David Sumsky
Verified Expert in Engineering
AWS Cloud Developer
Prague, Czech Republic
Toptal member since October 11, 2019
David is a cloud enthusiast, enabling organizations to develop on AWS successfully. He holds AWS Solutions Architect Professional and AWS Certified Security Specialty certifications. He specializes in architecting secure, highly available, scalable, and cost-effective cloud solutions. David works closely with clients to define ideas and deliver cloud-ready solutions with a focus on DevOps, CI/CD, and automation tooling.
Portfolio
Experience
Availability
Preferred Environment
Linux
The most amazing...
...thing I've designed was a highly available and scalable SaltStack architecture on AWS, which manages thousands of salt minions.
Work Experience
AWS Consultant
Alpsee Limited (via Toptal)
- Consulted and designed AWS ECS infrastructure hosting derivative trading software.
- Designed infrastructure automation using AWS CloudFormation.
- Identified infrastructure pain points, provided guidance how to remove them and how to establish best practice AWS environment.
DevOps Engineer
Mobeezio (via Toptal)
- Designed and implemented a production-ready and scalable Kubernetes/AWS EKS infrastructure hosting a mobile application.
- Conducted load testing with Artillery and analyzed the results to optimize the infrastructure.
- Automated the infrastructure deployment with Terraform Enterprise, CircleCI, and Weave Flux.
- Secured a CircleCI CI/CD pipeline with vulnerability scanning and Dockerfile linting to name a few.
- Took care of the AWS public cloud optimal and secure usage.
AWS Developer
SAP/Concur
- Designed and implemented a provisioning framework that automates multi-account AWS environment creation following best-practices blueprints and recommended guardrails.
- Designed and implemented a serverless testing framework to perform smoke-testing of multi-account AWS environments.
- Worked with application teams to migrate from manually deployed on-premise products to fully automated multi-tenant cloud-based solutions.
- Worked within an agile/scrum environment with two weeks iterations with team members in different time zones.
- Evangelized the AWS platform and full-stack usage of AWS services within the organization.
- Took care of and developed a previous generation of the AWS environment.
Cloud Engineer
Barclays/ABSA
- Developed a serverless DNS system to dynamically register and address AWS EC2 and ELB resources with custom host names and domain suffixes.
- Built Terraform modules to provision a private and secure docker-registry service.
- Constructed Terraform modules to simplify the configuration of AWS SSM Patch Manager.
Cloud Automation engineer
Infor
- Evaluated available configuration management systems to choose a suitable one for internal use.
- Designed and implemented a SaltStack infrastructure service on top of AWS to configure EC2-based workloads.
- Led the SaltStack adoption within the organization, mentored teams, and defined best-practices on how to use it.
- Developed a serverless "limit checker" service to monitor AWS service limits.
- Built a "Linux patch" service on top of AWS to patch CentOS and OEL Linux-based EC2 instances.
- Created a serverless "scheduler" service to perform common AWS management tasks like backup, EC2 auto-stop/start, EBS snapshot expiration, and so on.
- Designed and implemented a "Linux golden images build and distribution" service to bake custom CentOS and OEL AMIs and to distribute them within the organisation's AWS accounts.
- Worked with application teams. Ensured that applications were designed properly for interacting with AWS, defined technical requirements, and wrote end-to-end automation to deploy them in AWS.
- Oversaw resource usage and cost optimization strategies across multiple AWS accounts.
- Designed, implemented, and deployed various cloud infrastructure services for AWS.
Unix Engineer
Deutsche Boerse
- Implemented a Red Hat satellite infrastructure to replace legacy kickstart/build servers.
- Designed and built a high-performant trading infrastructure on Dell servers.
- Hardened the security of the trading infrastructure.
- Designed and built virtualized SunGard Front Arena infrastructure on Dell blades and EqualLogic disk arrays.
Unix/Linux Engineer
Freelance Work
- Provided Unix/Linux platform consultancy services and support.
- Designed, implemented, and maintained Linux systems running web-hosting services (LAMP stack) and server-based applications (Postfix, Squid, OpenVPN, BIND, iptables, Samba, and more).
- Resolved customer issues with the Linux/Unix systems.
Experience
Mobeezio — Scalable Kuberenetes/EKS Infrastructure
Based on load-testing performed with Artillery and performance metrics analysis, the infrastructure was tuned with cloud-native auto-scaling, horizontal pods scaling, and cluster over-provisioning to mitigate cluster auto-scaling latencies. Further recommendations were given on how to optimize the application itself.
Finally, we improved the CircleCI CI/CD pipeline (which was delivering Docker images for the application) by implementing Docker image vulnerability scanning and Dockerfile linting to improve the overall security of the infrastructure.
SAP/Concur — AWS Environment Provisioning Framework
The environment is a set of interconnected AWS accounts hosting apps and tools with following settings:
• AWS VPC with the network setup including VPC Peering connections, subnets, SGs and NACLs
• AWS CloudTrail and Config with visibility into users and resources activity
• AWS IAM with a set of roles and policies and identity federation
• AWS Organizations to manage accounts creation and their cost
• Integration with third-party tools like Evident.io, Okta, CloudHealth
• Centralized shipping logs to a central logging account
• Interface for app provisioning
• Tagging of resources
Framework Features:
• Scalable and delivers an environment in a few minutes
• Automated with Sceptre, AWS CloudFormation, Python/Boto 3, and Jenkins pipelines
• Follows the IaC paradigm
• Reproducible and extensible
SAP/Concur — AWS Environment Testing Framework
The framework is based on AWS Lambda and Step Functions services, which are orchestrating the execution of smoke tests. A smoke test is represented by a CloudFormation template, which is declaring execution of related "atomic" tests (e.g., internet access through an HTTP proxy, connectivity over VPC Peering connections, AWS CloudTrail/VPC Flow Logs events, security groups that are allow required connectivity, and more).
When a stack is created from the template, an AWS EC2 instance is launched, or an AWS Lambda function is invoked to initiate smoke testing. Test results are reported by CloudFormation signals and test dependencies and their status is driven by AWS Step Functions. Notifications are sent to SQS queues, processed, and forwarded to Slack channels.
Framework Features:
• Completely serverless
• Automated with AWS CloudFormation, Step Function, Lambda, and Python/Boto 3
• Plugged into multi-account AWS environment delivery pipelines
Infor — SaltStack Infrastructure
When the evaluation phase was finished and SaltStack was chosen, the client needed to build a highly resilient SaltStack infrastructure that could run in every cloud environment. The infrastructure was managing thousands of salt minions/EC2 instances in the master and masterless modes.
The overall infrastructure provides
• Automation of highly-available SaltStack masters
• Standardized provisioning and configuration of salt minions on EC2 instances
• Custom state, execution, and pillar modules
The infrastructure is automated with AWS CloudFormation and Python/Boto 3 and leverages AWS services like EC2, ASG, S3, and DynamoDB.
Infor — AWS Limit Checker Service
The solution is based on a set of AWS Lambda functions written in Python to monitor AWS services limits with the "awslimitchecker" tool. This tool takes care of hard-coded limits, API-based limits and data from Trusted Advisor.
It provides:
• More granular alerting
• AWS SNS-based alerting
• Limits tracking with AWS DynamoDB data back end
• Automatic support cases opening to increase some limits
Infor — Linux Golden Image Build and Distribution Service
The solution defines automated build process of AMIs for CentOS and OEL which includes:
• Custom configuration of system and services
• Installation of predefined and custom packages
• Installation of security patches
• Security hardening based on CIS benchmarks
• Installation of ENI drivers
• HVM/PV AMIs generation
• AMIs distribution from the build environment to the rest of the environments
The whole process is automated with SaltStack and Jenkins pipelines where any code-change commit then triggers a dry-run build to validate the build process. Once a month, a full build is executed to build new AMIs and to distribute them.
Infor — Java Application Server Automation (Internal App)
The final solution defines:
• Infrastructure as code based on AWS CloudFormation
• Highly-available and scalable infrastructure based on AWS AutoScaling groups and Elastic Load Balancers with deep health-checks
• Installation and configuration process which is abstracted with SaltStack and set of PowerShell scripts
• Patches and updates are distributed with AWS CodeDeploy
• Logging and monitoring facilities are integrated with Sumo Logic
Education
Master's Degree in Applied Informatics
Masaryk University - Brno, Czech Republic
Certifications
AWS Certified Solutions Architect — Professional
Amazon Web Services
AWS Certified Security — Specialty
Amazon Web Services
AWS Certified Developer Associate
AWS
AWS Certified Solutions Architect Associate
AWS
Skills
Tools
Boto 3, Terraform, AWS CloudFormation, AWS IAM, Amazon Virtual Private Cloud (VPC), AWS CLI, AWS Step Functions, Amazon EKS, GitLab CI/CD, Jenkins, GitLab, Git, AWS SDK, GitHub, SaltStack, Jira, VMware, Squid, Iptables, CircleCI, Artillery, AWS Fargate, Amazon ElastiCache, Ansible
Languages
Python, Bash Script, Bash, PHP, SQL
Paradigms
DevOps, Automation, Serverless Architecture, REST, Continuous Deployment, Scrum, Microservices, Continuous Integration (CI), Continuous Delivery (CD), Agile, Load Testing
Platforms
Linux, Docker, Amazon Web Services (AWS), AWS Lambda, Kubernetes, Unix, Ubuntu, Red Hat Linux, Solaris, LAMP, Windows
Storage
Amazon S3 (AWS S3), Redshift, MySQL, PostgreSQL
Other
Cloud Migration, AWS DevOps, AWS Certified Solution Architect, AWS Cloud Architecture, TCP/IP, Infrastructure as Code (IaC), Data Analytics, Containerization, IT Infrastructure, Scaling, Security, Unix/Linux Virtualization, Containers, GitOps, Serverless, ECS, Identity & Access Management (IAM), LB, Bitbucket Pipelines, Relational Database Services (RDS)
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring