Emmanuel Chebukati, Developer in Nairobi, Nairobi County, Kenya
Emmanuel is available for hire
Hire Emmanuel

Emmanuel Chebukati

Verified Expert  in Engineering

DevSecOps Engineer and Developer

Nairobi, Nairobi County, Kenya

Toptal member since September 27, 2021

Bio

Emmanuel is a cloud security engineer with experience in systems auditing, application security, and secure cloud deployment. He has delivered sensitive technology projects across the East African region and globally in the public and private sectors. Emmanuel's experience is backed by three Microsoft Azure and two AWS certifications. He is a Certified Ethical Hacker (CEH). Emmanuel holds an MSc in Information Technology from Carnegie Mellon and a BSc from USIU Africa.

Portfolio

Hepta Analytics
PHP, Apache, Linux, Azure, Amazon Virtual Private Cloud (VPC), Amazon EC2...
Freelance
Terraform, GitHub Actions, Github Dependabot, GitHub CLI, GitHub, Azure...
Knowcrunch Inc.
PHP, System Administration, Web Hosting, SQL Server, MySQL, GitHub Actions...

Experience

Availability

Part-time

Preferred Environment

Amazon Web Services (AWS), Azure, Cisco, Office 365, GitLab, NGINX, Kubernetes, Relational Database Services (RDS), Networks, Cloud Security

The most amazing...

...thing I've done was transform the bottle-necked physical IT infrastructure of a fintech to a hybrid cloud that was modern, secure, and easy to administer.

Work Experience

Cloud Security Engineer

2018 - PRESENT
Hepta Analytics
  • Co-founded the company, served as a director, led the IT infrastructure team of three, and led client engagements to define and deliver solutions.
  • Conducted an AWS Well-Architected Framework audit for a financial services firm. The audit identified 46 issues: 11 were categorized as high impact, and their potential remediations were shared with the client for action.
  • Migrated and rebuilt 24 production VMware virtual machine applications for a client and set up a Kubernetes cluster in a hybrid cloud set up with minimal consumer downtime. Set up secure remote access and connectivity between sites.
  • Migrated and maintained a Microsoft stack (IIS connected to SQL Server 2008 with multiple subdomains) from a local VM to Azure (App Services with managed databases). Set up a DevSecOps pipeline for the client with GitHub and swaps.
  • Investigated and responded to a downtime incident at a client's colocation facility. Migrated workloads to the cloud to mitigate the impact and wrote and presented the incident report, which led to the awarding of damages to my client.
  • Set up private email hosting on the client domain for over two dozen mailboxes. Migrated existing Office 365 user email addresses to the new email hosting set up. Designed an email security gateway solution to support multiple cloud solutions.
  • Identified potential risks to the continued operations of processes at a client's site. The risk assessment phase involved identifying risks and mitigation controls, following an identification exercise at the manufacturing plant outlets.
  • Developed a sturdy Android application that can cope with the complex internet connectivity environment to receive audio reports. Deployed a secure dashboard to view, organize, manage, and process case reports.
  • Brainstormed a potential fintech solution for a client and advised on potential challenges and workarounds. Developed and deployed an Android mockup code to demonstrate an initially intended functionality.
Technologies: PHP, Apache, Linux, Azure, Amazon Virtual Private Cloud (VPC), Amazon EC2, VirtualBox, Kubernetes, OpenVPN, Networking, Office 365, Mail Servers, Python, Classic ASP, Apache, Information Security, Cloud Security, VPN, Cloud Architecture, AWS Cloud, Role-based Access Control (RBAC), Azure, Azure Key Vault, Azure Resource Manager (ARM), AWS, DevOps, DevSecOps, Networks, DevOps, Azure DevOps, Docker, Ansible, IT Security, Security, Hybrid Cloud Infrastructure, Deployment, System Security, IT Operations Management (ITOM), On-premise, Architecture, System Administration, Security Design, Code Auditing, AWS DevOps, Disaster Recovery Plans (DRP), Cybersecurity, MySQL/MariaDB, Postman, Kubernetes HorizontalPodAutoscaler (HPA), AWS VPN, AWS Secrets Manager, AWS Auto Scaling, Ubuntu, IT Infrastructure, Proxies, AWS IAM, WordPress Development, Asana, High-availability Linux, Amazon EKS, Security Management, Controls, Security Architecture, Debian, Relational Database Services (RDS), Agile Development, Continuous Integration (CI), CI/CD Pipelines, SQL, PostgreSQL, Grafana, Prometheus, Bash, Amazon API, Sentry, AWS RDS, Amazon S3, Fintech Development, Azure Synapse Analytics, Azure, Azure Container Registry, Azure Container Instances, Azure Files, Azure Kubernetes Service (AKS), Azure Synapse, Azure Functions, MariaDB, Data Centers, Business Continuity, Business Continuity Planning (BCP), Team Leadership, Leadership, Web App Design, X (formerly Twitter) API, IT Audits, IP Networks, Java, AWS, Virtualization, Cloud Storage, Cloud Services, Azure, Multi-factor Authentication (MFA), Azure, Azure Storage, Load Balancers, Azure, Azure Administrator, System Security, Data Security, Cloud Engineering, Data Protection, Reverse Engineering, Cloud Computing, Nginx, Data Loss Prevention (DLP), Istio, AWS Lambda, Monitoring, Windows PowerShell, GitHub, MongoDB

DevSecOps Engineer

2024 - 2024
Freelance
  • Installed the CrowdStrike Falcon sensor agent on Linux and Windows VMs using the Azure CLI to increase coverage of the cloud security posture management tool.
  • Created an Azure Policy to automatically deploy the CrowdStrike Falcon sensor agent on all new Linux VMs. This policy was defined in Terraform and leveraged Azure Key Vault to access relevant API keys for the download and installation.
  • Used GitHub CLI, GitHub Actions, and Dependabot to create an automated weekly report to summarize open Dependabot findings. This formed the basis for prioritizing and investigating possible updates for remediation.
Technologies: Terraform, GitHub Actions, Github Dependabot, GitHub CLI, GitHub, Azure, CrowdStrike

PHP SysAdmin | DevOps Engineer

2024 - 2024
Knowcrunch Inc.
  • Conducted a comprehensive audit of the hosting infrastructure, focusing on server permissions and configurations. Recommended necessary changes to the hosting setup to mitigate downtime and optimize performance.
  • Implemented a GitHub Action-based CI/CD pipeline for the app, following the GitHub flow. Pull requests to "master" resulted in a deployment to the development environment, and deployments to production were one-click triggered.
  • Provisioned a file storage server to store the application's media files. The storage server was mounted appropriately, and symbolic links were set in the application directory to reference the storage server. No downtime or data loss was noted.
  • Set up a new environment to host the application's admin and new-admin platforms. While the monolith was previously hosted on one server, I was able to separate the admin functions from the user functions. Appropriate rewrite rules were configured.
  • Integrated the application with the Jelastic cloud (now Virtuozzo Application Platform) to facilitate the deployment of an archive solution. Implemented pre-deploy and post-deploy hooks to ensure minimal downtime during deployments.
  • Set up database recovery procedures and documentation in line with a recovery time objective (RTO) of 15 minutes and a recovery point objective (RPO) of 24 hours.
  • Troubleshot a problem with the supervisor on the production server, resulting in more reliable Laravel queued jobs.
  • Cleaned up the server's file system by installing a fresh build archive of the application and then progressively adding the required files (e.g., .htaccess, .env, etc.) until all errors were eliminated. Other files were discarded.
  • Implemented limited database access rights for both application and software developers, adhering to the least-privilege principles.
Technologies: PHP, System Administration, Web Hosting, SQL Server, MySQL, GitHub Actions, Laravel, Supervisor, Supervisord, Jelastic, Virtuozzo, Salesforce Design, Monitoring, GitHub

Azure Platform Engineer

2022 - 2023
Wagner Technical Services
  • Prepared, documented, and implemented a plan to migrate from bare metal on-premise Windows servers into the Microsoft Azure cloud ecosystem.
  • Federated user identities from the on-premise Active Directory to Azure Active Directory using the password hash-sync method with Seamless Single Sign-On.
  • Synchronized multiple on-premise SMB file shares to Azure Files via Azure File Sync under a single storage account of one on one share mapping.
Technologies: Azure, Office 365, IT Security, SQL, Azure, Deployment, System Security, IT Operations Management (ITOM), Infrastructure as Code (IaC), IT Infrastructure, Controls, Azure, Azure Files, Azure DevOps, DevOps, Business Continuity, Business Continuity Planning (BCP), Role-based Access Control (RBAC), IP Networks, Networks, VPN, Azure Key Vault, Virtualization, Cloud Storage, Cloud Services, Cloud Security, Azure, Multi-factor Authentication (MFA), Azure, Azure Storage, Load Balancers, Azure, Azure Administrator, System Security, Data Security, Cloud Engineering, Data Protection, Hybrid Cloud Infrastructure, Cloud Computing, Information Security, Data Loss Prevention (DLP), Monitoring, Windows PowerShell

Senior DevOps Engineer

2022 - 2023
Rollee
  • Implemented continuous integration and continuous deployment and delivery (CI/CD) in GitLab for 10+ applications. The pipeline was complete with minimal downtime deployments to ensure customer requests were unaffected during production deployments.
  • Set up Airflow on Kubernetes with the Kubernetes Executor and migrated it from a VM using the SequentialExecutor. Migrated the database to managed database, installed dependencies in the container, and set up CI/CD and git-sync for DAGs.
  • Installed Prometheus for infrastructure and database metrics collection to aid business needs. Installed and secured Grafana to visualize the metrics collected, set up alerts, and created incident runbooks.
  • Migrated a monolith Go application to work and run on Kubernetes. Set up the service, deployment, PVC, ConfigMaps, secrets, and Ingress appropriately. Set up a managed database and NFS provisioner on top of the block storage for ReadWriteMany access.
  • Researched, recommended, and documented an appropriate Git workflow strategy for the company between Gitflow, GitHub flow, and GitLab flow. The recommendation was presented, discussed, and adopted without impacting operations. Implemented GitOps.
  • Implemented Grafana Loki and Promtail as an infrastructure and application logging solution. This enabled the collection of logs and seamless analysis of application and infrastructure logs.
  • Created a CI/CD pipeline for a React and React Native SDK to build and publish to an npm organizational account. Also implemented CI/CD for a Python application project with rollback support in GitLab.
  • Implemented CI/CD with rollback support in GitLab for a monorepo with three applications. The pipeline only ran when changes were reflected in the specific codebase folder.
  • Investigated and identified a shared lock issue on PostgreSQL preventing services from restarting. The problem was a long-running query that was not properly closed, which was placed down to the line of code for a swift resolution.
  • Led the company's technical side through a successful ISO 27001 audit by implementing recommendations, documenting decisions, and defending the company's position.
Technologies: DevOps, Bash, IP Networks, Ubuntu, Python, Linux, IT Infrastructure, Proxies, Prometheus, Grafana, PostgreSQL, Git, GitFlow, CI/CD Pipelines, Continuous Integration (CI), Agile Development, Shell Scripting, Deployment, System Security, IT Operations Management (ITOM), System Administration, Infrastructure as Code (IaC), Terraform, Disaster Recovery Plans (DRP), MySQL/MariaDB, Asana, Postman, Application Security, High-availability Linux, Security Management, Debian, Fintech Development, Docker, DevOps, Business Continuity, Business Continuity Planning (BCP), Team Leadership, Leadership, IT Audits, Networks, VPN, Cloud Storage, Cloud Services, Cloud Security, Multi-factor Authentication (MFA), Load Balancers, System Security, Data Security, Cloud Engineering, Data Protection, Hybrid Cloud Infrastructure, Cloud Computing, Information Security, Nginx, Data Loss Prevention (DLP), Monitoring, Argo CD

LinkedIn Learning Instructor

2021 - 2023
LinkedIn Learning
  • Planned a cybersecurity course on fintech security essentials.
  • Wrote scripts for a cybersecurity course on fintech security essentials.
  • Recorded a cybersecurity course on fintech security essentials.
  • Planned a 14-video course on cybersecurity essentials highlighting the top 10 most commonly reported vulnerabilities in 2022.
  • Wrote scripts and prepared slides for a course on cybersecurity essentials.
  • Recorded a 14-video course on cybersecurity essentials, complete with demos for each video.
Technologies: Fintech Development, Information Security, Cybersecurity, Amazon S3, Amazon EC2, Amazon Virtual Private Cloud (VPC), AWS, VPN, AWS VPN, OpenVPN, AWS RDS, AWS WAF, Sentry, Amazon API, AWS Secrets Manager, Ansible, AWS Auto Scaling, System Security, Lecturing, Application Security, Ubuntu, IT Infrastructure, AWS IAM, Debian, Continuous Integration (CI), Business Continuity Planning (BCP), Training, AWS Cloud, Cloud Architecture, Networks, AWS, Cloud Storage, Cloud Services, Cloud Security, Azure, Load Balancers, System Security, Data Security, Cloud Engineering, Data Protection, PHP, Azure, Hybrid Cloud Infrastructure, Cloud Computing, Monitoring, GitHub

DevSecOps Engineer

2022 - 2022
Freelance
  • Resolved a burst traffic issue on an Azure Kubernetes Service (AKS) cluster using a HorizontalPodAutoscaler (HPA) and a Cluster Autoscaler.
  • Researched and recommended an appropriate cloud-native data volume for Azure Kubernetes Services (AKS) that supports concurrent access across multiple pods and horizontal scalability.
  • Architected a cloud-native infrastructure with the Web-Queue-Worker style for a new scalable, secure, resilient, and highly available application, which supports multi-tenant clients.
  • Deployed a Web-Queue-Worker sample infrastructure architecture and demonstrated how the client would transition into a big data architecture using Azure Synapse Analytics and other tools.
Technologies: Kubernetes, Docker, Nginx, MySQL, MariaDB, DevOps, DevSecOps, Azure Functions, Azure Synapse, Azure Kubernetes Service (AKS), Azure Files, Azure Storage, Azure, Kubernetes HorizontalPodAutoscaler (HPA), Azure Container Instances, Azure Container Registry, Azure, Azure Synapse Analytics, Linux, Deployment, IT Operations Management (ITOM), Architecture, Security Design, Cybersecurity, Postman, Ubuntu, IT Infrastructure, Security Management, Debian, Continuous Integration (CI), CI/CD Pipelines, Azure DevOps, DevOps, IP Networks, Networks, Azure Key Vault, Cloud Services, Cloud Security, Azure, Azure, Load Balancers, Azure Administrator, System Security, Data Security, Cloud Engineering, Data Protection, PHP, Cloud Computing, Information Security, AWS Lambda, Monitoring, GitHub

Security Trainer

2019 - 2022
e.KRAAL Innovation Hub
  • Taught the National Cybersecurity Training Program (NCSTP) third cohort of 20 trainees on cloud security, featuring 30+ hours of live, practical content, and nine practical labs on Azure, delivered over five days.
  • Taught the NCSTP first cohort of 40 trainees on critical information infrastructure protection (CIIP), featuring 24+ hours of live, practical content, and five practical labs on AWS, delivered over four days.
  • Received overwhelmingly positive reviews for each training performed.
Technologies: Training, Azure, AWS, Ansible, IT Security, Security, Hybrid Cloud Infrastructure, System Security, Lecturing, Disaster Recovery Plans (DRP), Cybersecurity, Application Security, Ubuntu, IT Infrastructure, Proxies, AWS IAM, Security Management, Debian, Relational Database Services (RDS), Continuous Integration (CI), Amazon API, Docker, DevOps, Business Continuity Planning (BCP), Team Leadership, Leadership, AWS Cloud, Cloud Architecture, IP Networks, Networks, VPN, AWS, Virtualization, Cloud Storage, Cloud Services, Cloud Security, Azure, Load Balancers, Azure, System Security, Data Security, Cloud Engineering, Data Protection, PHP, Cloud Computing, Information Security, Nginx, Data Loss Prevention (DLP), Monitoring

Systems Developer

2015 - 2016
Nature Surf Systems
  • Designed and deployed bespoke IT infrastructure focused on security. This included wildcard SSL certificates, strong SSL cipher suites, reverse proxies and load balancers, remote access VPNs, and site-to-site VPNs.
  • Led the development team to release a new feature every week for two months straight.
  • Reduced an Android application size from 1MB to 40KB by creating a lite, minified version capable of running on entry-level smartphones.
Technologies: PHP, Android, MySQL, Reverse Engineering, Apache, Nginx, Apache, Information Security, Java, Linux, System Security, IT Operations Management (ITOM), On-premise, System Administration, MySQL/MariaDB, Postman, Application Security, Ubuntu, IT Infrastructure, Proxies, High-availability Linux, Controls, Security Architecture, Debian, Agile Development, Continuous Integration (CI), Bash, DevOps, Business Continuity, Business Continuity Planning (BCP), Team Leadership, Leadership, IP Networks, Networks, VPN, Virtualization, Cloud Storage, Cloud Services, Cloud Security, Multi-factor Authentication (MFA), Load Balancers, System Security, Data Security, Cloud Engineering, Data Protection, Hybrid Cloud Infrastructure, Cloud Computing, Data Loss Prevention (DLP), Monitoring, GitHub

Graduate Management Trainee

2015 - 2015
Presidential Digital Talent Program
  • Updated the immigration department's information security policy.
  • Reviewed the interior ministry's website and made recommendations for its redesign.
  • Led the entire team of 100 management trainees as their appointed representative.
Technologies: Web App Design, Leadership, Team Leadership, System Security, Ubuntu, IT Infrastructure, Controls, Debian, Business Continuity, IT Audits, IP Networks, Networks, System Security, Data Security, Data Protection, Information Security, Data Loss Prevention (DLP)

AWS Well-architected Framework Audit for a Financial Services Firm

The client undertook an audit of its infrastructure hosted in AWS in order to identify any vulnerabilities, loopholes, and non-adherence to best practices that impact the performance, availability, security, and scalability of the applications. The client was also seeking recommendations on how to address the issues identified.

Our approach to implementing this audit was governed by the AWS Well-Architected Framework that guides cloud solution architects on the best practices to adopt while creating infrastructure in AWS. The framework consists of six pillars (security, reliability, performance efficiency, cost optimization, operational excellence, and sustainability) that were all thoroughly audited during the engagement. We were granted access to the AWS, the demo, development, and UAT environments. Other documents, such as the AWS billing reports, were provided, as well as answers to questions asked.

The audit identified a total of 46 categorized issues: 11 issues were categorized as high impact, and their potential remediations were shared with the client for action.

Email Server Audit

This project was brought about by suspected malpractice on the ICT systems of a tour company—particularly the email system. The company owners were the project champions. The purpose of the project was to identify any possibilities of such malpractice on the ICT part, recommend solutions, and implement the solutions where possible.

This project was carried out in three phases remotely and through three regional trips to the Arusha headquarters:

Phase one involved a forensic analysis of the mail system to identify instances of foul play. Malpractice was indeed identified, and the evidence was presented to the project champions.

Phase two was implementing a solution that migrated the mail server to a secure cloud virtual private server running with encryption and email antivirus and anti-spam mechanisms in place. This migration was done seamlessly and successfully with minimal business impact.

The final phase was the optimization of office ICT systems for both performance and security. This phase further involved configuration of the mail server to suit organizational needs, such as particular accounts to be limited to internal-only communication.

Overall, the project was a great success.

HeptaPay

https://heptapay.com
An online agent for loading money to a mobile money wallet via debit or credit card. As the integrations engineer, I set up the card processing payment gateway and connections to the telecommunications partners; tested these connections for security and performance; and managed the back end, the internal transaction monitoring dashboard, and the platform's security.

Sentiment Analysis of the 2017 Kenyan Presidential Election

https://uchaguzi.today/
Kenya held a general election in 2017. We built Uchaguzi Today to show the trends behind each candidate's popularity and explain (via regular updates) the actions they performed that elicited a positive, neutral, or negative response. My involvement was setting up the infrastructure for collecting the data, interacting with the Twitter API to collect the tweets, designing and deploying the dashboard, and deploying an Android application to classify a sample dataset to help train the model.
2016 - 2018

Master's Degree in Information Technology

Carnegie Mellon University - Pittsburgh, PA

2012 - 2014

Bachelor's Degree in Applied Computer Technology

United States International University-Africa - Nairobi, Kenya

NOVEMBER 2023 - NOVEMBER 2026

AWS Certified Security – Specialty

Amazon Web Services

JUNE 2021 - JUNE 2025

Microsoft Certified: Azure Security Engineer Associate

Microsoft

DECEMBER 2020 - SEPTEMBER 2026

AWS Certified Cloud Practitioner

AWS

OCTOBER 2020 - OCTOBER 2025

Microsoft Azure Administrator Associate

Microsoft

AUGUST 2020 - PRESENT

Microsoft Certified: Azure Fundamentals

Microsoft

APRIL 2015 - PRESENT

Associate - Information Storage and Management Version 2.0

Dell Technologies

NOVEMBER 2014 - DECEMBER 2026

Certified Ethical Hacker (CEH)

EC-Council

Libraries/APIs

X (formerly Twitter) API

Tools

Nginx, Amazon Virtual Private Cloud (VPC), VirtualBox, OpenVPN, Azure, VPN, Apache, Azure Kubernetes Service (AKS), Kubernetes HorizontalPodAutoscaler (HPA), Ansible, Sentry, Git, Terraform, Amazon EKS, AWS IAM, Postman, GitHub, Azure Key Vault, Grafana, Asana, Istio, Supervisor, Supervisord, GitHub CLI

Languages

PHP, Python, Java, Bash, JavaScript

Paradigms

Role-based Access Control (RBAC), DevOps, DevSecOps, Azure DevOps, Continuous Integration (CI), Agile Development, Web App Design

Platforms

Linux, Apache, Azure, Amazon EC2, Kubernetes, AWS, AWS, Ubuntu, Debian, WordPress Development, Android, Docker, Azure Functions, Azure Synapse, Azure Synapse Analytics, AWS Lambda, Jelastic, Salesforce Design, CrowdStrike

Storage

MySQL, Azure, MariaDB, Amazon S3, PostgreSQL, MySQL/MariaDB, Azure Storage, Data Centers, Storage Area Networks (SAN), Azure, On-premise, MongoDB, SQL, SQL Server

Industry Expertise

System Security, Cybersecurity

Frameworks

Windows PowerShell, Classic ASP, Laravel

Other

Office 365, Hybrid Cloud Infrastructure, Cloud Computing, Information Security, Application Security, Cloud Engineering, Azure Administrator, Azure, Multi-factor Authentication (MFA), Identity & Access Management (IAM), Azure, Cloud Security, Cloud Services, Cloud Storage, Virtualization, Networks, IP Networks, IT Audits, Cloud Architecture, AWS Cloud, Leadership, Team Leadership, Training, Business Continuity Planning (BCP), Business Continuity, Storage, Email Security, DevOps, Azure Files, Fintech Development, AWS VPN, AWS RDS, AWS Secrets Manager, AWS Auto Scaling, IT Infrastructure, Proxies, IT Security, Security, GitFlow, Load Balancers, CI/CD Pipelines, Deployment, System Security, IT Operations Management (ITOM), Architecture, System Administration, Relational Database Services (RDS), Infrastructure as Code (IaC), Security Design, AWS Certified Cloud Practitioner, Lecturing, Security Architecture, Controls, Security Management, Disaster Recovery Plans (DRP), High-availability Linux, Data Loss Prevention (DLP), Monitoring, Reverse Engineering, Mail Servers, Data Security, Data Protection, Azure Container Instances, Azure Container Registry, AWS WAF, Amazon API, Prometheus, Shell Scripting, Code Auditing, AWS DevOps, Argo CD, Networking, Cisco, Azure Resource Manager (ARM), Web Hosting, GitHub Actions, Virtuozzo, Github Dependabot

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring