Andrew Osipov, Developer in Moscow, Russia
Andrew is available for hire
Hire Andrew

Andrew Osipov

Verified Expert  in Engineering

Software Developer

Moscow, Russia

Toptal member since January 5, 2021

Expertise
System AdministrationSystem SecurityLinuxAWS DevOpsCybersecurityGrafana
Bio

Andrew is a highly motivated, versatile, and skilled DevOps and DevSecOps. He's delivered numerous large-scale infrastructure implementations with cost-effective approaches. Andrew excels in high load, availability, and security using AWS, Kubernetes (EKS), and Terraform, and implementing infrastructure-as-code and configuration-as-code approaches. Andrew is also brilliant at managing compliance, security, and company-wide documentation for health and payment data (HIPAA and PCI DSS).

Portfolio

Softpay
Networking, Security, Infrastructure, Linux Administration, AWS DevOps...
Orthodox Union
Networking, Security, Infrastructure, Linux Administration, AWS DevOps...
MDDX Research and Informatics (acquired by Bioclinica)
Performance Testing, Networking, Security, Infrastructure, Linux Administration...

Experience

  • Information Security - 13 years
  • IT Systems Architecture - 10 years
  • DevOps - 7 years
  • DevSecOps - 7 years
  • HIPAA Compliance - 6 years
  • Terraform - 4 years
  • Kubernetes - 3 years

Availability

Part-time

Preferred Environment

Amazon Web Services (AWS), IT Security, CI/CD Pipelines, Linux, HIPAA Compliance, PCI DSS, DevSecOps, DevOps, Terraform, Kubernetes

The most amazing...

...projects I've done were the ones that helped MDDX to be acquired by Bioclinica, after hard work and successful HIPAA and FDA audits.

Work Experience

DevOps and DevSecOps Engineer

2020 - 2020
Softpay
  • Executed PCI-DSS compliant AWS infrastructure-as-code with Terraform, packer, Elasticsearch, Cognito, Inspector, Guardduty, Fluentd, OSSEC, Wazuh, Nginx, many others of the AWS services.
  • Implemented container infrastructure as code and worked with Kubernetes (EKS), Fluentd, Fluent Bit, Istio, and Docker.
  • Accomplished numerous security reviews and hardenings. Implemented secured VPN as code deployed with Terraform (compliant with PCI-DSS, multi-node cluster, and integrated Google MFA).
Technologies: Networking, Security, Infrastructure, Linux Administration, AWS DevOps, AWS Cloud Architecture, Amazon Web Services (AWS), Ansible, PCI DSS, OpenVPN, VPN, IT Security, Amazon EKS, Docker, OSSEC, Amazon Cognito, Fluentd, Elasticsearch, Packer, Information Security, Kubernetes, Terraform, DevSecOps, DevOps

DevOps and DevSecOps Engineer

2019 - 2020
Orthodox Union
  • Developed the modern system architecture and implemented Amazon Web Services and EKS infrastructure.
  • Handled cloud security and compliance configuration for the majority of the services present on AWS (Terraform and CloudFormation).
  • Implemented EKS (local environment with minikube, development, staging, and production clusters) including performance monitoring and event management implementation.
  • Executed Kubernetes security hardenings, role-based access control (RBAC), and secrets management.
  • Implemented CI/CD without downtimes and user's interruptions using CircleCI.
  • Reviewed compliance requirements and mapped them to the current security state; handled PCI, DSS, SAQ, D, and security.
  • Implemented missing security controls, such as vulnerability assessments, VPN, WAF, SSO, secure SDLC, event management, proper roles, access matrix, and others.
Technologies: Networking, Security, Infrastructure, Linux Administration, AWS DevOps, AWS Cloud Architecture, Amazon Web Services (AWS), CI/CD Pipelines, Kubernetes, Web Application Firewall (WAF), OpenVPN, Software Development Lifecycle (SDLC), Burp Suite, Nessus, Okta, CircleCI, AWS CloudFormation, Terraform, Amazon EKS, DevSecOps, DevOps, PCI DSS

DevOps and DevSecOps Engineer

2013 - 2019
MDDX Research and Informatics (acquired by Bioclinica)
  • Led and managed two contractors delegated with the following responsibilities: system operations, 24-hour support, monitoring, HIPAA compliance documentation, and execution of different check-ups.
  • Implemented Amazon Web Services cloud infrastructure including integrating infrastructure-as-code approaches and implementing cloud security and HIPAA compliance (HITECH and FDA 21 CFR PART 11).
  • Executed initial Kubernetes setup sustainable for very high spikes. Configured Kubernetes event management, monitoring, multiple environment, extra security.
  • Integrated vulnerability assessments and fixes, system security hardenings, CIS compliance, security policies, FW, WAF, IPS, HIDS, VPN, integrity controls, file encryptions, security and event management, secure SDLC, and network security.
  • Developed backup plans, business continuity & disaster recovery plans, worked on performance fixes and achieved significant cost optimizations.
  • Implemented numerous custom solutions using Shell and Python scripting; extensively used regular expressions.
Technologies: Performance Testing, Networking, Security, Infrastructure, Linux Administration, AWS DevOps, Kubernetes, AWS Cloud Architecture, Amazon Web Services (AWS), Leadership, Ansible, CI/CD Pipelines, Management, Shell Scripting, Terraform, IT Infrastructure, Vulnerability Assessment, HIPAA Compliance, Information Security, IT Security, DevSecOps, DevOps

Tech and Security Lead

2011 - 2013
ОАО «Электронная Москва
  • Led and managed a small engineering team (2-3 persons); organized the work with more than ten contractors which included assignment tracking, standups, report reviews, action plans, and results tracking.
  • Designed the architecture and implemented the complex subsystems for different enterprise-level projects. (with more than 120 equipment racks and more than 500 bare-metal servers).
  • Implemented various systems including firewalls and VPNs, intrusion prevention, vulnerability assessment, security, information, event management, IAM, and WAF.
  • Performed vulnerability scans and created business continuity, disaster recovery, and backup plans.
Technologies: Performance Testing, Networking, Security, Infrastructure, System Administration, SIEM, Web Application Firewall (WAF), Linux, Business Continuity & Disaster Recovery (BCDR), Information Security, IT Systems Architecture, IT Security, Vendor Management, Management, Leadership

Lead Information Security Specialist

2010 - 2011
CJSC Svyaznoy Bank
  • Implemented and maintained complex IT systems and applications; organized and managed work with about ten contractors.
  • Worked on the bank's compliance; did penetration testings, log analysis, forensic investigations, and reporting. This work resulted in providing the foundation for the new security infrastructure.
  • Implemented various subsystems including firewalls and VPNs, content filtering, proxy, anti-spam, anti-virus, data and access protection systems, and the implementation and integration of security policies.
Technologies: Networking, Security, Infrastructure, PCI DSS, Data Protection, SIEM, Penetration Testing, Vulnerability Assessment, Vendor Management, Management, Security Policies & Procedures, Firewalls, VPN, Information Security, IT Security

Lead Information Security Engineer

2009 - 2010
CJSC Verysell
  • Defined the technical and organizational requirements for IT and information security projects.
  • Designed the architecture for complex information systems.
  • Implemented various setups including firewalls, different Linux environments, different Windows Server setups, HSM, AV protections, Cisco projects, and intrusion detection systems.
Technologies: Networking, Security, Infrastructure, Windows Server, VPN, Intrusion Detection Systems (IDS), Linux, System Administration, IT Systems Architecture, Information Security, IT Security

System Administrator

2008 - 2008
IBS Datafort
  • Implemented various Linux and Windows Server setups.
  • Maintained systems and executed monitoring and event management.
  • Implemented Jira task management which included record-keeping and fixing emergency incidents.
Technologies: Networking, Security, Infrastructure, Windows, Linux, System Administration

Experience

OpenVPN Setup with MFA (Terraform, Ansible, and Packer)

https://github.com/accesskeeper/openvpn-pcidss-terraform
A PCI-DSS-compliant MFA (Google authentication) OpenVPN cluster installation using Packer, Terraform, and AWS Systems Manager (Ansible Playbook).

Steps:
1. Created an AWS AMI image using Packer.
2. Generated offline CA, server, and client keys.
3. Deployed the infrastructure using Terraform, which creates S3 buckets, instances, IAM, security groups, and runs AWS Systems Manager (Ansible Playbook) on the instances.

By default, it creates one master and one slave node. It is possible to slightly adjust the code to create one master and multiple slaves.

Camping Site That Can Handle High-load Spikes

https://campdror.com
One of the numerous projects (all together could be over 50 projects) that I deployed on EKS. PHP, Node.js, Elasticache, and CDN. It contains an API service as well. I implemented CI/CD without any downtime or user interruptions using CircleCI. I also implemented local deployment with Minikube, development, staging. and production clusters.

Terraform, Elasticsearch, and Cognito Project with MFA-compliant PCI-DSS and HIPAA

https://github.com/accesskeeper/pcidss-elasticsearch-vpc-cognito
This project involved Elasticsearch with Cognito authentication deployed via Terraform inside VPC; it is compliant with PCI-DSS and HIPAA.

Two roles were deployed for admin and developer to access various kinds of log streams. It is possible to add more users for example security staff. It has 2-factor authentication configured with phone SMS. so you need to provide your number when you create an incognito new user.

This setup could be used for payment and health data, security, and app data logs.

Education

2004 - 2010

Master's Degree in Information Security

MEPhI | Moscow Engineering and Physics Institute - Moscow, Russia

Skills

Libraries/APIs

Node.js

Tools

Terraform, Packer, Fluentd, OSSEC, Amazon EKS, VPN, OpenVPN, CircleCI, Nessus, Ansible, Shell, Helm, Grafana, NGINX, PHP-FPM, Docker Compose, Splunk, Git, Amazon Cognito, AWS CloudFormation, AWS Systems Manager, GitLab CI/CD, Hyper-V, VMware

Languages

Bash Script, Bash, PHP, SQL, Python

Paradigms

DevOps, DevSecOps, HIPAA Compliance, Penetration Testing, Continuous Delivery (CD), Continuous Integration (CI), Management

Platforms

Kubernetes, Docker, Linux, Windows Server, Windows, Amazon Web Services (AWS), AWS Lambda, Amazon EC2, Unix, Burp Suite, Azure, DigitalOcean

Industry Expertise

Cybersecurity

Storage

MySQL, Amazon S3 (AWS S3), Amazon DynamoDB, Elasticsearch, MongoDB, MSSQLCE, PostgreSQL

Frameworks

Windows PowerShell

Other

Information Security, IT Systems Architecture, System Administration, Network Administration, IT Security, PCI DSS, Web Application Firewall (WAF), Vulnerability Assessment, IT Infrastructure, Shell Scripting, Vendor Management, Business Continuity & Disaster Recovery (BCDR), SIEM, Firewalls, Security Policies & Procedures, Data Protection, Intrusion Detection Systems (IDS), Prometheus, Host-based Intrusion Prevention, HAProxy, Vulnerability Management, AWS Cloud Architecture, Architecture, AWS DevOps, Linux Server Administration, Amazon Cognito User Pools, Linux Administration, Infrastructure, Security, Networking, Scripting, TCP/IP, Okta, Software Development Lifecycle (SDLC), CI/CD Pipelines, OWASP Top 10, Site Reliability Engineering (SRE), Performance Testing, Leadership, Amazon Kinesis

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring