Available for new opportunities · Edmonton, AB

Sukhman Singh

Infrastructure & Security Engineer — networks, cloud, and security operations.

IT professional with 5+ years keeping multi-site infrastructure online and secure. I work across network engineering, security operations, and Microsoft 365 — from VLAN segmentation and firewalls to incident response and cloud workloads.

Contact me View projects
0
Users supported
0
Sites managed
0
Uptime maintained
0
Experience

Profile

Infrastructure that stays up — and stays secure.

I'm an IT infrastructure and security professional based in Edmonton, Alberta, currently keeping the lights on across a multi-site manufacturing environment. My day-to-day spans firewall administration, endpoint security, network operations, and cloud infrastructure — the full stack of keeping a real business running.

I like the work where reliability and security meet: segmenting networks so a problem can't spread, hardening a perimeter without slowing people down, and turning a noisy alert into a clear answer. I document what I build so the next person — including future me — can pick it up without guesswork.

Lately I've been leaning into automation and cloud: scripting onboarding workflows, hardening Cloudflare and AWS workloads, and building internal tools that take repetitive work off the team's plate.

// What I focus on

  • Network design & segmentation across sites
  • Security operations & incident response
  • Cloud & identity (M365, Azure AD, AWS)
  • Automation, scripting & internal tooling
  • Clear runbooks & documentation

Capabilities

Technical skillset

Hands-on experience across infrastructure, security, and cloud environments.

🌐
Networking
CiscoFortinetVLANsVPNSD-WANFirewallsDNS/DHCP
🔐
Security Operations
DarktraceSentinelOneMS DefenderCloudflare WAFSPF/DKIM/DMARCIncident Response
☁️
Cloud & Identity
Microsoft 365Azure ADAWSOktaIntuneSSO
🖥️
Systems Administration
Windows ServerActive DirectoryGroup PolicyRDSIISSQL Server
🔧
Endpoint & ITSM
IntuneAutopilotManageEngineServiceDesk PlusImagingAsset Mgmt
📊
Monitoring & Scripting
PowerShellOpManagerWiresharkREST APIsBash

Work history

Experience

Building and maintaining enterprise infrastructure at scale.

Durabuilt Windows & Doors

Network Analyst

Feb 2025 — Present
  • Manage network infrastructure across 7 sites including Cisco switches, Fortinet firewalls, and SD-WAN
  • Deployed a secondary Domain Controller to improve redundancy and authentication availability
  • Administer Microsoft 365, AWS workloads, and Cloudflare WAF / DNS for public-facing services
  • Investigate phishing, account compromise, and EDR alerts using Darktrace, SentinelOne, and Defender
  • Support 400+ users across Windows Server environments — Group Policy, RDS, IIS, and SQL Server
  • Led VLAN segmentation to isolate production systems and reduce lateral-movement risk
400+users 7sites 98%uptime

Arcadis (formerly IBI Group)

Systems Administrator

May 2022 — Feb 2025
  • Managed IT infrastructure for 300+ users across 3 Canadian offices through the IBI → Arcadis merger
  • Led Microsoft Autopilot deployment for zero-touch endpoint provisioning
  • Administered hybrid Active Directory with Azure AD Connect and conditional access policies
  • Supported an AWS migration — infrastructure planning and connectivity testing
  • Handled SSL certificate lifecycle management across firewalls and third-party systems
  • Coordinated IT buildout for the Saskatoon office expansion, including cabling and device deployment
300+users 3offices

Notable work

Key projects

Hands-on initiatives that improved security, resilience, and efficiency.

🌐 Networking

VLAN Segmentation & Network Redesign

Redesigned a flat network by implementing VLAN segmentation to isolate production, office, and IoT traffic — reducing lateral-movement risk and improving performance across 7 sites.

CiscoFortinetVLANsFirewall Rules
🖥️ Infrastructure

Domain Controller Redundancy

Deployed a secondary Domain Controller to eliminate a single point of failure in authentication, improving AD replication and ensuring continuity for 400+ users during primary DC maintenance.

Windows ServerActive DirectoryDNSReplication
🔐 Security

Cloudflare WAF Hardening

Implemented Business-tier WAF hardening with custom rule expressions in front of public services, layered through a Cloudflare / FortiGate / IIS architecture, and documented it in a runbook for the team.

CloudflareWAFFortiGateIIS
🔐 Security

Phishing & Incident Response

Built a repeatable IR process for phishing campaigns and account compromises — using Darktrace and SentinelOne for detection, then producing clear remediation reports for leadership.

DarktraceSentinelOneDefenderEmail Analysis
☁️ Cloud

AWS Migration & Backup Strategy

Supported AWS infrastructure work — connectivity testing, EC2 administration, and evaluating a backup strategy (AWS Backup vs. Veeam) — coordinating on-prem AD with cloud workloads during cutover.

AWSEC2Hybrid ADBackup
☁️ Cloud

Microsoft Autopilot Deployment

Rolled out Windows Autopilot across offices to enable zero-touch provisioning — cutting new-device setup time and ensuring a consistent baseline configuration across all endpoints.

IntuneAutopilotAzure ADM365
🤖 AI-Built

IT Inventory Management System

Designed and built a full IT inventory system covering hardware assets, software licenses, and PR/PO workflows — backed by a SQL Server database with a JavaScript front end for real-time tracking.

JavaScriptSQL ServerAsset TrackingPR / PO
⚙️ Automation

IT Onboarding Automation

Automated user onboarding with ManageEngine ADManager Plus and a REST API integration — provisioning accounts and a branded welcome workflow to remove repetitive manual setup for the team.

ADManager PlusREST APIPowerShellM365

Get in touch

Let's connect

Open to opportunities in infrastructure, network administration, security operations, and systems engineering.

sukhman@pbkx.ca

Send email LinkedIn Download résumé