Principal DevOps Engineer2020 - PRESENTBeacon
Technologies: Azure, Terraform, Azure DevOps, Git, Kubernetes, Azure Kubernetes Service (AKS), Rancher, Helm
- Led the cloud engineering infrastructure team to a successful company's IPO in December 2021.
- Designed, secured, and maintained highly available, multi-region Kubernetes clusters on Azure and GCP cloud.
- Defined capacity and storage planning, disaster recovery of the resources on Azure cloud.
- Migrated in-house pipelines to Azure DevOps pipelines based on industry best practice using a combination of Azure Keyvault and Hashicorp Vault with Consul.
- Introduced and enforced complete infrastructure as code (IaC) practice on Azure Cloud with Terraform and Pulumi.
- Introduced and enforced container security scanning (DAST) and Sonarcloud code scanning (SAST) into the pipelines.
- Hardened security posture by moving all cloud resources to use private endpoints and links, strong encryption, least privileged access, and MFA.
- Introduced Front Door with WAF and Sentinel SIEM integration; added performance metrics with Grafana, Prometheus, and Elastic stack suite (ELK) along with Azure Monitor and Insights.
- Refactored all Azure services and configuration based on Microsoft’s best practices such as introducing availability zones, Privilege Identity Management (PIM), MITRE ATT&CK framework, and CIS benchmarks.
- Designed and maintained Azure Machine Learning infrastructure (Databricks, Data Factory) with Terraform.
Senior DevOps Engineer2018 - 2020Canada Life
Technologies: Prometheus, Python, Jira, Git, Jenkins, Ansible, Vault, Terraform, Kubernetes, Docker, Azure, Azure DevOps, Azure Kubernetes Service (AKS), Google Cloud Platform (GCP)
- Provided highly available Azure Kubernetes and Openshift clusters both on-premise and cloud environments to the digital hub agile teams, serving millions of customers in Canada and Europe.
- Configured istio, envoy, and jaeger for service mesh on Kubernetes on both on-prem and Azure and Google cloud.
- Created and maintained Dockerfile to produce lean, secure Docker images along with Kubernetes manifests and Helm charts and templates.
- Secured cloud infrastructure by maintaining and applying Calico and Kubernetes network policies, enforcing secrets with Hashicorp Vault and security hardening with Prisma Cloud and Twistlock.
- Implemented security protocol and process compliant with the company’s enterprise ISOC team; set up North-South and West-East Azure Firewall and Network Security Group; implement local DNS server for proper Azure Private Endpoint DNS resolution.
- Implemented Azure Databricks (Apache Sparks), Data Factory, Azure KeyVault, and Azure Storage on the cloud securely using private endpoints and private links.
- Managed continuous integration, continuous delivery, and release management pipelines to the development teams using the Atlassian Suite, Harness.io, Azure DevOps, Jenkins, Twistlock and Prisma Cloud, Hashicorp Vault, and SonarQube.
- Took on the role of site reliability engineer (SRE) to ensure 24/7 operations, using Prometheus, various exporters (cAdvisor, MongoDB, Actuator, Node.js), Grafana, AppDynamics, PagerDuty, and Splunk.
- Provided third-level support software stack comprising Spring Boot, Java, AngularJS, MongoDB, Go, and Node.js.
Cloud DevOps Migration Engineer2016 - 2018Road User Safety | Ministry of Transportation
Technologies: OpenShift, Docker, Kubernetes, Go, Python, WebSphere, WebLogic, Ansible, Terraform, DevOps, Azure
- Rolled out Openshift and Kubernetes clusters on Azure Cloud using Terraform as infrastructure as code.
- Created a tool that can create sophisticated Weblogic domains from YAML definition with Go; turned a 1-2 days process to as short as 15 minutes.
- Participated in a multi-million dollar cloud migration project for the Ministry.
- Performed Azure Cloud migration of Siebel/OCH, Oracle LDAP directory, WebLogic, Websphere, BPM, BIP, OPA, EDQ, Oracle Database, and Oracle POS software stack from Solaris/AIX to Red Hat Enterprise Linux 6/7.
- Performed systems and O/S optimization (JVM, Database, J2EE tuning, and profiling), network tuning, and troubleshooting (e.g. load balancing and clustering) by analyzing network capture with WireShark.
- Developed in-house solutions with Prometheus to monitor Java, predict failure, and send alerts.
- Worked as a tier-3 technical lead and SRE for middleware incident escalation on high availability (24/7); secured production environments that directly affected public safety (e.g., license lookup service for law enforcement).
Senior System Administrator2010 - 2016Carrier Modernization Project | Ministry of Transportation
Technologies: Agile, Linux, Windows, Windows PowerShell, Python, Ansible, Jenkins, Java, WebLogic, WebSphere, Oracle, LDAP, Siebel
- Led, as a senior DevOps and lead consultant, a billion-dollar, multi-year project to modernize the Ontario IT systems that deliver carrier, driver, and vehicle services.
- Participated in the migration of over 150 Linux, Solaris, and Windows servers and enterprise COTS which include Siebel CRM, Oracle Customer Hub, Informatica, Oracle LDAP, IBM Business Process Manager, Oracle E-Business Suite, WebSphere, and WebLogic.
- Performed systems and O/S optimization (JVM, Database, J2EE tuning and profiling), network tuning and troubleshooting (e.g. load balancing and clustering) by analyzing network captures with WireShark.
- Automated day-to-day tasks such as deployment to logs management with Bash/Korn shell and Python scripting.
- Worked closely with scrum masters (Kanban, Trello), developers, DBAs, project managers, and architects to provide support throughout the entire application agile release cycles (development to production turnover).
- Developed numerous in-house solutions to streamline and automate Middleware deployments on WebLogic and Websphere using BASH shell, Go and Python scripting to facility larger-scale infrastructure rollouts.
- Administered multi-tier solutions comprising Microsoft Dynamics CRM, WebLogic, Websphere, Tomcat, Apache Webserver, MQ series, HP Openview, Informatica, Cognos, Webfocus and Mainframe DB2, UAG, TMG, SCOM, Hyper-V, and IIS.
- Optimized Apache HTTP server, WebLogic/Websphere J2EE servers for greater performance with profiling and tuning JVM memory usage and settings, threads and workers, JDBC data pool size, and JMS queues.