

Vimal Paliwal
Verified Expert in Engineering
DevSecOps Engineer and Software Developer
London, United Kingdom
Toptal member since April 27, 2020
Vim has 9+ years of experience delivering secure, scalable cloud infrastructure using IaC and driving measurable cost optimisations. Certified across AWS and Kubernetes, with a strong focus on security, compliance, and DevSecOps best practices. Former AWS Authorized Instructor, AWS Community Builder, and contributor through technical blogs, open-source tools, and speaking engagements. Outside work, Vim enjoys badminton, yoga, and exploring new cafes.
Portfolio
Experience
- Terraform - 6 years
- DevOps - 6 years
- Amazon Web Services (AWS) - 6 years
- CI/CD Pipelines - 6 years
- Python - 3 years
- Docker - 3 years
- Shell - 2 years
- Kubernetes - 1 year
Preferred Environment
Terraform, Amazon Web Services (AWS), Kubernetes, CI/CD Pipelines, Helm, Bash, Python
The most amazing...
...thing I've done is to independently build a payment gateway with a suite of services hosted on AWS and see client payments going through.
Work Experience
Principal Engineer
McKinsey & Company
- Built ISO 27001-compliant, multi-tenant AWS infrastructure using Terraform, handling 100,000+ daily requests.
- Delivered multi-tenant GenAI RAG chatbot utilising Amazon Bedrock, Claude LLM, PostgreSQL (pgvector), Lambda, and API Gateway.
- Wrote the MCP server to expose the back-end REST API for agents utilizing Python, Pydantic, and FastMCP.
- Drove significant annual cost savings: around $35,000 via infra optimisations; around $20,000 by migrating from MapBox to TileServer on ECS.
- Utilized Bash and Python for writing GitHub Actions workflows and serverless automations.
- Enabled self-provisioning via AWS Service Catalog; automated IAM key rotation, hardened IAM policies, and S3 malware scan.
- Managed and mentored two junior engineers, boosting velocity and implementing DevSecOps procedures across teams.
- Integrated DevSecOps practices utilizing Checkov for IaC, SonarQube for static analysis, and Trivy for container scanning.
DevOps Engineer
Modus Create
- Migrated EKS clusters singlehandedly to the latest available version for the stage and production environments with zero downtime.
- Wrote shell and Python scripts for GitLab CI/CD to maintain an ephemeral development environment.
- Carried out a cost analysis and reduced the monthly AWS bill by nearly 40% by introducing Spot instances for the dev environment, implementing S3 lifecycle policies, and downsizing underutilized ElastiCache and Aurora clusters.
- Implemented an RDS Proxy with IAM authentication to securely and efficiently manage database connections.
- Replaced instance-level IAM roles with pod-level using K8s Service Account to achieve least privilege access.
- Hardened all EKS nodes by introducing CIS Level 1 AMI.
- Automated security patch on EKS nodes every weekend via AWS Systems Manager.
- Implemented Prometheus and Grafana for K8s monitoring using Helm charts.
- Set up site-to-site VPN connectivity for seamless on-prem connectivity.
DevOps Engineer
Pricemoov SaaS
- Improved the existing CI/CD pipeline to include the deployment of Lambda@Edge function using SLS framework and updated CloudFront with the latest deployed version.
- Implemented RabbitMQ broker for Celery workers via Helm Chart.
- Separated the Celery worker and Redis container from the back-end app container on K8s.
Cloud Lead
Coditas
- Automated the infrastructure deployment of a centralized logging framework, which includes Kinesis Firehose, S3, SQS, SNS, ELK, API Gateway, and Lambda using Terraform.
- Wrote custom RBAC roles for limiting user access to the Kubernetes cluster.
- Used Jira to keep track of issues/tasks along with time logging.
- Implemented a host monitoring solution using Sensu Core and Grafana.
- Automated the code deployment to EC2 instances using Jenkins Pipeline script in combination with AWS CodeDeploy.
- Handled the infrastructure and code deployment automation of a serverless application involving S3, CloudFront, Lambda, API Gateway, DynamoDB, and more using Terraform and GitLab CI/CD.
Founder
Ezstrax
- Built and shipped a fintech product for offline businesses to collect e-payments; owned end-to-end delivery to the revenue stage.
- Used Terraform to automate the infrastructure and AWS CodeBuild and CodeDeploy for the CI/CD pipeline.
- Guided infrastructure to pass its ASV scan in the very first run.
Experience
GuardDuty S3 Malware Protection Automation
https://github.com/paliwalvimal/guardduty-s3-malware-protectionMCP Servers
https://github.com/paliwalvimal/mcp-serversTileServer on AWS
https://github.com/paliwalvimal/tileserver-on-awsAWS IAM Key Rotator
https://github.com/skildops/aws-iam-key-rotatorTerrablocks
https://github.com/terrablocksSecureaws
https://github.com/paliwalvimal/secureawsServices covered include:
• CloudTrail
• Config
• Root MFA
• VPC flow logs
• Strong password policy
• Macie
• Guard duty
• S3 SSE encryption
• EBS encryption
Payment Gateway
Education
Master's Degree in Computer & Network Security
Middlesex University - London, UK
Bachelor's Degree in Computer Applications
MITSOM College - Pune, India
Certifications
Certified Kubernetes Security Specialist
The Linux Foundation
AWS Certified DevOps Engineer – Professional
Amazon Web Services
Certified Kubernetes Administrator
The Linux Foundation
AWS Authorized Instructor - Champion
Amazon Web Services
AWS Certified Solution Architect – Professional
Amazon Web Services
AWS Certified Security – Specialty
Amazon Web Services
AWS Certified Developer – Associate
Amazon Web Services
AWS Certified SysOps Administrator – Associate
Amazon Web Services
AWS Certified Solution Architect – Associate
Amazon Web Services
Skills
Libraries/APIs
Pydantic
Tools
Terraform, Amazon EKS, AWS IAM, Jenkins, Shell, Amazon Elastic Container Service (ECS), GitHub, GitLab, Helm, Amazon Simple Email Service (SES), Amazon CloudWatch, GitLab CI/CD, Git, AWS Key Management Service (KMS), Amazon CloudFront CDN, CircleCI, Grafana, Amazon CloudFront, Amazon Simple Queue Service (SQS), Amazon Simple Notification Service (SNS)
Paradigms
DevOps, DevSecOps, Model Context Protocol (MCP)
Platforms
Amazon Web Services (AWS), AWS Lambda, Kubernetes, Docker, Linux
Storage
Amazon S3 (AWS S3), Amazon DynamoDB, Amazon EFS
Languages
Bash, Python, Python 3
Other
CI/CD Pipelines, Infrastructure as Code (IaC), Cloud Infrastructure, AWS DevOps, Amazon API Gateway, Amazon RDS, AWS Certified Solution Architect, Virtual Private Cloud (VPC), APIs, GitHub Actions, Shell Scripting, Scripting, Amazon CloudHSM, Web Application Firewall (WAF), SFTP, ISO 27001, Prometheus, Security, AWS WAF, AWS CloudMap, Retrieval-augmented Generation (RAG), Generative Artificial Intelligence (GenAI), AI Chatbots, Amazon GuardDuty, Amazon EventBridge, Serverless
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring