Hieu Pham, DevOps Engineer and Developer in Toronto, ON, Canada
Hieu Pham

DevOps Engineer and Developer in Toronto, ON, Canada

Member since April 20, 2020
Hieu is a senior DevOps engineer with over 15 years of IT experience working for insurance, healthcare, startup and financial industries, government, telecom, and eCommerce companies. He is skilled in creating and maintaining cloud environments using infrastructure as code (Terraform) and expert knowledge of containers (Kubernetes, Docker) and the Linux and Windows platforms. Hieu has strong architecture skills, in-depth security knowledge, and familiarity with adopting Agile processes.
Hieu is now available for hire




Toronto, ON, Canada



Preferred Environment

Python, Go, Terraform, Kubernetes, Azure, Azure DevOps, CI/CD Pipelines, System Administration, Linux, Docker

The most amazing...

...thing I've set up are end-to-end CI/CD pipelines on Azure DevOps that build, release, and deploy microservice Docker images on multi-region Kubernetes clusters.


  • Principal DevOps Engineer

    2020 - PRESENT
    • Led the cloud engineering infrastructure team to a successful company's IPO in December 2021.
    • Designed, secured, and maintained highly available, multi-region Kubernetes clusters on Azure and GCP cloud.
    • Defined capacity and storage planning, disaster recovery of the resources on Azure cloud.
    • Migrated in-house pipelines to Azure DevOps pipelines based on industry best practice using a combination of Azure Keyvault and Hashicorp Vault with Consul.
    • Introduced and enforced complete infrastructure as code (IaC) practice on Azure Cloud with Terraform and Pulumi.
    • Introduced and enforced container security scanning (DAST) and Sonarcloud code scanning (SAST) into the pipelines.
    • Hardened security posture by moving all cloud resources to use private endpoints and links, strong encryption, least privileged access, and MFA.
    • Introduced Front Door with WAF and Sentinel SIEM integration; added performance metrics with Grafana, Prometheus, and Elastic stack suite (ELK) along with Azure Monitor and Insights.
    • Refactored all Azure services and configuration based on Microsoft’s best practices such as introducing availability zones, Privilege Identity Management (PIM), MITRE ATT&CK framework, and CIS benchmarks.
    • Designed and maintained Azure Machine Learning infrastructure (Databricks, Data Factory) with Terraform.
    Technologies: Azure, Terraform, Azure DevOps, Git, Kubernetes, Azure Kubernetes Service (AKS), Rancher, Helm
  • Senior DevOps Engineer

    2018 - 2020
    Canada Life
    • Provided highly available Azure Kubernetes and Openshift clusters both on-premise and cloud environments to the digital hub agile teams, serving millions of customers in Canada and Europe.
    • Configured istio, envoy, and jaeger for service mesh on Kubernetes on both on-prem and Azure and Google cloud.
    • Created and maintained Dockerfile to produce lean, secure Docker images along with Kubernetes manifests and Helm charts and templates.
    • Secured cloud infrastructure by maintaining and applying Calico and Kubernetes network policies, enforcing secrets with Hashicorp Vault and security hardening with Prisma Cloud and Twistlock.
    • Implemented security protocol and process compliant with the company’s enterprise ISOC team; set up North-South and West-East Azure Firewall and Network Security Group; implement local DNS server for proper Azure Private Endpoint DNS resolution.
    • Implemented Azure Databricks (Apache Sparks), Data Factory, Azure KeyVault, and Azure Storage on the cloud securely using private endpoints and private links.
    • Managed continuous integration, continuous delivery, and release management pipelines to the development teams using the Atlassian Suite, Harness.io, Azure DevOps, Jenkins, Twistlock and Prisma Cloud, Hashicorp Vault, and SonarQube.
    • Took on the role of site reliability engineer (SRE) to ensure 24/7 operations, using Prometheus, various exporters (cAdvisor, MongoDB, Actuator, Node.js), Grafana, AppDynamics, PagerDuty, and Splunk.
    • Provided third-level support software stack comprising Spring Boot, Java, AngularJS, MongoDB, Go, and Node.js.
    Technologies: Prometheus, Python, Jira, Git, Jenkins, Ansible, Vault, Terraform, Kubernetes, Docker, Azure, Azure DevOps, Azure Kubernetes Service (AKS), Google Cloud Platform (GCP)
  • Cloud DevOps Migration Engineer

    2016 - 2018
    Road User Safety | Ministry of Transportation
    • Rolled out Openshift and Kubernetes clusters on Azure Cloud using Terraform as infrastructure as code.
    • Created a tool that can create sophisticated Weblogic domains from YAML definition with Go; turned a 1-2 days process to as short as 15 minutes.
    • Participated in a multi-million dollar cloud migration project for the Ministry.
    • Performed Azure Cloud migration of Siebel/OCH, Oracle LDAP directory, WebLogic, Websphere, BPM, BIP, OPA, EDQ, Oracle Database, and Oracle POS software stack from Solaris/AIX to Red Hat Enterprise Linux 6/7.
    • Performed systems and O/S optimization (JVM, Database, J2EE tuning, and profiling), network tuning, and troubleshooting (e.g. load balancing and clustering) by analyzing network capture with WireShark.
    • Developed in-house solutions with Prometheus to monitor Java, predict failure, and send alerts.
    • Worked as a tier-3 technical lead and SRE for middleware incident escalation on high availability (24/7); secured production environments that directly affected public safety (e.g., license lookup service for law enforcement).
    Technologies: OpenShift, Docker, Kubernetes, Go, Python, WebSphere, WebLogic, Ansible, Terraform, DevOps, Azure
  • Senior System Administrator

    2010 - 2016
    Carrier Modernization Project | Ministry of Transportation
    • Led, as a senior DevOps and lead consultant, a billion-dollar, multi-year project to modernize the Ontario IT systems that deliver carrier, driver, and vehicle services.
    • Participated in the migration of over 150 Linux, Solaris, and Windows servers and enterprise COTS which include Siebel CRM, Oracle Customer Hub, Informatica, Oracle LDAP, IBM Business Process Manager, Oracle E-Business Suite, WebSphere, and WebLogic.
    • Performed systems and O/S optimization (JVM, Database, J2EE tuning and profiling), network tuning and troubleshooting (e.g. load balancing and clustering) by analyzing network captures with WireShark.
    • Automated day-to-day tasks such as deployment to logs management with Bash/Korn shell and Python scripting.
    • Worked closely with scrum masters (Kanban, Trello), developers, DBAs, project managers, and architects to provide support throughout the entire application agile release cycles (development to production turnover).
    • Developed numerous in-house solutions to streamline and automate Middleware deployments on WebLogic and Websphere using BASH shell, Go and Python scripting to facility larger-scale infrastructure rollouts.
    • Administered multi-tier solutions comprising Microsoft Dynamics CRM, WebLogic, Websphere, Tomcat, Apache Webserver, MQ series, HP Openview, Informatica, Cognos, Webfocus and Mainframe DB2, UAG, TMG, SCOM, Hyper-V, and IIS.
    • Optimized Apache HTTP server, WebLogic/Websphere J2EE servers for greater performance with profiling and tuning JVM memory usage and settings, threads and workers, JDBC data pool size, and JMS queues.
    Technologies: Agile, Linux, Windows, Windows PowerShell, Python, Ansible, Jenkins, Java, WebLogic, WebSphere, Oracle, LDAP, Siebel


  • WebLogic Domain Creator

    A Golang-based application for creating and automating the WebLogic domain. I was the sole developer of this application. The tool allows for the creation of full, sophisticated WebLogic domains from YAML definition (database, JMS, etc). This tool allows a domain to be created from code that enables speed, simplicity, consistency, risk mitigation (i.e. human error), and is repeatable.

  • Cloud Migration

    I was in the cloud core team responsible for the migration of Linux Red Hat and Windows servers, on-prem Kubernetes clusters, Docker containers (Swarm and Docker EE) to the Azure cloud using Terraform and Packer.

  • Automated CI / CD Pipelines on Azure DevOps cloud

    I designed and maintained dozens of CI/CD pipelines on Azure DevOps responsible for building the source codes, creating Docker containers and Helm charts for production deployment. Incorporated code scanning with SonarCloud and Docker image scanning with Harbor and Aquasec.


  • Languages

    Python, Go, Bash, Java
  • Tools

    Azure Kubernetes Service (AKS), Grafana, Terraform, Ansible, Shell, Apache Tomcat, Splunk, Elastic, Packer, Vault, Hyper-V, Istio, Jira, Bamboo, Git, Jenkins, Helm, Docker Swarm, Puppet, Google Kubernetes Engine (GKE)
  • Paradigms

    DevOps, Agile, Scrum, Continuous Deployment, Continuous Delivery (CD), Continuous Integration (CI), Azure DevOps
  • Platforms

    Kubernetes, Docker, Linux, Windows, Azure, WebSphere, KVM, Xen, Google Cloud Platform (GCP), OpenShift, OpenStack, Icinga, Rancher, Oracle
  • Other

    Prometheus, WebLogic, Transport Layer Security (TLS), IT Networking, SSL, ESX, Content Delivery Networks (CDN), Consul, Containerization, LDAP, CI/CD Pipelines, System Administration, Siebel
  • Storage

    MongoDB, PostgreSQL, Google Cloud
  • Frameworks

    Windows PowerShell

To view more profiles

Join Toptal
Share it with others