Senior Cloud Engineer
- Verfügbarkeit einsehen
- 0 Referenzen
- 90€/Stunde
- 02-798 Warsaw
- Europa
- pl | en
- 23.01.2024
Kurzvorstellung
Qualifikationen
Projekt‐ & Berufserfahrung
6/2021 – 10/2023
Tätigkeitsbeschreibung
The goal of this project was to design and implement a Landing Zone in AWS, providing a consistent and structured multi-account environment. This was achieved by deploying the AWS Control Tower service with Account Factory along with Security Hub and custom automations, which simplified account creation and integration, enforced data governance, encryption, networking and access monitoring. Work was coded in Terraform, except when the necessary API was missing. The benefits included, optimized operational efficiency, reducing potential for human errors, optimized resource usage costs, ISO 27001 compliance management, improved access control, and adherence to the AWS Well-Architected Framework’s security best practices.
I designed the solution and deployed the AWS Control Tower service, with custom automations for preconfiguring new and existing accounts to meet business and security requirements, removed the complexity of manual configurations, and sped up the creation of new accounts and the integration of existing ones. I enforced data governance, encryption, access monitoring and network traffic policies and logging by default. I implemented an automated approach to resource limits to optimize resource usage costs. I implemented common Security Control Policies as code to ensure ISO 27001 compliance as code. I implemented access control, SSO federation, security best practices according to the AWS Well-Architected Framework. I designed client VPN access and imported resources from existing AWS accounts into the Terraform codebase and integrated these accounts as the organization’s members. I created and maintained the documentation.
Amazon Web Services (AWS), Cyber Security, IaaS (Infrastructure as a Service)
9/2020 – 5/2021
Tätigkeitsbeschreibung
found in reference description 1
I helped to build cloud infrastructure for the Connected Car project, transitioning the EC2-based PKI to a serverless app, designing DNS and core networking module. I developed PKI infrastructure automation, which facilitated the auto-renewal of free Let’s Encrypt security certificates. This was achieved using the AWS Lambda, S3, CloudWatch services and Python code. I designed DNS name resolution from on-premises and from the internet to load balancer fronting Kubernetes cluster using AWS ALB, Route53 and Ha Proxy. I coded in Terraform multi-account network configuration scripts for DNS, VPC peering, routing, and load balancing. I also created a proof of concept of alternative DNS infrastructure using Consul cluster. I actively participated in code reviews, ensuring the quality and efficiency of
Details
Resides – Erding, Germany. Nationality - Poland [...]
[...]
Skills Major public cloud providers experience in automation of cloud services in AWS, GCP, some Azure
Infrastructure as code: Interpreting architectural designs into: Terraform, CloudFormation, Bash, Python scripts. Some Go.
Software defined networking experience – cloud/ hybrid cloud/on-prem.
Cloud infrastructure cost optimization
Cloud security: securing data in transit and at rest. PKI automation. Access and authorization.
Building low-friction software deployment pipelines - Jenkins, Gitlab CI
Databases AWS RDS automation experience. AWS serverless – Aurora V2
Highly available infrastructure: Experience deploying and managing Kubernetes, OpenShift with Terraform.
Linux and Windows administration experience in prod. Infrastructure (9000+ servers)
Familiar with project management
Experience working in Agile team.
IP Networking & security: Experience with VLAN, subnetting, DNS, Firewalling
Languages
the codebase. I also adopted a GitOps-style approach for code deployment, which enhanced the speed and reliability of our development processes.
Cyber Security, IaaS (Infrastructure as a Service), Amazon Web Services (AWS), Kubernetes, Python, SSL / TLS
1/2020 – 5/2020
TätigkeitsbeschreibungDuring my tenure as a GCP consultant, I specialized in advising and supporting customers on the adoption of Google Cloud Platform (GCP) Landing Zones. I designed and also helped to implement GCP Landing Zones to facilitate rapid and structured adoption of Google Cloud platform by the customers. I helped the customers to adopt the infrastructure as code practices to improve speed of onboarding of their workloads, enforce building consistent environments using appropriate shared components, adhering to agreed policies, using approved IaC routes and reduce the overall complexity. I developed Terraform templates for automated provisioning of the Landing Zones according to Google’s best practices.
Eingesetzte QualifikationenCyber Security, Architekturinformatik, Google Cloud
8/2017 – 12/2017
TätigkeitsbeschreibungIn this role, I was responsible for designing a virtual network architecture for our internal Platform-as-a-Service (PaaS). This solution, built on OpenStack, was designed to offer similar functionalities to well-known public PaaS providers, enabling seamless software development and deployment processes for the internal developer teams without compromising data confidentiality. A significant part of my role involved integrating this new virtual network with the existing corporate network. Additionally, I was responsible for producing comprehensive documentation that included details of subnetting strategies, firewalling, proxying and traffic flow diagrams.
Eingesetzte QualifikationenArchitekturinformatik
8/2016 – 9/2019
TätigkeitsbeschreibungI developed a single-click deployment template using Terraform and Puppet, enabling the efficient deployment of an OpenShift cluster within a hybrid cloud infrastructure encompassing AWS, GCP, and OpenStack. I developed Terraform and Puppet templates for the automated configuration of the supporting infrastructure, including an authentication and authorization module (LDAP-AD integration), load balancing, EC2 Auto Scaling and a monitoring module for automating log streaming to external services (Splunk). I subsequently assisted in migrating applications and Kafka event streams from the on-premises data center to AWS SNS/SQS. I set up automated workflows using Jenkins CI pipelines. These workflows included the creation and updating of custom Ec2 images and the execution of CI/Test pipelines.
Eingesetzte QualifikationenKubernetes, OpenShift, Amazon Web Services (AWS), Google Cloud, Microsoft Azure
5/2015 – 7/2016
TätigkeitsbeschreibungAs a DevOps engineer supporting Sainsbury’s digital transformation project, I automated the provisioning of infrastructure in AWS using Terraform and Chef for various in-house applications. I wrote Terraform templates for several AWS services, including EC2, S3, VPC, Route53, and RDS. I built Continuous Deployment (CD) pipelines using Jenkins and Octopus Deploy, automating software release workflows. Additionally, I automated the configuration management of EC2 instances with Chef and provisioned cost-effective, on-demand VPN tunnels to AWS VPC using Terraform.
Eingesetzte QualifikationenGit, IaaS (Infrastructure as a Service), Amazon Web Services (AWS), Puppet
Ausbildung
The University of Economics and Computer Science, Warsaw
2000
Über mich
Persönliche Daten
- Polnisch (Muttersprache)
- Englisch (Fließend)
- Europäische Union
- Schweiz
Kontaktdaten
Nur registrierte PREMIUM-Mitglieder von freelance.de können Kontaktdaten einsehen.
Jetzt Mitglied werden