Vimal Paliwal, Developer in London, United Kingdom
Vimal is currently unavailable

Vimal Paliwal

DevSecOps Engineer and Software Developer

London, United Kingdom

Toptal member since April 27, 2020

Bio

Vim has 9+ years of experience delivering secure, scalable cloud infrastructure using IaC and driving measurable cost optimisations. Certified across AWS and Kubernetes, with a strong focus on security, compliance, and DevSecOps best practices. Former AWS Authorized Instructor, AWS Community Builder, and contributor through technical blogs, open-source tools, and speaking engagements. Outside work, Vim enjoys badminton, yoga, and exploring new cafes.

Portfolio

McKinsey & Company
Amazon Web Services (AWS), Kubernetes, Terraform, CI/CD Pipelines, Scripting...
Modus Create
Shell, Terraform, Python, Amazon Web Services (AWS), Shell Scripting...
Pricemoov SaaS
Amazon Web Services (AWS), Helm, Kubernetes, Amazon RDS, CircleCI, Docker...

Experience

  • Terraform - 6 years
  • DevOps - 6 years
  • Amazon Web Services (AWS) - 6 years
  • CI/CD Pipelines - 6 years
  • Python - 3 years
  • Docker - 3 years
  • Shell - 2 years
  • Kubernetes - 1 year

Preferred Environment

Terraform, Amazon Web Services (AWS), Kubernetes, CI/CD Pipelines, Helm, Bash, Python

The most amazing...

...thing I've done is to independently build a payment gateway with a suite of services hosted on AWS and see client payments going through.

Work Experience

Principal Engineer

2022 - PRESENT
McKinsey & Company
  • Built ISO 27001-compliant, multi-tenant AWS infrastructure using Terraform, handling 100,000+ daily requests.
  • Delivered multi-tenant GenAI RAG chatbot utilising Amazon Bedrock, Claude LLM, PostgreSQL (pgvector), Lambda, and API Gateway.
  • Wrote the MCP server to expose the back-end REST API for agents utilizing Python, Pydantic, and FastMCP.
  • Drove significant annual cost savings: around $35,000 via infra optimisations; around $20,000 by migrating from MapBox to TileServer on ECS.
  • Utilized Bash and Python for writing GitHub Actions workflows and serverless automations.
  • Enabled self-provisioning via AWS Service Catalog; automated IAM key rotation, hardened IAM policies, and S3 malware scan.
  • Managed and mentored two junior engineers, boosting velocity and implementing DevSecOps procedures across teams.
  • Integrated DevSecOps practices utilizing Checkov for IaC, SonarQube for static analysis, and Trivy for container scanning.
Technologies: Amazon Web Services (AWS), Kubernetes, Terraform, CI/CD Pipelines, Scripting, AWS Key Management Service (KMS), Amazon CloudHSM, Web Application Firewall (WAF), Amazon CloudFront CDN, SFTP, AWS Lambda, Amazon RDS, Docker, DevOps, Amazon EKS, Git, Amazon API Gateway, Amazon Elastic Container Service (ECS), AWS Certified Solution Architect, Linux, Infrastructure as Code (IaC), Bash, Cloud Infrastructure, AWS DevOps, Amazon S3 (AWS S3), Virtual Private Cloud (VPC), DevSecOps, APIs, GitHub Actions, Grafana, ISO 27001, Prometheus, GitHub, Model Context Protocol (MCP), Python 3, Pydantic, Retrieval-augmented Generation (RAG), Generative Artificial Intelligence (GenAI), AI Chatbots

DevOps Engineer

2020 - 2022
Modus Create
  • Migrated EKS clusters singlehandedly to the latest available version for the stage and production environments with zero downtime.
  • Wrote shell and Python scripts for GitLab CI/CD to maintain an ephemeral development environment.
  • Carried out a cost analysis and reduced the monthly AWS bill by nearly 40% by introducing Spot instances for the dev environment, implementing S3 lifecycle policies, and downsizing underutilized ElastiCache and Aurora clusters.
  • Implemented an RDS Proxy with IAM authentication to securely and efficiently manage database connections.
  • Replaced instance-level IAM roles with pod-level using K8s Service Account to achieve least privilege access.
  • Hardened all EKS nodes by introducing CIS Level 1 AMI.
  • Automated security patch on EKS nodes every weekend via AWS Systems Manager.
  • Implemented Prometheus and Grafana for K8s monitoring using Helm charts.
  • Set up site-to-site VPN connectivity for seamless on-prem connectivity.
Technologies: Shell, Terraform, Python, Amazon Web Services (AWS), Shell Scripting, GitLab CI/CD, Kubernetes, Amazon RDS, Docker, DevOps, Amazon EKS, Git, Amazon API Gateway, Amazon Elastic Container Service (ECS), AWS Certified Solution Architect, Linux, Infrastructure as Code (IaC), Bash, Cloud Infrastructure, AWS DevOps, CI/CD Pipelines, Amazon S3 (AWS S3), Virtual Private Cloud (VPC), DevSecOps, APIs, Grafana, Prometheus, GitHub, GitLab

DevOps Engineer

2020 - 2020
Pricemoov SaaS
  • Improved the existing CI/CD pipeline to include the deployment of Lambda@Edge function using SLS framework and updated CloudFront with the latest deployed version.
  • Implemented RabbitMQ broker for Celery workers via Helm Chart.
  • Separated the Celery worker and Redis container from the back-end app container on K8s.
Technologies: Amazon Web Services (AWS), Helm, Kubernetes, Amazon RDS, CircleCI, Docker, DevOps, Amazon EKS, Git, AWS Certified Solution Architect, Linux, Infrastructure as Code (IaC), Bash, Cloud Infrastructure, AWS DevOps, CI/CD Pipelines, Amazon S3 (AWS S3), Virtual Private Cloud (VPC), GitHub, GitLab

Cloud Lead

2018 - 2020
Coditas
  • Automated the infrastructure deployment of a centralized logging framework, which includes Kinesis Firehose, S3, SQS, SNS, ELK, API Gateway, and Lambda using Terraform.
  • Wrote custom RBAC roles for limiting user access to the Kubernetes cluster.
  • Used Jira to keep track of issues/tasks along with time logging.
  • Implemented a host monitoring solution using Sensu Core and Grafana.
  • Automated the code deployment to EC2 instances using Jenkins Pipeline script in combination with AWS CodeDeploy.
  • Handled the infrastructure and code deployment automation of a serverless application involving S3, CloudFront, Lambda, API Gateway, DynamoDB, and more using Terraform and GitLab CI/CD.
Technologies: Shell, Terraform, Python, Amazon Web Services (AWS), Shell Scripting, Kubernetes, Jenkins, Amazon RDS, CircleCI, Docker, DevOps, Amazon EKS, Git, Amazon API Gateway, Amazon Elastic Container Service (ECS), AWS Certified Solution Architect, Linux, Infrastructure as Code (IaC), Bash, Cloud Infrastructure, AWS DevOps, CI/CD Pipelines, Amazon S3 (AWS S3), Virtual Private Cloud (VPC), Grafana, Prometheus, GitHub, GitLab

Founder

2016 - 2017
Ezstrax
  • Built and shipped a fintech product for offline businesses to collect e-payments; owned end-to-end delivery to the revenue stage.
  • Used Terraform to automate the infrastructure and AWS CodeBuild and CodeDeploy for the CI/CD pipeline.
  • Guided infrastructure to pass its ASV scan in the very first run.
Technologies: Terraform, Amazon Web Services (AWS), Amazon RDS, Git, Amazon API Gateway, Infrastructure as Code (IaC), Cloud Infrastructure, AWS DevOps, CI/CD Pipelines, Amazon S3 (AWS S3), Virtual Private Cloud (VPC), GitHub

Experience

GuardDuty S3 Malware Protection Automation

https://github.com/paliwalvimal/guardduty-s3-malware-protection
A serverless workflow that automatically scans the files uploaded to S3 for malware using AWS GuardDuty in real time and stops them right at the gate, preventing them from reaching the production environment.

MCP Servers

https://github.com/paliwalvimal/mcp-servers
MCP servers built using Python and FastMCP, leveraging Pydantic for strict type validation and structured output. Designed for modularity, these servers can seamlessly integrate with any MCP client via UV or Docker. The project emphasizes clean architecture, reusability, and ease of deployment.

TileServer on AWS

https://github.com/paliwalvimal/tileserver-on-aws
Securely self-host TileServer on AWS using only serverless services like CloudFront, WAF, API Gateway, ECS, EFS, and S3. Perfect for professionals looking for scalable and cost-effective solutions for a self-hosting tile rendering server.

AWS IAM Key Rotator

https://github.com/skildops/aws-iam-key-rotator
This tool is responsible for generating a new IAM access key pair every X days and mails it to the user via SES. It will also delete the existing key pair after a few days of new key generation to allow the user to update the new key wherever required.

Terrablocks

https://github.com/terrablocks
Modular infrastructure blocks written in Terraform. This project contains a few basic infrastructure building blocks required to start most of the projects. I maintain this to make my and others' lives easier.

Secureaws

https://github.com/paliwalvimal/secureaws
A Python application that will scan your AWS account to identify whether basic security services are enabled. If not, the app will help you enable or set them up.
Services covered include:
• CloudTrail
• Config
• Root MFA
• VPC flow logs
• Strong password policy
• Macie
• Guard duty
• S3 SSE encryption
• EBS encryption

Payment Gateway

A Java application helping people and businesses to collect payments online. Payments can be collected via creating an invoice using the portal or by creating interactive forms for users. I was responsible for building the application, hosting it, and keeping it secured.

Education

2014 - 2015

Master's Degree in Computer & Network Security

Middlesex University - London, UK

2011 - 2014

Bachelor's Degree in Computer Applications

MITSOM College - Pune, India

Certifications

JANUARY 2025 - JANUARY 2027

Certified Kubernetes Security Specialist

The Linux Foundation

OCTOBER 2024 - OCTOBER 2027

AWS Certified DevOps Engineer – Professional

Amazon Web Services

DECEMBER 2023 - DECEMBER 2026

Certified Kubernetes Administrator

The Linux Foundation

JANUARY 2021 - JULY 2022

AWS Authorized Instructor - Champion

Amazon Web Services

DECEMBER 2019 - DECEMBER 2025

AWS Certified Solution Architect – Professional

Amazon Web Services

FEBRUARY 2019 - FEBRUARY 2025

AWS Certified Security – Specialty

Amazon Web Services

AUGUST 2018 - AUGUST 2024

AWS Certified Developer – Associate

Amazon Web Services

DECEMBER 2017 - DECEMBER 2024

AWS Certified SysOps Administrator – Associate

Amazon Web Services

JUNE 2017 - DECEMBER 2025

AWS Certified Solution Architect – Associate

Amazon Web Services

Skills

Libraries/APIs

Pydantic

Tools

Terraform, Amazon EKS, AWS IAM, Jenkins, Shell, Amazon Elastic Container Service (ECS), GitHub, GitLab, Helm, Amazon Simple Email Service (SES), Amazon CloudWatch, GitLab CI/CD, Git, AWS Key Management Service (KMS), Amazon CloudFront CDN, CircleCI, Grafana, Amazon CloudFront, Amazon Simple Queue Service (SQS), Amazon Simple Notification Service (SNS)

Paradigms

DevOps, DevSecOps, Model Context Protocol (MCP)

Platforms

Amazon Web Services (AWS), AWS Lambda, Kubernetes, Docker, Linux

Storage

Amazon S3 (AWS S3), Amazon DynamoDB, Amazon EFS

Languages

Bash, Python, Python 3

Other

CI/CD Pipelines, Infrastructure as Code (IaC), Cloud Infrastructure, AWS DevOps, Amazon API Gateway, Amazon RDS, AWS Certified Solution Architect, Virtual Private Cloud (VPC), APIs, GitHub Actions, Shell Scripting, Scripting, Amazon CloudHSM, Web Application Firewall (WAF), SFTP, ISO 27001, Prometheus, Security, AWS WAF, AWS CloudMap, Retrieval-augmented Generation (RAG), Generative Artificial Intelligence (GenAI), AI Chatbots, Amazon GuardDuty, Amazon EventBridge, Serverless

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring