Hrvoje (Henry) Tonkovac, Developer in Osijek, Croatia
Hrvoje is available for hire
Hire Hrvoje

Hrvoje (Henry) Tonkovac

Verified Expert  in Engineering

DevOps and AWS Developer

Location
Osijek, Croatia
Toptal Member Since
September 4, 2020

Henry is a results-oriented SRE/DevOps engineer with extensive experience orchestrating robust infrastructure solutions across AWS and Azure cloud environments. Proficient in leveraging Python for automation and Terraform for infrastructure as code, he is adept at streamlining operations and enhancing scalability. With a proven track record in complex enterprise environments, Henry specializes in optimizing systems and ensuring seamless deployments.

Portfolio

Booking.com
Amazon EC2, Amazon Web Services (AWS), Terraform, Python 3
Fortune 100 Insurance Company
Azure, Azure SQL, Azure IaaS, Azure PaaS, Azure Blobs, Azure DevOps, GitHub...
Code Consulting
Amazon Web Services (AWS), Serverless, Continuous Delivery (CD)...

Experience

Availability

Full-time

Preferred Environment

Amazon Web Services (AWS), Kubernetes, Visual Studio Code (VS Code), MacOS, Integration

The most amazing...

...complete Azure infrastructure I've implemented was a zero-trust Azure cloud landing zone with multiple isolated networks.

Work Experience

Site Reliability Engineer

2023 - 2024
Booking.com
  • Developed an extension of existing Python 3 automation for MySQL cluster management for bare-metal to work with Amazon EC2. Migrated over 100 bare metal clusters to EC2.
  • Saved over $4 million in annual AWS costs without sacrificing reliability or speed of cloud adoption by right-sizing the EC2 workloads and challenging long-standing team assumptions about MySQL configuration.
  • Improved reliability of critical cron jobs by ensuring full completion of all tasks even in case of transient failure of a single task.
Technologies: Amazon EC2, Amazon Web Services (AWS), Terraform, Python 3

DevOps Engineer

2020 - 2023
Fortune 100 Insurance Company
  • Deployed a multi-regional zero-trust Azure landing zone using Terraform. This included configuring Azure Firewall, Web Application Firewalls, zoned network architecture, and on-premise connection. This ensured secure onboarding into the cloud.
  • Led the initiative to decommission legacy automation Go tooling. This greatly improved code maintainability and speed of onboarding new engineers and reduced the memory consumption of hourly jobs by over 90%.
  • Developed many Terraform modules for use through a self-service developer portal. Enabling developers to provide legal and security-compliant Azure Databases, Web Apps, Storage Accounts, etc.
  • Implemented many features and fixed many bugs in an internal Go automation codebase. Most notably, an in-house terraform provider for a cloud API and a custom terraform CLI wrapper (similar to Terragrunt).
  • Ensured continuous compliance monitoring by writing automated tests and implementing automated security scanning of Terraform modules.
  • Designed and implemented a DNS solution utilizing dnsmasq as a conditional forwarder, enabling DNS resolution between on-premise and cloud.
Technologies: Azure, Azure SQL, Azure IaaS, Azure PaaS, Azure Blobs, Azure DevOps, GitHub, Azure Cosmos DB, Azure Cloud Services, Continuous Delivery (CD), Continuous Integration (CI), Azure Active Directory, Azure Active Directory B2C (ADB2C), Terraform, Terragrunt, Go, Zero Trust, SSL Certificates, Digital Certificates, Networking, Firewalls, Proxies, Azure Virtual Networks, Azure Network Security Groups, Azure Storage, Site Reliability Engineering (SRE), IT Networking, Ubuntu, Network Security, Networks, AWS Cloud Architecture, AWS Cloud Development Kit (CDK), OpenSSL

DevOps Engineer

2019 - 2020
Code Consulting
  • Led the upgrade process of a multi-terabyte MySQL database from version 5.5 to version 5.7. Ensured high availability and an upgrade with minimum downtime. Improved the backup system by using physical back-ups, reducing MTTR by two weeks.
  • Designed and implemented the complete infrastructure for an ETL pipeline that anonymized customer data and fed it into a data warehouse in real-time. Fully managed CI/CD and IaC for the project. Ensured perfect environment isolation and parity.
  • Cut down AWS costs by over 30% across the organization by carefully analyzing the AWS bills, utilizing reserved instances where appropriate, and removing unused infrastructure.
  • Released an application's complete AWS infrastructure and CI/CD processes consisting of half a dozen microservices hosted on AWS ECS and backed by a MongoDB replica set. Ensured high availability and full observability.
  • Implemented an authentication and audit system using AWS Systems Manager, Bash, and AppArmor. The system allowed certain users access to production servers without having access to PHI data and ensured user auditability actions on the servers.
Technologies: Amazon Web Services (AWS), Serverless, Continuous Delivery (CD), Amazon S3 (AWS S3), AWS Lambda, Amazon Kinesis, Ansible, MongoDB, MySQL, ECS, Terraform, Data Pipelines, Infrastructure as Code (IaC), Git, GitOps, Git Flow, GitHub, Amazon Elastic Container Service (Amazon ECS), Infrastructure Monitoring, Containers, Infrastructure, Cloud Infrastructure, Big Data, DevOps, REST, AWS IAM, Apache2, AWS ALB, Amazon DynamoDB, Container Orchestration, DevOps Engineer, VPN, Cloudflare, Content Delivery Networks (CDN), CORS, Cloud Services, APIs, Pipelines, CI/CD Pipelines, Containerization, Continuous Integration (CI), Bash Script, Shell Scripting, Azure Virtual Machines, Application Security, ELT, ETL, Microservices, Web Application Architecture, Data Analysis, OLTP, OLAP, Redis Cache, Load Balancers, SQL, NoSQL, DNS, Snowflake, Prometheus, Grafana, Data Engineering, SSL Certificates, Digital Certificates, Site Reliability Engineering (SRE), Redis, Jenkins Pipeline, New Relic, Datadog, NGINX, Monitoring, Ubuntu, DB, Jira Administration, AWS CloudFormation, Beanstalk, OpenSSL

Node.js Back-end Developer

2019 - 2019
Reroot
  • Developed both Dockerized and serverless PHP and Node.js microservices. Implemented a Geolocation microservice using PostGIS and Node.js.
  • Developed CI/CD pipelines with Docker and GitLab. Ensured smooth and fast deployments to UAT and production.
  • Managed the complete AWS infrastructure with Terraform and CloudFormation.
Technologies: Amazon Web Services (AWS), Serverless, Continuous Delivery (CD), Docker, AWS Lambda, Terraform, Node.js, PostgreSQL, Infrastructure as Code (IaC), Git, GitOps, GitHub, Amazon Elastic Container Service (Amazon ECS), Amazon RDS, Containers, Infrastructure, Cloud Infrastructure, PostGIS, REST, Jenkins, AWS IAM, Apache2, AWS ALB, Amazon DynamoDB, Container Orchestration, DevOps Engineer, HTML, CORS, Cloud Services, TypeScript, Google Maps API, APIs, Pipelines, CI/CD Pipelines, Containerization, Continuous Integration (CI), Bash Script, Shell Scripting, Microservices, Web Application Architecture, OLTP, Load Balancers, NoSQL, DNS, SSL Certificates, Digital Certificates, Web Development, Site Reliability Engineering (SRE), Jenkins Pipeline, NGINX, Monitoring, GitLab CI/CD, CircleCI, Beanstalk, OpenSSL

DevOps Consultant

2019 - 2019
Detecon International, GmbH.
  • Supported partners in the research and presentation of different telecommunications architectures focused on introducing big data, cloud, machine learning, and DevOps concepts in the telecommunications space.
  • Shadow-called and provided on-site support in multiple high-stake sales pitches and RFQ processes in telecommunications.
  • Attended SAFe (Scaled Agile Framework) and proposal writing training.
  • Led a team of students in a startup competition. This included research on both the technical and business sides and the societal impact of new developments in smart grocery stores.
Technologies: Telecommunications, Kubernetes, Google Cloud Platform (GCP), Infrastructure as Code (IaC), Git, GitOps, Containers, Infrastructure, Cloud Infrastructure, DevOps, REST, Jenkins, AWS ALB, Amazon DynamoDB, Container Orchestration, DevOps Engineer, Content Delivery Networks (CDN), CORS, Cloud Services, Google Maps API, APIs, Pipelines, CI/CD Pipelines, Azure Kubernetes Service (AKS), Containerization, Continuous Integration (CI), Bash Script, Shell Scripting, Azure Virtual Machines, Application Security, Web Application Architecture, OLTP, GraphQL, Web Development, Site Reliability Engineering (SRE)

PHP Back-end Developer

2017 - 2018
UHP Digital
  • Developed several web applications with an MVC in the Zend Framework (PHP) and Doctrine ORM (MySQL). Wrote object-oriented server-side code and SQL queries.
  • Deployed LAMP stack applications manually to on-premises servers. Configured Apache, NGINX, and PHP applications.
  • Introduced Docker containerization technology to improve the process of application deployment. Prior to this, version mismatches have sometimes delayed production deployments for up to two weeks.
  • Migrated complex data sets to improved database schema by writing PHP data migration scripts.
  • Collaborated within a multinational team where all communication was conducted in English.
Technologies: MySQL, PHP, Git, GitOps, Git Flow, Bitbucket, Containers, REST, Jenkins, Apache2, DevOps Engineer, VPN, HTML, CORS, Cloud Services, APIs, Pipelines, CI/CD Pipelines, Containerization, Continuous Integration (CI), Bash Script, Web Application Architecture, OLTP, SQL, Unix, Web Development

Android Application Test Laboratory

Set up an Android application testing laboratory for my university using OpenSTF. The system supports the testing of Android apps on half a dozen real mobile devices. Students can connect to any phone via a web browser, install their app by dragging and dropping the APK file, and run manual or automated tests.

College Schedule Google Calendar Automation

I envisioned and developed a Node.js application that scraped my university's publicly available course schedules and imported this data into Google Calendar.

Many university students had trouble organizing their schedules since the course schedule was released only a week up-front. If the students wanted to use a calendar (e.g., Google Calendar), they had to manually import every event every week (which took more than a hundred manual mouse clicks).

The application had over a hundred users from my university and was in active development for over a year. In the end, it served as a basis for my Bachelor's degree and has motivated the university to implement a proper solution due to the applications' overwhelming popularity and benefit.
2016 - 2020

Bachelor's Degree in Computer Science

Faculty of Electrical Engineering, Computer Science and Information Technology Osijek - Osijek, Croatia

JULY 2022 - JULY 2025

Microsoft Certified: Identity and Access Administrator Associate

Microsoft

APRIL 2022 - APRIL 2024

Certified Kubernetes Security Specialist

The Linux Foundation

NOVEMBER 2020 - NOVEMBER 2023

Certified Kubernetes Administrator

The Linux Foundation

JULY 2020 - JULY 2023

AWS Certified Solutions Architect Associate

AWS

JULY 2018 - JULY 2021

Red Hat Certified Systems Administrator

Red Hat

Libraries/APIs

Jenkins Pipeline, Node.js, Terragrunt, Google Cloud API, Google Calendar API, Google Maps API, OpenSSL, GitHub API, POSIX, Metadata API, Azure Active Directory Graph API

Tools

Amazon Virtual Private Cloud (VPC), Terraform, AWS IAM, Azure Web Application Firewall, Git, GitHub, AWS Deployment, Azure Key Vault, Postman, Amazon Elastic Container Registry (ECR), Azure Kubernetes Service (AKS), Azure Network Security Groups, Docker Hub, Ansible, GitLab CI/CD, Jenkins, Grafana, NGINX, Apache, AWS ELB, Amazon EKS, AWS CloudFormation, GitLab, Google Kubernetes Engine (GKE), Bitbucket, Amazon Elastic Container Service (Amazon ECS), Helm, Kafka Streams, VPN, Amazon CloudWatch, AWS Fargate, AWS Cloud Development Kit (CDK), Beanstalk, Chef, Puppet, Amazon Simple Notification Service (Amazon SNS), Azure Active Directory B2C (ADB2C), CircleCI

Frameworks

AWS HA, Hadoop

Languages

Python, YAML, Bash, PHP, Bash Script, Go, TypeScript, Python 3, SQL, JavaScript, HTML, Snowflake, GraphQL

Paradigms

Continuous Delivery (CD), Continuous Integration (CI), DevOps, REST, Azure DevOps, OLAP, Microservices, Microservices Architecture, Gang of Four (GOF) Design Patterns, ETL, Web Application Architecture, DevSecOps, Serverless Architecture, HIPAA Compliance, Role-based Access Control (RBAC), ABAC

Platforms

Kubernetes, Linux, Docker, Amazon Web Services (AWS), Azure, Apache2, AWS ALB, Azure PaaS, Unix, Ubuntu, Amazon EC2, Google Cloud Platform (GCP), AWS Lambda, New Relic, OpenShift, Apache Kafka, Azure Event Hubs, Red Hat OpenShift, Blockchain, Android, Azure IaaS

Storage

Amazon S3 (AWS S3), Azure Blobs, PostGIS, Azure SQL, OLTP, DB, MySQL, MongoDB, LokiJS, PostgreSQL, Data Pipelines, Databases, Google Cloud, Amazon DynamoDB, NoSQL, Azure Storage, Datadog, Database Security, Azure Active Directory, Microsoft SQL Server, Azure SQL Databases, Redis Cache, Azure Cosmos DB, Azure Cloud Services, Redis

Industry Expertise

Network Security, Telecommunications, Cybersecurity

Other

ECS, Site Reliability Engineering (SRE), Identity & Access Management (IAM), Kubernetes Administration, Microsoft Azure, CI/CD Pipelines, Cloud Infrastructure, Infrastructure, Infrastructure as Code (IaC), Azure Virtual Networks, Web Application Firewall (WAF), Containers, Secure Containers, Containerization, GitOps, Git Flow, Deployment, System Administration, Container Orchestration, DevOps Engineer, ARM, CORS, Cloud Services, Cloud, APIs, Pipelines, Shell Scripting, Azure Virtual Machines, Load Balancers, Web Development, IT Networking, Linux Administration, GitHub Actions, Distributed Systems, Operating Systems, Prometheus, Serverless, Cloud Computing, Monitoring, Zero Trust, Google Container Engine, Amazon RDS, Infrastructure Monitoring, Scalability, Cloud Security, Web Security, Red Hat Certified System Administrator (RHCSA), Cloud Architecture, Architecture, Azure Data Lake, Google Calendar, Argo CD, AWS DevOps, Pulumi, OWASP Top 10, OWASP, Azure Data Factory, Data Warehousing, Amazon Kinesis, Cloudflare, Content Delivery Networks (CDN), Amazon Route 53, AWS Cloud Architecture, Application Security, ELT, Integration, IT Security, Data Analysis, AWS Certified Solution Architect, DNS, API Gateways, SSL Certificates, Digital Certificates, Networking, Firewalls, Proxies, OAuth, Networks, Jira Administration, Big Data, Security, SecOps, Metadata, Active Directory Federation, Active Directory Synchronization, Single Sign-on (SSO), SCIM, User Management, User Roles, AWS Transit Gateway, Data Engineering, NixOS

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring