Hieu Pham, Developer in Toronto, ON, Canada
Hieu is available for hire
Hire Hieu

Hieu Pham

Verified Expert  in Engineering

DevOps Engineer and Developer

Toronto, ON, Canada

Toptal member since April 22, 2020

Bio

Hieu is a senior DevOps engineer with over 18 years of experience in insurance, healthcare, startup and financial industries, government, and telecom. He is skilled in designing cloud environments (Azure, AWS, GCP) using infrastructure as code (Terraform). He has expert knowledge of container technology (Kubernetes, OpenShift) and the Linux and Windows platforms. Hieu has strong architecture skills, in-depth security knowledge, and familiarity with adopting Agile processes.

Portfolio

Intact Insurance
Databricks, Snowflake, Terraform, Python 3, Python, Amazon S3 (AWS S3)...
MindBeacon
Azure, Terraform, Azure DevOps, Git, Kubernetes, Azure Kubernetes Service (AKS)...
Canada Life
Prometheus, Python, Jira, Git, Jenkins, Ansible, Vault, Terraform, Kubernetes...

Experience

  • Kubernetes - 8 years
  • DevOps - 8 years
  • Azure - 5 years
  • Azure Kubernetes Service (AKS) - 5 years
  • Azure DevOps - 5 years
  • Python - 5 years
  • Terraform - 5 years
  • Go - 3 years

Availability

Full-time

Preferred Environment

Python, Go, Terraform, Kubernetes, Azure, Azure DevOps, CI/CD Pipelines, System Administration, Linux, Docker

The most amazing...

...thing I've set up are end-to-end CI/CD pipelines on Azure DevOps that build, release, and deploy microservice Docker images on multi-region Kubernetes clusters.

Work Experience

Senior DevOps AI/ML Engineer

2022 - PRESENT
Intact Insurance
  • Supported the artificial intelligence/machine learning team by provisioning and maintaining Databricks clusters, Snowflake, AWS Lambdas, Amazon S3, and AWS IAM using Terraform (IaC), GitHub Actions/workflows, and Jenkins CI/CD pipelines.
  • Maintained Amazon EKS clusters and on-prem OpenShift clusters running Private AI workloads.
  • Maintained CI/CD pipelines, ensuring proper security scanning in place (Prisma and SonarQube for DAST and SAST, OWASP) and linting/gating (Chekhov).
  • Managed Azure SQL, Snowflake, Azure Storage Accounts (ADLS Gen 2), Azure Function Apps and Web Apps, Azure Event Grid, and MongoDB database upgrades and migration.
  • Used Python, Bash, and PowerShell on Azure DevOps scripted YAML and Jenkins Groovy pipelines to automate tasks and processes such as pair-key rotation, maintenance jobs, and cleanup.
  • Deployed highly available, multi-region, and zone SQL servers on the cloud using a failover group.
  • Mentored more junior members of the core and cross-function teams. As a senior member, I also participated and presented at the company's weekly lunch and learned interesting technical topics.
  • Wrote detailed technical documentation for new technologies and processes for the core team.
  • Participated in weekly syncs with other business units and stakeholders on the status of ongoing projects and initiatives.
Technologies: Databricks, Snowflake, Terraform, Python 3, Python, Amazon S3 (AWS S3), AWS Lambda, Amazon EKS, Jenkins, OpenShift, Prisma, Bash, Kubernetes, Networks, Application Security, Grafana, Infrastructure as Code (IaC), Cluster, DevOps Engineer, CI/CD Pipelines, GitHub, Google Cloud Platform (GCP), Azure Databricks

Principal DevOps Engineer

2020 - 2022
MindBeacon
  • Led the cloud engineering infrastructure team to a successful company's IPO in December 2021.
  • Designed, secured, and maintained highly available, multi-region Kubernetes clusters on Azure and GCP cloud.
  • Defined capacity and storage planning and disaster recovery of the resources on Azure cloud.
  • Migrated in-house pipelines to Azure DevOps pipelines based on industry best practice using a combination of Azure Key Vault and Hashicorp Vault with Consul.
  • Introduced and enforced complete infrastructure as code (IaC) practice on Azure Cloud with Terraform and Pulumi.
  • Introduced and enforced container security scanning (DAST) and SonarCloud code scanning (SAST) into the pipelines.
  • Hardened security posture by moving all cloud resources to use private endpoints and links, strong encryption, least privileged access, and MFA.
  • Introduced Front Door with WAF and Sentinel SIEM integration; added performance metrics with Grafana, Prometheus, ELK stack, and Azure Monitor and Insights.
  • Refactored all Azure services and configuration based on Microsoft's best practices, such as introducing Availability Zones, Privilege Identity Management (PIM), MITRE ATT&CK framework, and CIS benchmarks.
  • Designed and maintained Azure Machine Learning infrastructure (Databricks, Data Factory) with Terraform.
Technologies: Azure, Terraform, Azure DevOps, Git, Kubernetes, Azure Kubernetes Service (AKS), Rancher, Helm, Amazon, Amazon EKS, OpenShift, Bash, Networks, Application Security, Grafana, Infrastructure as Code (IaC), SOC 2, Cluster, Architecture, DevOps Engineer, CI/CD Pipelines, GitHub, MITRE ATT&CK

Senior DevOps Engineer

2018 - 2020
Canada Life
  • Provided highly available Azure Kubernetes and Openshift clusters both on-premise and cloud environments to the digital hub agile teams, serving millions of customers in Canada and Europe.
  • Configured istio, envoy, and jaeger for service mesh on Kubernetes on both on-prem and Azure and Google cloud.
  • Created and maintained Dockerfile to produce lean, secure Docker images along with Kubernetes manifests and Helm charts and templates.
  • Secured cloud infrastructure by maintaining and applying Calico and Kubernetes network policies, enforcing secrets with Hashicorp Vault and security hardening with Prisma Cloud and Twistlock.
  • Implemented security protocol and process compliant with the company’s enterprise ISOC team; set up North-South and West-East Azure Firewall and Network Security Group; implement local DNS server for proper Azure Private Endpoint DNS resolution.
  • Implemented Azure Databricks (Apache Sparks), Data Factory, Azure KeyVault, and Azure Storage on the cloud securely using private endpoints and private links.
  • Managed continuous integration, continuous delivery, and release management pipelines to the development teams using the Atlassian Suite, Harness.io, Azure DevOps, Jenkins, Twistlock and Prisma Cloud, Hashicorp Vault, and SonarQube.
  • Took on the role of site reliability engineer (SRE) to ensure 24/7 operations, using Prometheus, various exporters (cAdvisor, MongoDB, Actuator, Node.js), Grafana, AppDynamics, PagerDuty, and Splunk.
  • Provided third-level support software stack comprising Spring Boot, Java, AngularJS, MongoDB, Go, and Node.js.
Technologies: Prometheus, Python, Jira, Git, Jenkins, Ansible, Vault, Terraform, Kubernetes, Docker, Azure, Azure DevOps, Azure Kubernetes Service (AKS), Google Cloud Platform (GCP), Bash, Networks, Application Security, Grafana, Infrastructure as Code (IaC), Rancher, Cluster, DevOps Engineer, CI/CD Pipelines, GitHub, Orchestration, Packer

Cloud DevOps Migration Engineer

2016 - 2018
Road User Safety | Ministry of Transportation
  • Rolled out Openshift and Kubernetes clusters on Azure Cloud using Terraform as infrastructure as code.
  • Created a tool that can create sophisticated Weblogic domains from YAML definition with Go; turned a 1-2 days process to as short as 15 minutes.
  • Participated in a multi-million dollar cloud migration project for the Ministry.
  • Performed Azure Cloud migration of Siebel/OCH, Oracle LDAP directory, WebLogic, Websphere, BPM, BIP, OPA, EDQ, Oracle Database, and Oracle POS software stack from Solaris/AIX to Red Hat Enterprise Linux 6/7.
  • Performed systems and O/S optimization (JVM, Database, J2EE tuning, and profiling), network tuning, and troubleshooting (e.g. load balancing and clustering) by analyzing network capture with WireShark.
  • Developed in-house solutions with Prometheus to monitor Java, predict failure, and send alerts.
  • Worked as a tier-3 technical lead and SRE for middleware incident escalation on high availability (24/7); secured production environments that directly affected public safety (e.g., license lookup service for law enforcement).
Technologies: OpenShift, Docker, Kubernetes, Go, Python, WebSphere, WebLogic, Ansible, Terraform, DevOps, Azure, Bash, Networks, Application Security, Infrastructure as Code (IaC), Cluster, DevOps Engineer, CI/CD Pipelines, GitHub

Senior System Administrator

2010 - 2016
Carrier Modernization Project | Ministry of Transportation
  • Led, as a senior DevOps and lead consultant, a billion-dollar, multi-year project to modernize the Ontario IT systems that deliver carrier, driver, and vehicle services.
  • Participated in the migration of over 150 Linux, Solaris, and Windows servers and enterprise COTS which include Siebel CRM, Oracle Customer Hub, Informatica, Oracle LDAP, IBM Business Process Manager, Oracle E-Business Suite, WebSphere, and WebLogic.
  • Performed systems and O/S optimization (JVM, Database, J2EE tuning and profiling), network tuning and troubleshooting (e.g. load balancing and clustering) by analyzing network captures with WireShark.
  • Automated day-to-day tasks such as deployment to logs management with Bash/Korn shell and Python scripting.
  • Worked closely with scrum masters (Kanban, Trello), developers, DBAs, project managers, and architects to provide support throughout the entire application agile release cycles (development to production turnover).
  • Developed numerous in-house solutions to streamline and automate Middleware deployments on WebLogic and Websphere using BASH shell, Go and Python scripting to facility larger-scale infrastructure rollouts.
  • Administered multi-tier solutions comprising Microsoft Dynamics CRM, WebLogic, Websphere, Tomcat, Apache Webserver, MQ series, HP Openview, Informatica, Cognos, Webfocus and Mainframe DB2, UAG, TMG, SCOM, Hyper-V, and IIS.
  • Optimized Apache HTTP server, WebLogic/Websphere J2EE servers for greater performance with profiling and tuning JVM memory usage and settings, threads and workers, JDBC data pool size, and JMS queues.
Technologies: Agile, Linux, Windows, Windows PowerShell, Python, Ansible, Jenkins, Java, WebLogic, WebSphere, Oracle, LDAP, Siebel, Bash, Networks, Application Security, Infrastructure as Code (IaC), Cluster

WebLogic Domain Creator

A Golang-based application for creating and automating the WebLogic domain. I was the sole developer of this application. The tool allows for the creation of full, sophisticated WebLogic domains from YAML definition (database, JMS, etc). This tool allows a domain to be created from code that enables speed, simplicity, consistency, risk mitigation (i.e. human error), and is repeatable.

Cloud Migration

I was in the cloud core team responsible for the migration of Linux Red Hat and Windows servers, on-prem Kubernetes clusters, Docker containers (Swarm and Docker EE) to the Azure cloud using Terraform and Packer.

Automated CI/CD Pipelines on Azure DevOps Cloud

I designed and maintained dozens of CI/CD pipelines on Azure DevOps responsible for building the source codes, creating Docker containers and Helm charts for production deployment. Incorporated code scanning with SonarCloud and Docker image scanning with Harbor and Aquasec.

Tools

Azure Kubernetes Service (AKS), Grafana, Terraform, Ansible, Shell, Apache Tomcat, Cluster, GitHub, Splunk, Elastic, Vault, Hyper-V, Istio, Jira, Bamboo, Git, Jenkins, Helm, Docker Swarm, Packer, Puppet, Google Kubernetes Engine (GKE), Amazon EKS, Prisma

Languages

Python, Go, Bash, Java, Snowflake, Python 3

Paradigms

DevOps, Agile, Scrum, Continuous Deployment, Continuous Delivery (CD), Continuous Integration (CI), Azure DevOps

Platforms

Rancher, Kubernetes, Docker, Linux, Windows, Azure, WebSphere, KVM, Xen, Google Cloud Platform (GCP), OpenShift, OpenStack, Icinga, Oracle, AWS IoT, Amazon, Databricks, AWS Lambda

Storage

MongoDB, PostgreSQL, Google Cloud, Amazon S3 (AWS S3)

Frameworks

Windows PowerShell

Other

CI/CD Pipelines, Prometheus, WebLogic, Transport Layer Security (TLS), IT Networking, SSL, Infrastructure as Code (IaC), Networks, Application Security, Architecture, DevOps Engineer, Orchestration, Content Delivery Networks (CDN), VMware ESXi, SOC 2, Azure Databricks, Consul, Containerization, LDAP, System Administration, Siebel, MITRE ATT&CK

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring