David Sumsky, Developer in Prague, Czech Republic
David is available for hire
Hire David

David Sumsky

Verified Expert  in Engineering

Bio

David is a cloud enthusiast, enabling organizations to develop on AWS successfully. He holds AWS Solutions Architect Professional and AWS Certified Security Specialty certifications. He specializes in architecting secure, highly available, scalable, and cost-effective cloud solutions. David works closely with clients to define ideas and deliver cloud-ready solutions with a focus on DevOps, CI/CD, and automation tooling.

Portfolio

Alpsee Limited (via Toptal)
Amazon Web Services (AWS), PHP, Bitbucket Pipelines, Amazon ElastiCache, LB...
Mobeezio (via Toptal)
Amazon Web Services (AWS), Load Testing, Security, Artillery, GitLab CI/CD...
SAP/Concur
Amazon Web Services (AWS), Git, Bash, Boto 3, Python, Continuous Delivery (CD)...

Experience

Availability

Part-time

Preferred Environment

Linux

The most amazing...

...thing I've designed was a highly available and scalable SaltStack architecture on AWS, which manages thousands of salt minions.

Work Experience

AWS Consultant

2020 - 2020
Alpsee Limited (via Toptal)
  • Consulted and designed AWS ECS infrastructure hosting derivative trading software.
  • Designed infrastructure automation using AWS CloudFormation.
  • Identified infrastructure pain points, provided guidance how to remove them and how to establish best practice AWS environment.
Technologies: Amazon Web Services (AWS), PHP, Bitbucket Pipelines, Amazon ElastiCache, LB, AWS Fargate, Relational Database Services (RDS), Identity & Access Management (IAM), ECS, AWS CloudFormation

DevOps Engineer

2019 - 2020
Mobeezio (via Toptal)
  • Designed and implemented a production-ready and scalable Kubernetes/AWS EKS infrastructure hosting a mobile application.
  • Conducted load testing with Artillery and analyzed the results to optimize the infrastructure.
  • Automated the infrastructure deployment with Terraform Enterprise, CircleCI, and Weave Flux.
  • Secured a CircleCI CI/CD pipeline with vulnerability scanning and Dockerfile linting to name a few.
  • Took care of the AWS public cloud optimal and secure usage.
Technologies: Amazon Web Services (AWS), Load Testing, Security, Artillery, GitLab CI/CD, CircleCI, Terraform, Relational Database Services (RDS), Kubernetes, Amazon EKS

AWS Developer

2018 - 2019
SAP/Concur
  • Designed and implemented a provisioning framework that automates multi-account AWS environment creation following best-practices blueprints and recommended guardrails.
  • Designed and implemented a serverless testing framework to perform smoke-testing of multi-account AWS environments.
  • Worked with application teams to migrate from manually deployed on-premise products to fully automated multi-tenant cloud-based solutions.
  • Worked within an agile/scrum environment with two weeks iterations with team members in different time zones.
  • Evangelized the AWS platform and full-stack usage of AWS services within the organization.
  • Took care of and developed a previous generation of the AWS environment.
Technologies: Amazon Web Services (AWS), Git, Bash, Boto 3, Python, Continuous Delivery (CD), Continuous Integration (CI), Jenkins, Linux

Cloud Engineer

2017 - 2018
Barclays/ABSA
  • Developed a serverless DNS system to dynamically register and address AWS EC2 and ELB resources with custom host names and domain suffixes.
  • Built Terraform modules to provision a private and secure docker-registry service.
  • Constructed Terraform modules to simplify the configuration of AWS SSM Patch Manager.
Technologies: Amazon Web Services (AWS), Git, Bash, Boto 3, Python, Ansible, Terraform, Docker, Jenkins, Linux

Cloud Automation engineer

2013 - 2017
Infor
  • Evaluated available configuration management systems to choose a suitable one for internal use.
  • Designed and implemented a SaltStack infrastructure service on top of AWS to configure EC2-based workloads.
  • Led the SaltStack adoption within the organization, mentored teams, and defined best-practices on how to use it.
  • Developed a serverless "limit checker" service to monitor AWS service limits.
  • Built a "Linux patch" service on top of AWS to patch CentOS and OEL Linux-based EC2 instances.
  • Created a serverless "scheduler" service to perform common AWS management tasks like backup, EC2 auto-stop/start, EBS snapshot expiration, and so on.
  • Designed and implemented a "Linux golden images build and distribution" service to bake custom CentOS and OEL AMIs and to distribute them within the organisation's AWS accounts.
  • Worked with application teams. Ensured that applications were designed properly for interacting with AWS, defined technical requirements, and wrote end-to-end automation to deploy them in AWS.
  • Oversaw resource usage and cost optimization strategies across multiple AWS accounts.
  • Designed, implemented, and deployed various cloud infrastructure services for AWS.
Technologies: Amazon Web Services (AWS), Jira, Git, Bash, Boto 3, Python, Docker, Security, SaltStack, Continuous Delivery (CD), Continuous Integration (CI), Jenkins, Linux

Unix Engineer

2011 - 2013
Deutsche Boerse
  • Implemented a Red Hat satellite infrastructure to replace legacy kickstart/build servers.
  • Designed and built a high-performant trading infrastructure on Dell servers.
  • Hardened the security of the trading infrastructure.
  • Designed and built virtualized SunGard Front Arena infrastructure on Dell blades and EqualLogic disk arrays.
Technologies: VMware, Bash, Solaris, Red Hat Linux, Linux

Unix/Linux Engineer

2006 - 2013
Freelance Work
  • Provided Unix/Linux platform consultancy services and support.
  • Designed, implemented, and maintained Linux systems running web-hosting services (LAMP stack) and server-based applications (Postfix, Squid, OpenVPN, BIND, iptables, Samba, and more).
  • Resolved customer issues with the Linux/Unix systems.
Technologies: Bash, Iptables, Squid, LAMP, Red Hat Linux, Linux, Unix

Mobeezio — Scalable Kuberenetes/EKS Infrastructure

The client required a production-ready, scalable Kubernetes infrastructure to host a mobile application API layer. It was running on an AWS EKS service provisioned with Terraform modules and delivered through the Terraform enterprise platform.

Based on load-testing performed with Artillery and performance metrics analysis, the infrastructure was tuned with cloud-native auto-scaling, horizontal pods scaling, and cluster over-provisioning to mitigate cluster auto-scaling latencies. Further recommendations were given on how to optimize the application itself.

Finally, we improved the CircleCI CI/CD pipeline (which was delivering Docker images for the application) by implementing Docker image vulnerability scanning and Dockerfile linting to improve the overall security of the infrastructure.

SAP/Concur — AWS Environment Provisioning Framework

The client needed a solution that helps to quickly set up a multi-account AWS environment based on best practices and with recommended guardrails in place. It provided a baseline configuration to get started with a multi-account architecture, identity, and access management, governance, data security, network design, and logging. The solution overcomes the limitations of previous AWS solutions based on multi-tenant accounts.

The environment is a set of interconnected AWS accounts hosting apps and tools with following settings:
• AWS VPC with the network setup including VPC Peering connections, subnets, SGs and NACLs
• AWS CloudTrail and Config with visibility into users and resources activity
• AWS IAM with a set of roles and policies and identity federation
• AWS Organizations to manage accounts creation and their cost
• Integration with third-party tools like Evident.io, Okta, CloudHealth
• Centralized shipping logs to a central logging account
• Interface for app provisioning
• Tagging of resources

Framework Features:
• Scalable and delivers an environment in a few minutes
• Automated with Sceptre, AWS CloudFormation, Python/Boto 3, and Jenkins pipelines
• Follows the IaC paradigm
• Reproducible and extensible

SAP/Concur — AWS Environment Testing Framework

To increase the stability of multi-account AWS environments, the client needed a testing framework that performs smoke-testing of the newly set up environment before it is handed over to end-users.

The framework is based on AWS Lambda and Step Functions services, which are orchestrating the execution of smoke tests. A smoke test is represented by a CloudFormation template, which is declaring execution of related "atomic" tests (e.g., internet access through an HTTP proxy, connectivity over VPC Peering connections, AWS CloudTrail/VPC Flow Logs events, security groups that are allow required connectivity, and more).

When a stack is created from the template, an AWS EC2 instance is launched, or an AWS Lambda function is invoked to initiate smoke testing. Test results are reported by CloudFormation signals and test dependencies and their status is driven by AWS Step Functions. Notifications are sent to SQS queues, processed, and forwarded to Slack channels.

Framework Features:
• Completely serverless
• Automated with AWS CloudFormation, Step Function, Lambda, and Python/Boto 3
• Plugged into multi-account AWS environment delivery pipelines

Infor — SaltStack Infrastructure

The client required a suitable configuration management system to streamline Linux and Windows-based application deployments in the AWS cloud.

When the evaluation phase was finished and SaltStack was chosen, the client needed to build a highly resilient SaltStack infrastructure that could run in every cloud environment. The infrastructure was managing thousands of salt minions/EC2 instances in the master and masterless modes.

The overall infrastructure provides
• Automation of highly-available SaltStack masters
• Standardized provisioning and configuration of salt minions on EC2 instances
• Custom state, execution, and pillar modules

The infrastructure is automated with AWS CloudFormation and Python/Boto 3 and leverages AWS services like EC2, ASG, S3, and DynamoDB.

Infor — AWS Limit Checker Service

The client required a tool for comprehensive AWS service limits and usage monitoring and reporting. Native AWS tools like Trusted Advisor provides a subset of AWS limits and only give weekly alerts.

The solution is based on a set of AWS Lambda functions written in Python to monitor AWS services limits with the "awslimitchecker" tool. This tool takes care of hard-coded limits, API-based limits and data from Trusted Advisor.

It provides:
• More granular alerting
• AWS SNS-based alerting
• Limits tracking with AWS DynamoDB data back end
• Automatic support cases opening to increase some limits

Infor — Linux Golden Image Build and Distribution Service

The client required a custom solution to build and distribute Linux golden images into a customer's cloud environments.

The solution defines automated build process of AMIs for CentOS and OEL which includes:
• Custom configuration of system and services
• Installation of predefined and custom packages
• Installation of security patches
• Security hardening based on CIS benchmarks
• Installation of ENI drivers
• HVM/PV AMIs generation
• AMIs distribution from the build environment to the rest of the environments

The whole process is automated with SaltStack and Jenkins pipelines where any code-change commit then triggers a dry-run build to validate the build process. Once a month, a full build is executed to build new AMIs and to distribute them.

Infor — Java Application Server Automation (Internal App)

The client needed us to design and implement a cloud-ready automated deployment of a Java-based middleware system running on Windows and Linux in AWS.

The final solution defines:
• Infrastructure as code based on AWS CloudFormation
• Highly-available and scalable infrastructure based on AWS AutoScaling groups and Elastic Load Balancers with deep health-checks
• Installation and configuration process which is abstracted with SaltStack and set of PowerShell scripts
• Patches and updates are distributed with AWS CodeDeploy
• Logging and monitoring facilities are integrated with Sumo Logic
2000 - 2006

Master's Degree in Applied Informatics

Masaryk University - Brno, Czech Republic

MAY 2020 - MAY 2023

AWS Certified Solutions Architect — Professional

Amazon Web Services

AUGUST 2019 - AUGUST 2022

AWS Certified Security — Specialty

Amazon Web Services

MARCH 2018 - MARCH 2021

AWS Certified Developer Associate

AWS

JULY 2017 - MAY 2023

AWS Certified Solutions Architect Associate

AWS

Tools

Boto 3, Terraform, AWS CloudFormation, AWS IAM, Amazon Virtual Private Cloud (VPC), AWS CLI, AWS Step Functions, Amazon EKS, GitLab CI/CD, Jenkins, GitLab, Git, AWS SDK, GitHub, SaltStack, Jira, VMware, Squid, Iptables, CircleCI, Artillery, AWS Fargate, Amazon ElastiCache, Ansible

Languages

Python, Bash Script, Bash, PHP, SQL

Paradigms

DevOps, Automation, Serverless Architecture, REST, Continuous Deployment, Scrum, Microservices, Continuous Integration (CI), Continuous Delivery (CD), Agile, Load Testing

Platforms

Linux, Docker, Amazon Web Services (AWS), AWS Lambda, Kubernetes, Unix, Ubuntu, Red Hat Linux, Solaris, LAMP, Windows

Storage

Amazon S3 (AWS S3), Redshift, MySQL, PostgreSQL

Other

Cloud Migration, AWS DevOps, AWS Certified Solution Architect, AWS Cloud Architecture, TCP/IP, Infrastructure as Code (IaC), Data Analytics, Containerization, IT Infrastructure, Scaling, Security, Unix/Linux Virtualization, Containers, GitOps, Serverless, ECS, Identity & Access Management (IAM), LB, Bitbucket Pipelines, Relational Database Services (RDS)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring