Bishoy Sefen
Verified Expert in Engineering
Software Developer
Dubai, United Arab Emirates
Toptal member since January 16, 2020
Bishoy is an innovative DevOps, DevSecOps, and software engineer with 8+ years of technical experience designing, implementing, securing, and managing CI/CD workflows, infrastructure, and microservices. He has deep experience with Kubernetes, cloud platforms (AWS), Linux-based systems, and cybersecurity. Bishoy is passionate about keeping up with new technologies and building efficient and reliable solutions.
Portfolio
Experience
Availability
Preferred Environment
Amazon Web Services (AWS), Kubernetes, DevSecOps, Cloud Security
The most amazing...
...things I've built were dynamic/ephemeral test environments for an IoT data platform running on AWS/EKS, which accelerated development and reduced released bugs.
Work Experience
Senior DevSecOps Freelancer
Freelance Clients
- Fully covered and managed all resources across AWS, Cloudflare, Datadog, and Okta with Terraform. Migrated and standardized all CI/CD workflows from Jenkins to GitHub workflows.
- Unified accesses through Okta and integrated it with AWS SSO, QuickSight, K8s dashboards, Cloudflare, and GitHub.
- Set up Cloudflare's Zero Trust network to secure internet access for employees and authorize access to the VPCs on AWS.
- Implemented role-based access control and encryption at rest for all persistent services: ElastiCache/Redis, RDS/Postgres, Elasticsearch, RabbitMQ, and S3.
- Configured AWS security services: CloudTrail, GuardDuty, Inspector, WAFV2, and Config. Used SSM for authorizing and auditing access to EC2.
- Automated node rotation for the EKS clusters to use the latest AMIs while guaranteeing no downtime. This way, worker nodes always had the latest security patches.
- Leveraged KEDA auto-scaler to right-size the K8s deployments based on RabbitMQ metrics, including combined queue sizes.
- Integrated anti-virus scanning using ClamAV as part of user-initiated file uploads to S3.
- Set up monitoring, alerts, and centralized logs with CloudWatch and Datadog (migrated from New Relic).
- Developed tooling (in Python) to sync configs (secret/non-secret) to the AWS parameter store. All configs would be stored in Git, and KMS would encrypt secret files with the help of SOPS.
Senior DevOps Engineer
KONUX
- Embedded vulnerability scans in CI pipelines for both application-level dependencies and container OS packages using OWASP Dependency-Track.
- Set up AWS IoT MQTT message broker and authentication/authorization through IAM and client certificates.
- Deployed Airflow over EKS and assisted with Amazon EMR and AWS Glue set up.
- Set up AWS RDS (PostgreSQL) and Elasticsearch with controlled network access and IAM authentication.
- Exposed back-end microservices running on EKS via an API gateway, with Amazon Cognito handling the authentication. Additionally, used CloudFront CDN to serve the front end stored in S3.
- Created on-demand sandbox environments with Spinnaker, Jenkins, and Terraform, which enabled developers and QEs to isolate new feature changes, test them thoroughly, and perform repeatable performance tests.
- Set up, hardened, and maintained the EKS and Kubernetes clusters. Managed accesses, resources, autoscaling, and availability of the services running within, all through Terraform.
- Introduced infrastructure as code (IaC) using Terraform, with which the existing infrastructure was imported and managed.
- Implemented CI/CD pipelines using Jenkins and Spinnaker, both modularly and with self-service.
DevOps Engineer
ACI Worldwide GmbH
- Set up on-demand testing environments using Kubernetes and Docker.
- Automated the generation of ModSecurity WAF rules whitelisting all the application's public endpoints, along with their deployment to Apache.
- Automated releases with Ansible and Jenkins, where the pipeline would release each project, run the QA jobs, and roll back in case of issues.
- Stabilized Jenkins builds through containerization. Docker Compose was used to start the container build process along with the required services.
Software Engineer
PAY.ON GmbH
- Improved CI builds to enforce quality and security standards with static code analysis, duplication check, and test coverage rules.
- Integrated Ethoca Alerts into the platform by implementing two independent microservices and refactored common logic into separate libraries, simplifying the development of new microservices.
- Provided secure coding for features along with writing automated tests and peer code reviews.
Experience
Kubernetes HA PostgreSQL
https://github.com/bishoybassem/k8s-ha-postgresAWS Jenkins
https://github.com/bishoybassem/aws-jenkinsEducation
Master's Degree in Computer Science and Engineering
German University in Cairo - Cairo, Egypt
Certifications
AWS Certified Security — Specialty
Amazon Web Services
CKS: Certified Kubernetes Security Specialist
The Linux Foundation
Certified DevSecOps Professional (CDP)
Practical DevSecOps
VMware Spring Professional 2021
VMware
CKA: Certified Kubernetes Administrator
The Linux Foundation
AWS Certified DevOps Engineer – Professional
AWS
CKAD: Certified Kubernetes Application Developer
The Linux Foundation
Skills
Libraries/APIs
Node.js
Tools
Helm, Terraform, Jenkins, Gradle, GitHub, Amazon EKS, Amazon ElastiCache, Amazon CloudFront CDN, AWS Key Management Service (KMS), Amazon Elastic MapReduce (EMR), Amazon CloudWatch, Bitbucket, Apache Tomcat, Ansible, Artifactory, RabbitMQ, NGINX, Apache Airflow, SonarCloud, ClamAV, MQTT, Splunk, Vault, Gerrit, VMware vSphere, Travis CI, AWS IAM, Amazon Elastic Container Service (ECS)
Languages
Java, Python, Bash, SQL
Frameworks
Spring, Selenium
Paradigms
DevOps, DevSecOps
Platforms
Spinnaker, Kubernetes, Docker, Amazon Web Services (AWS), Amazon EC2, Linux, Unix, AWS ALB, AWS Lambda, New Relic
Storage
Amazon S3 (AWS S3), PostgreSQL, Datadog, Redis, Elasticsearch
Other
Software Development, Cloud Security, Cloudflare, AWS DevOps, Amazon RDS, Karpenter, AWS Cloud Architecture, Infrastructure as Code (IaC), CI/CD Pipelines, Monitoring, Cost Reduction & Optimization (Cost-down), Amazon API, Serverless, OWASP, Okta, Networking, Vulnerability Management, Consul, HAProxy, Prometheus, Identity & Access Management (IAM)
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring