Senior Cloud Engineer

6/2021 – 10/2023

The goal of this project was to design and implement a Landing Zone in AWS, providing a consistent and structured multi-account environment. This was achieved by deploying the AWS Control Tower service with Account Factory along with Security Hub and custom automations, which simplified account creation and integration, enforced data governance, encryption, networking and access monitoring. Work was coded in Terraform, except when the necessary API was missing. The benefits included, optimized operational efficiency, reducing potential for human errors, optimized resource usage costs, ISO 27001 compliance management, improved access control, and adherence to the AWS Well-Architected Framework’s security best practices.
I designed the solution and deployed the AWS Control Tower service, with custom automations for preconfiguring new and existing accounts to meet business and security requirements, removed the complexity of manual configurations, and sped up the creation of new accounts and the integration of existing ones. I enforced data governance, encryption, access monitoring and network traffic policies and logging by default. I implemented an automated approach to resource limits to optimize resource usage costs. I implemented common Security Control Policies as code to ensure ISO 27001 compliance as code. I implemented access control, SSO federation, security best practices according to the AWS Well-Architected Framework. I designed client VPN access and imported resources from existing AWS accounts into the Terraform codebase and integrated these accounts as the organization’s members. I created and maintained the documentation.

Amazon Web Services (AWS), Cyber Security, IaaS (Infrastructure as a Service)

9/2020 – 5/2021

found in reference description 1
I helped to build cloud infrastructure for the Connected Car project, transitioning the EC2-based PKI to a serverless app, designing DNS and core networking module. I developed PKI infrastructure automation, which facilitated the auto-renewal of free Let’s Encrypt security certificates. This was achieved using the AWS Lambda, S3, CloudWatch services and Python code. I designed DNS name resolution from on-premises and from the internet to load balancer fronting Kubernetes cluster using AWS ALB, Route53 and Ha Proxy. I coded in Terraform multi-account network configuration scripts for DNS, VPC peering, routing, and load balancing. I also created a proof of concept of alternative DNS infrastructure using Consul cluster. I actively participated in code reviews, ensuring the quality and efficiency of
Details
Resides – Erding, Germany. Nationality - Poland [...]
[...]
Skills Major public cloud providers experience in automation of cloud services in AWS, GCP, some Azure
Infrastructure as code: Interpreting architectural designs into: Terraform, CloudFormation, Bash, Python scripts. Some Go.
Software defined networking experience – cloud/ hybrid cloud/on-prem.
Cloud infrastructure cost optimization
Cloud security: securing data in transit and at rest. PKI automation. Access and authorization.
Building low-friction software deployment pipelines - Jenkins, Gitlab CI
Databases AWS RDS automation experience. AWS serverless – Aurora V2
Highly available infrastructure: Experience deploying and managing Kubernetes, OpenShift with Terraform.
Linux and Windows administration experience in prod. Infrastructure (9000+ servers)
Familiar with project management
Experience working in Agile team.
IP Networking & security: Experience with VLAN, subnetting, DNS, Firewalling
Languages
the codebase. I also adopted a GitOps-style approach for code deployment, which enhanced the speed and reliability of our development processes.

Cyber Security, IaaS (Infrastructure as a Service), Amazon Web Services (AWS), Kubernetes, Python, SSL / TLS

1/2020 – 5/2020

During my tenure as a GCP consultant, I specialized in advising and supporting customers on the adoption of Google Cloud Platform (GCP) Landing Zones. I designed and also helped to implement GCP Landing Zones to facilitate rapid and structured adoption of Google Cloud platform by the customers. I helped the customers to adopt the infrastructure as code practices to improve speed of onboarding of their workloads, enforce building consistent environments using appropriate shared components, adhering to agreed policies, using approved IaC routes and reduce the overall complexity. I developed Terraform templates for automated provisioning of the Landing Zones according to Google’s best practices.

Cyber Security, Architekturinformatik, Google Cloud