment.

Technical Skills

Cloud Platforms

  • Amazon Web Services (AWS)
  • Microsoft Azure
  • Google Cloud Platform (GCP)
  • Multi-cloud Architecture

Networking

  • VPC Design & Implementation
  • Direct Connect & VPN
  • Cisco Routing & Switching
  • BGP, OSPF, EIGRP, HSRP
  • Network Security

Infrastructure as Code

  • Terraform
  • CloudFormation
  • Ansible
  • Python (Boto3)
  • Bash & PowerShell

Security & Compliance

  • AWS Security Best Practices
  • IAM & Access Management
  • PCI/ISO27001 Standards
  • Firewall Management
  • Security Monitoring

Systems Administration

  • Linux (Ubuntu, CentOS, SUSE, Red Hat)
  • Windows Server
  • Virtualization (VMware, Hyper-V)
  • Docker & Kubernetes

DevOps & Automation

  • CI/CD Pipelines
  • GitLab / GitHub
  • Jenkins
  • Automation & Scripting

Get In Touch

Whether you're evaluating leadership talent or tackling a technical challenge, let's connect and see how I can help.

Email Me LinkedIn GitHub