Verified Expert in Engineering
Cloud Security Developer
Aron is a DevOps engineer with 12+ years of experience in industries with strict compliance requirements such as healthcare, finance, and HR. He focuses on automating and securing infrastructures within the cloud and on-premises, using industry-standard tooling. Aron studied, lived, and worked in NYC and several European countries, contributing to companies ranging from small businesses through startups of various sizes to global financial firms.
Ansible, Amazon Web Services (AWS), Terraform, DevOps, System Administration, Python, Cloud Security, Azure, DevSecOps
The most amazing...
...project I've worked on involved developing identity federation automation across multiple AWS accounts in an ever-growing highly sensitive environment.
Vice President of Security Operations
- Modernized operational workflows to leverage Infrastructure-as-Code concepts and use automation according to SDLC best practices.
- Drove the agile transformation by bridging the gap between engineering and operations in a strictly regulated environment.
- Developed a lightweight modular health-check monitoring system to increase visibility into the team’s products across environments.
- Evangelized DevOps and automation practices and trained team in automation tooling.
- Automated the heavy operational burden of legacy infrastructure using Ansible, reducing errors, deployment time, and MTTR.
Senior Security Engineer
- Built and deployed automated remediation functions for common vulnerabilities and misconfigurations.
- Deployed and evaluated security solutions for Kubernetes while formulating company-wide standards.
- Developed and automated the company-wide multi-account AWS security strategy by implementing federation, effectively enabling scaling from one AWS account to dozens while decreasing risk company-wide.
- Automated infrastructure security change management and the review process, removing security as a blocker from a highly dynamic cloud environment.
- Incorporated security testing into built pipelines for operating system images and containers.
Senior Site Reliability Engineer
- Architected and deployed the self-hosted Elastic Cloud Enterprise, removing management burden from several engineering teams.
- Automated and streamlined daily operations using AWS Lambda.
- Migrated and automated a legacy HIPAA compliant infrastructure from Microsoft Azure to AWS.
- Wrote automation tools to enable one-click host provisioning for Linux and Windows instances.
- Collaborated with the infrastructure security team to deploy security tools in a standard cloud-native fashion.
- Migrated an end-of-life server fleet to Ubuntu 16.04 LTS and decommissioned the legacy identity management system by integrating all Linux hosts with Active Directory.
- Developed, automated, and tested business continuity and disaster recovery (BCP/DR) plans for the critical internal engineering infrastructure.
Site Reliability Engineer
- Developed zero downtime deployment and continuous delivery automation for multiple Java and Python developer teams’ applications using Ansible.
- Built and migrated legacy environments with minimal downtime to Rackspace Private Cloud running Openstack. Acted as the lead engineer in the United States with global responsibilities for both US and EU platforms.
- Converted all infrastructure to code using SaltStack, OpenStack Heat, Ansible, and Jenkins.
- Owned the creation of the US technical team and the customer service personnel training for technical tasks.
- Architected a fully high-availability, SOC-2/ISO compliant architecture with data encryption in transit and at rest.
- Fully decoupled infrastructure from services and empowered developers to autonomously build and deploy their end-to-end applications.
- Trained and mentored technical support staff and level-2 cloud operation engineers.
- Built a full-stack automated HIPAA/HITECH compliant AWS infrastructure for a new insurance brokerage agency within a 10-week timeframe using AWS CloudFormation, Git, and Puppet.
- Centralized authentication and authorization of Linux servers using Active Directory for easy management by traditional sysadmins.
- Migrated a legacy disjointed vSphere 4 infrastructure to built highly available DRS clusters on ESXi 5.1 from the ground up.
- Rearchitected office and data center networking and a storage model.
- Devised and implemented a privileged access management system for an expansive and diverse infrastructure.
- Built up an automated DR site and conducted validation tests.
Viva Media, LLC
- Developed and integrated a digital game card download and activation portal using PHP and MySQL for casual game compilations sold at nationwide retail chains like Target, Rite-Aid, and Meijer.
- Migrated the company from a physical to a virtualized infrastructure and rebuilt firewalls and VPN to allow full productivity of globally-spread remote workers.
- Maintained a multi-platform (Windows, macOS, and Unix) office and development environment as well as public web servers like Apache, Nginx, and IIS.
- Worked closely with sales to develop new digital distribution mechanisms using the LAMP stack.
- Provided 24/7 on-site and remote support for the company infrastructure.
- Performed project management and QA responsibilities on mobile application development for Android and iOS.
AWS Multi-account Identity Federation Automation
The environment was used by dozens of teams for a total of over 400 engineers, encompassed over 15 accounts, and grew constantly.
Infrastructure as Code for an Insurance Brokerage Agency
Licensing Automation for a Web Hosting Company Using Ansible and Python
Security Automation for Credentials Rotation Across Physical and Bare-metal Servers
Image-based Deployment Automation with Packerhttp://www.freelancersunion.org
Web App Containerization and Continuous Security Scanning Using Docker and Trivy
Ansible, Terraform, SaltStack, Puppet, Chef, Jenkins, Git, pfSense, Bitbucket, Zabbix, Packer, VMware, Asterisk, AWS CloudFormation, MS Exchange, Apache, NGINX, AWS IAM, Amazon ElastiCache, uWSGI, ELK (Elastic Stack)
Amazon Web Services (AWS), OpenStack, Docker, Azure, New Relic, Linux, Windows Server, KVM, Xen, AWS Lambda, Kubernetes
Bash, Python, PHP, SAML
Cloud Security, Load Balancers, GitHub Actions, Technical Writing, Mathematics, Chemistry, Modeling, Education, Training, System Administration, Foreman, HAProxy, Agile DevOps, Networking, PBX, Amazon RDS, APIs, IPMI, Trivy, Security Testing
MySQL, PostgreSQL, Redis, Datadog
Bachelor's Degree in English
The City College of New York - New York, USA