Hieu Pham
Verified Expert in Engineering
DevOps Engineer and Developer
Toronto, ON, Canada
Toptal member since April 22, 2020
Hieu is a senior DevOps engineer with over 18 years of experience in insurance, healthcare, startup and financial industries, government, and telecom. He is skilled in designing cloud environments (Azure, AWS, GCP) using infrastructure as code (Terraform). He has expert knowledge of container technology (Kubernetes, OpenShift) and the Linux and Windows platforms. Hieu has strong architecture skills, in-depth security knowledge, and familiarity with adopting Agile processes.
Portfolio
Experience
Availability
Preferred Environment
Python, Go, Terraform, Kubernetes, Azure, Azure DevOps, CI/CD Pipelines, System Administration, Linux, Docker
The most amazing...
...thing I've set up are end-to-end CI/CD pipelines on Azure DevOps that build, release, and deploy microservice Docker images on multi-region Kubernetes clusters.
Work Experience
Senior DevOps AI/ML Engineer
Intact Insurance
- Supported the artificial intelligence/machine learning team by provisioning and maintaining Databricks clusters, Snowflake, AWS Lambdas, Amazon S3, and AWS IAM using Terraform (IaC), GitHub Actions/workflows, and Jenkins CI/CD pipelines.
- Maintained Amazon EKS clusters and on-prem OpenShift clusters running Private AI workloads.
- Maintained CI/CD pipelines, ensuring proper security scanning in place (Prisma and SonarQube for DAST and SAST, OWASP) and linting/gating (Chekhov).
- Managed Azure SQL, Snowflake, Azure Storage Accounts (ADLS Gen 2), Azure Function Apps and Web Apps, Azure Event Grid, and MongoDB database upgrades and migration.
- Used Python, Bash, and PowerShell on Azure DevOps scripted YAML and Jenkins Groovy pipelines to automate tasks and processes such as pair-key rotation, maintenance jobs, and cleanup.
- Deployed highly available, multi-region, and zone SQL servers on the cloud using a failover group.
- Mentored more junior members of the core and cross-function teams. As a senior member, I also participated and presented at the company's weekly lunch and learned interesting technical topics.
- Wrote detailed technical documentation for new technologies and processes for the core team.
- Participated in weekly syncs with other business units and stakeholders on the status of ongoing projects and initiatives.
Principal DevOps Engineer
MindBeacon
- Led the cloud engineering infrastructure team to a successful company's IPO in December 2021.
- Designed, secured, and maintained highly available, multi-region Kubernetes clusters on Azure and GCP cloud.
- Defined capacity and storage planning and disaster recovery of the resources on Azure cloud.
- Migrated in-house pipelines to Azure DevOps pipelines based on industry best practice using a combination of Azure Key Vault and Hashicorp Vault with Consul.
- Introduced and enforced complete infrastructure as code (IaC) practice on Azure Cloud with Terraform and Pulumi.
- Introduced and enforced container security scanning (DAST) and SonarCloud code scanning (SAST) into the pipelines.
- Hardened security posture by moving all cloud resources to use private endpoints and links, strong encryption, least privileged access, and MFA.
- Introduced Front Door with WAF and Sentinel SIEM integration; added performance metrics with Grafana, Prometheus, ELK stack, and Azure Monitor and Insights.
- Refactored all Azure services and configuration based on Microsoft's best practices, such as introducing Availability Zones, Privilege Identity Management (PIM), MITRE ATT&CK framework, and CIS benchmarks.
- Designed and maintained Azure Machine Learning infrastructure (Databricks, Data Factory) with Terraform.
Senior DevOps Engineer
Canada Life
- Provided highly available Azure Kubernetes and Openshift clusters both on-premise and cloud environments to the digital hub agile teams, serving millions of customers in Canada and Europe.
- Configured istio, envoy, and jaeger for service mesh on Kubernetes on both on-prem and Azure and Google cloud.
- Created and maintained Dockerfile to produce lean, secure Docker images along with Kubernetes manifests and Helm charts and templates.
- Secured cloud infrastructure by maintaining and applying Calico and Kubernetes network policies, enforcing secrets with Hashicorp Vault and security hardening with Prisma Cloud and Twistlock.
- Implemented security protocol and process compliant with the company’s enterprise ISOC team; set up North-South and West-East Azure Firewall and Network Security Group; implement local DNS server for proper Azure Private Endpoint DNS resolution.
- Implemented Azure Databricks (Apache Sparks), Data Factory, Azure KeyVault, and Azure Storage on the cloud securely using private endpoints and private links.
- Managed continuous integration, continuous delivery, and release management pipelines to the development teams using the Atlassian Suite, Harness.io, Azure DevOps, Jenkins, Twistlock and Prisma Cloud, Hashicorp Vault, and SonarQube.
- Took on the role of site reliability engineer (SRE) to ensure 24/7 operations, using Prometheus, various exporters (cAdvisor, MongoDB, Actuator, Node.js), Grafana, AppDynamics, PagerDuty, and Splunk.
- Provided third-level support software stack comprising Spring Boot, Java, AngularJS, MongoDB, Go, and Node.js.
Cloud DevOps Migration Engineer
Road User Safety | Ministry of Transportation
- Rolled out Openshift and Kubernetes clusters on Azure Cloud using Terraform as infrastructure as code.
- Created a tool that can create sophisticated Weblogic domains from YAML definition with Go; turned a 1-2 days process to as short as 15 minutes.
- Participated in a multi-million dollar cloud migration project for the Ministry.
- Performed Azure Cloud migration of Siebel/OCH, Oracle LDAP directory, WebLogic, Websphere, BPM, BIP, OPA, EDQ, Oracle Database, and Oracle POS software stack from Solaris/AIX to Red Hat Enterprise Linux 6/7.
- Performed systems and O/S optimization (JVM, Database, J2EE tuning, and profiling), network tuning, and troubleshooting (e.g. load balancing and clustering) by analyzing network capture with WireShark.
- Developed in-house solutions with Prometheus to monitor Java, predict failure, and send alerts.
- Worked as a tier-3 technical lead and SRE for middleware incident escalation on high availability (24/7); secured production environments that directly affected public safety (e.g., license lookup service for law enforcement).
Senior System Administrator
Carrier Modernization Project | Ministry of Transportation
- Led, as a senior DevOps and lead consultant, a billion-dollar, multi-year project to modernize the Ontario IT systems that deliver carrier, driver, and vehicle services.
- Participated in the migration of over 150 Linux, Solaris, and Windows servers and enterprise COTS which include Siebel CRM, Oracle Customer Hub, Informatica, Oracle LDAP, IBM Business Process Manager, Oracle E-Business Suite, WebSphere, and WebLogic.
- Performed systems and O/S optimization (JVM, Database, J2EE tuning and profiling), network tuning and troubleshooting (e.g. load balancing and clustering) by analyzing network captures with WireShark.
- Automated day-to-day tasks such as deployment to logs management with Bash/Korn shell and Python scripting.
- Worked closely with scrum masters (Kanban, Trello), developers, DBAs, project managers, and architects to provide support throughout the entire application agile release cycles (development to production turnover).
- Developed numerous in-house solutions to streamline and automate Middleware deployments on WebLogic and Websphere using BASH shell, Go and Python scripting to facility larger-scale infrastructure rollouts.
- Administered multi-tier solutions comprising Microsoft Dynamics CRM, WebLogic, Websphere, Tomcat, Apache Webserver, MQ series, HP Openview, Informatica, Cognos, Webfocus and Mainframe DB2, UAG, TMG, SCOM, Hyper-V, and IIS.
- Optimized Apache HTTP server, WebLogic/Websphere J2EE servers for greater performance with profiling and tuning JVM memory usage and settings, threads and workers, JDBC data pool size, and JMS queues.
Experience
WebLogic Domain Creator
Cloud Migration
Automated CI/CD Pipelines on Azure DevOps Cloud
Skills
Tools
Azure Kubernetes Service (AKS), Grafana, Terraform, Ansible, Shell, Apache Tomcat, Cluster, GitHub, Splunk, Elastic, Vault, Hyper-V, Istio, Jira, Bamboo, Git, Jenkins, Helm, Docker Swarm, Packer, Puppet, Google Kubernetes Engine (GKE), Amazon EKS, Prisma
Languages
Python, Go, Bash, Java, Snowflake, Python 3
Paradigms
DevOps, Agile, Scrum, Continuous Deployment, Continuous Delivery (CD), Continuous Integration (CI), Azure DevOps
Platforms
Rancher, Kubernetes, Docker, Linux, Windows, Azure, WebSphere, KVM, Xen, Google Cloud Platform (GCP), OpenShift, OpenStack, Icinga, Oracle, AWS IoT, Amazon, Databricks, AWS Lambda
Storage
MongoDB, PostgreSQL, Google Cloud, Amazon S3 (AWS S3)
Frameworks
Windows PowerShell
Other
CI/CD Pipelines, Prometheus, WebLogic, Transport Layer Security (TLS), IT Networking, SSL, Infrastructure as Code (IaC), Networks, Application Security, Architecture, DevOps, Orchestration, Content Delivery Networks (CDN), VMware ESXi, SOC 2, Azure Databricks, Consul, Containerization, LDAP, System Administration, Siebel, MITRE ATT&CK
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring