Bishoy Sefen, Developer in Dubai, United Arab Emirates
Bishoy is available for hire
Hire Bishoy

Bishoy Sefen

Verified Expert  in Engineering

Bio

Bishoy is an innovative DevOps, DevSecOps, and software engineer with 8+ years of technical experience designing, implementing, securing, and managing CI/CD workflows, infrastructure, and microservices. He has deep experience with Kubernetes, cloud platforms (AWS), Linux-based systems, and cybersecurity. Bishoy is passionate about keeping up with new technologies and building efficient and reliable solutions.

Portfolio

Freelance Clients
Amazon Web Services (AWS), Kubernetes, Cloudflare, Okta, Datadog, Terraform...
KONUX
Helm, Splunk, Bitbucket, Artifactory, Spinnaker, Jenkins, Java, Python, Bash...
ACI Worldwide GmbH
Apache Tomcat, HAProxy, VMware vSphere, Prometheus, RabbitMQ, PostgreSQL, Vault...

Experience

  • DevOps - 6 years
  • CI/CD Pipelines - 6 years
  • Amazon Web Services (AWS) - 5 years
  • Kubernetes - 5 years
  • DevSecOps - 4 years
  • Python - 4 years
  • Cloud Security - 4 years
  • Terraform - 4 years

Availability

Full-time

Preferred Environment

Amazon Web Services (AWS), Kubernetes, DevSecOps, Cloud Security

The most amazing...

...things I've built were dynamic/ephemeral test environments for an IoT data platform running on AWS/EKS, which accelerated development and reduced released bugs.

Work Experience

Senior DevSecOps Freelancer

2022 - 2023
Freelance Clients
  • Fully covered and managed all resources across AWS, Cloudflare, Datadog, and Okta with Terraform. Migrated and standardized all CI/CD workflows from Jenkins to GitHub workflows.
  • Unified accesses through Okta and integrated it with AWS SSO, QuickSight, K8s dashboards, Cloudflare, and GitHub.
  • Set up Cloudflare's Zero Trust network to secure internet access for employees and authorize access to the VPCs on AWS.
  • Implemented role-based access control and encryption at rest for all persistent services: ElastiCache/Redis, RDS/Postgres, Elasticsearch, RabbitMQ, and S3.
  • Configured AWS security services: CloudTrail, GuardDuty, Inspector, WAFV2, and Config. Used SSM for authorizing and auditing access to EC2.
  • Automated node rotation for the EKS clusters to use the latest AMIs while guaranteeing no downtime. This way, worker nodes always had the latest security patches.
  • Leveraged KEDA auto-scaler to right-size the K8s deployments based on RabbitMQ metrics, including combined queue sizes.
  • Integrated anti-virus scanning using ClamAV as part of user-initiated file uploads to S3.
  • Set up monitoring, alerts, and centralized logs with CloudWatch and Datadog (migrated from New Relic).
  • Developed tooling (in Python) to sync configs (secret/non-secret) to the AWS parameter store. All configs would be stored in Git, and KMS would encrypt secret files with the help of SOPS.
Technologies: Amazon Web Services (AWS), Kubernetes, Cloudflare, Okta, Datadog, Terraform, Bash, GitHub, ClamAV, Python, Amazon EKS, Amazon EC2, Amazon S3 (AWS S3), AWS DevOps, RabbitMQ, Amazon ElastiCache, Amazon RDS, Elasticsearch, Cloud Security, Redis, Networking, Linux, Unix, Karpenter, New Relic, AWS Cloud Architecture, Infrastructure as Code (IaC), CI/CD Pipelines, DevOps, DevSecOps, Monitoring, Vulnerability Management, AWS ALB, Amazon CloudFront CDN, AWS Key Management Service (KMS), Amazon CloudWatch, Cost Reduction & Optimization (Cost-down), OWASP, AWS IAM, Identity & Access Management (IAM)

Senior DevOps Engineer

2020 - 2022
KONUX
  • Embedded vulnerability scans in CI pipelines for both application-level dependencies and container OS packages using OWASP Dependency-Track.
  • Set up AWS IoT MQTT message broker and authentication/authorization through IAM and client certificates.
  • Deployed Airflow over EKS and assisted with Amazon EMR and AWS Glue set up.
  • Set up AWS RDS (PostgreSQL) and Elasticsearch with controlled network access and IAM authentication.
  • Exposed back-end microservices running on EKS via an API gateway, with Amazon Cognito handling the authentication. Additionally, used CloudFront CDN to serve the front end stored in S3.
  • Created on-demand sandbox environments with Spinnaker, Jenkins, and Terraform, which enabled developers and QEs to isolate new feature changes, test them thoroughly, and perform repeatable performance tests.
  • Set up, hardened, and maintained the EKS and Kubernetes clusters. Managed accesses, resources, autoscaling, and availability of the services running within, all through Terraform.
  • Introduced infrastructure as code (IaC) using Terraform, with which the existing infrastructure was imported and managed.
  • Implemented CI/CD pipelines using Jenkins and Spinnaker, both modularly and with self-service.
Technologies: Helm, Splunk, Bitbucket, Artifactory, Spinnaker, Jenkins, Java, Python, Bash, Terraform, Docker, Kubernetes, Amazon Web Services (AWS), Elasticsearch, DevOps, NGINX, Spring, Apache Airflow, SonarCloud, DevSecOps, OWASP, Amazon Elastic MapReduce (EMR), MQTT, AWS Lambda, Amazon CloudFront CDN, Amazon EC2, Amazon EKS, Amazon RDS, Amazon S3 (AWS S3), AWS ALB, AWS Cloud Architecture, AWS DevOps, CI/CD Pipelines, Infrastructure as Code (IaC), Linux, Monitoring, Networking, Unix, Cost Reduction & Optimization (Cost-down), Amazon CloudWatch, Amazon API Gateway, Serverless, AWS IAM, Identity & Access Management (IAM)

DevOps Engineer

2017 - 2020
ACI Worldwide GmbH
  • Set up on-demand testing environments using Kubernetes and Docker.
  • Automated the generation of ModSecurity WAF rules whitelisting all the application's public endpoints, along with their deployment to Apache.
  • Automated releases with Ansible and Jenkins, where the pipeline would release each project, run the QA jobs, and roll back in case of issues.
  • Stabilized Jenkins builds through containerization. Docker Compose was used to start the container build process along with the required services.
Technologies: Apache Tomcat, HAProxy, VMware vSphere, Prometheus, RabbitMQ, PostgreSQL, Vault, Consul, Gerrit, Artifactory, Jenkins, Bash, Terraform, Ansible, Docker, Kubernetes, DevOps, Java, Gradle, Helm, CI/CD Pipelines, Linux, Networking, Unix

Software Engineer

2015 - 2017
PAY.ON GmbH
  • Improved CI builds to enforce quality and security standards with static code analysis, duplication check, and test coverage rules.
  • Integrated Ethoca Alerts into the platform by implementing two independent microservices and refactored common logic into separate libraries, simplifying the development of new microservices.
  • Provided secure coding for features along with writing automated tests and peer code reviews.
Technologies: Gradle, Selenium, SQL, Spring, Java, Jenkins, Software Development, Gerrit

Kubernetes HA PostgreSQL

https://github.com/bishoybassem/k8s-ha-postgres
A proof of concept for a highly available PostgreSQL setup using Consul, HAProxy, and Kubernetes. Helm is used for packaging and installing the solution to Kubernetes. Moreover, a Travis CI build is set up, which installs Minikube, builds the Docker images, deploys the chart, and finally runs integration tests simulating different failure scenarios.

AWS Jenkins

https://github.com/bishoybassem/aws-jenkins
This project sets up an auto-scaling, highly available, and secure Jenkins cluster on AWS using Terraform. The standing feature behind this setup is the automatic scaling of the slaves' EC2 instances based on the build queue size.
2009 - 2015

Master's Degree in Computer Science and Engineering

German University in Cairo - Cairo, Egypt

AUGUST 2022 - AUGUST 2025

AWS Certified Security — Specialty

Amazon Web Services

JANUARY 2022 - JANUARY 2024

CKS: Certified Kubernetes Security Specialist

The Linux Foundation

NOVEMBER 2021 - PRESENT

Certified DevSecOps Professional (CDP)

Practical DevSecOps

MAY 2021 - PRESENT

VMware Spring Professional 2021

VMware

APRIL 2021 - APRIL 2024

CKA: Certified Kubernetes Administrator

The Linux Foundation

OCTOBER 2020 - OCTOBER 2023

AWS Certified DevOps Engineer – Professional

AWS

SEPTEMBER 2019 - SEPTEMBER 2022

CKAD: Certified Kubernetes Application Developer

The Linux Foundation

Libraries/APIs

Node.js

Tools

Helm, Terraform, Jenkins, Gradle, GitHub, Amazon EKS, Amazon ElastiCache, Amazon CloudFront CDN, AWS Key Management Service (KMS), Amazon Elastic MapReduce (EMR), Amazon CloudWatch, Bitbucket, Apache Tomcat, Ansible, Artifactory, RabbitMQ, NGINX, Apache Airflow, SonarCloud, ClamAV, MQTT, Splunk, Vault, Gerrit, VMware vSphere, Travis CI, AWS IAM, Amazon Elastic Container Service (ECS)

Languages

Java, Python, Bash, SQL

Frameworks

Spring, Selenium

Paradigms

DevOps, DevSecOps

Platforms

Spinnaker, Kubernetes, Docker, Amazon Web Services (AWS), Amazon EC2, Linux, Unix, AWS ALB, AWS Lambda, New Relic

Storage

Amazon S3 (AWS S3), PostgreSQL, Datadog, Redis, Elasticsearch

Other

Software Development, Cloud Security, Cloudflare, AWS DevOps, Amazon RDS, Karpenter, AWS Cloud Architecture, Infrastructure as Code (IaC), CI/CD Pipelines, Monitoring, Cost Reduction & Optimization (Cost-down), Amazon API Gateway, Serverless, OWASP, Okta, Networking, Vulnerability Management, Consul, HAProxy, Prometheus, Identity & Access Management (IAM)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring