Hrvoje (Henry) Tonkovac
Verified Expert in Engineering
DevOps and AWS Developer
Osijek, Croatia
Toptal member since September 4, 2020
Henry is a results-oriented SRE/DevOps engineer with extensive experience orchestrating robust infrastructure solutions across AWS and Azure cloud environments. Proficient in leveraging Python for automation and Terraform for infrastructure as code, he is adept at streamlining operations and enhancing scalability. With a proven track record in complex enterprise environments, Henry specializes in optimizing systems and ensuring seamless deployments.
Portfolio
Experience
- Terraform - 6 years
- Azure - 4 years
- Kubernetes - 4 years
- Bash - 3 years
- MySQL - 3 years
- Continuous Delivery (CD) - 3 years
- Linux - 3 years
- Distributed Systems - 1 year
Availability
Preferred Environment
Amazon Web Services (AWS), Kubernetes, Visual Studio Code (VS Code), MacOS, Integration
The most amazing...
...complete Azure infrastructure I've implemented was a zero-trust Azure cloud landing zone with multiple isolated networks.
Work Experience
Site Reliability Engineer
Booking.com
- Developed an extension of existing Python 3 automation for MySQL cluster management for bare-metal to work with Amazon EC2. Migrated over 100 bare metal clusters to EC2.
- Saved over $4 million in annual AWS costs without sacrificing reliability or speed of cloud adoption by right-sizing the EC2 workloads and challenging long-standing team assumptions about MySQL configuration.
- Improved reliability of critical cron jobs by ensuring full completion of all tasks even in case of transient failure of a single task.
DevOps Engineer
Fortune 100 Insurance Company
- Deployed a multi-regional zero-trust Azure landing zone using Terraform. This included configuring Azure Firewall, Web Application Firewalls, zoned network architecture, and on-premise connection. This ensured secure onboarding into the cloud.
- Led the initiative to decommission legacy automation Go tooling. This greatly improved code maintainability and speed of onboarding new engineers and reduced the memory consumption of hourly jobs by over 90%.
- Developed many Terraform modules for use through a self-service developer portal. Enabling developers to provide legal and security-compliant Azure Databases, Web Apps, Storage Accounts, etc.
- Implemented many features and fixed many bugs in an internal Go automation codebase. Most notably, an in-house terraform provider for a cloud API and a custom terraform CLI wrapper (similar to Terragrunt).
- Ensured continuous compliance monitoring by writing automated tests and implementing automated security scanning of Terraform modules.
- Designed and implemented a DNS solution utilizing dnsmasq as a conditional forwarder, enabling DNS resolution between on-premise and cloud.
DevOps Engineer
Code Consulting
- Led the upgrade process of a multi-terabyte MySQL database from version 5.5 to version 5.7. Ensured high availability and an upgrade with minimum downtime. Improved the backup system by using physical back-ups, reducing MTTR by two weeks.
- Designed and implemented the complete infrastructure for an ETL pipeline that anonymized customer data and fed it into a data warehouse in real-time. Fully managed CI/CD and IaC for the project. Ensured perfect environment isolation and parity.
- Cut down AWS costs by over 30% across the organization by carefully analyzing the AWS bills, utilizing reserved instances where appropriate, and removing unused infrastructure.
- Released an application's complete AWS infrastructure and CI/CD processes consisting of half a dozen microservices hosted on AWS ECS and backed by a MongoDB replica set. Ensured high availability and full observability.
- Implemented an authentication and audit system using AWS Systems Manager, Bash, and AppArmor. The system allowed certain users access to production servers without having access to PHI data and ensured user auditability actions on the servers.
Node.js Back-end Developer
Reroot
- Developed both Dockerized and serverless PHP and Node.js microservices. Implemented a Geolocation microservice using PostGIS and Node.js.
- Developed CI/CD pipelines with Docker and GitLab. Ensured smooth and fast deployments to UAT and production.
- Managed the complete AWS infrastructure with Terraform and CloudFormation.
DevOps Consultant
Detecon International, GmbH.
- Supported partners in the research and presentation of different telecommunications architectures focused on introducing big data, cloud, machine learning, and DevOps concepts in the telecommunications space.
- Shadow-called and provided on-site support in multiple high-stake sales pitches and RFQ processes in telecommunications.
- Attended SAFe (Scaled Agile Framework) and proposal writing training.
- Led a team of students in a startup competition. This included research on both the technical and business sides and the societal impact of new developments in smart grocery stores.
PHP Back-end Developer
UHP Digital
- Developed several web applications with an MVC in the Zend Framework (PHP) and Doctrine ORM (MySQL). Wrote object-oriented server-side code and SQL queries.
- Deployed LAMP stack applications manually to on-premises servers. Configured Apache, NGINX, and PHP applications.
- Introduced Docker containerization technology to improve the process of application deployment. Prior to this, version mismatches have sometimes delayed production deployments for up to two weeks.
- Migrated complex data sets to improved database schema by writing PHP data migration scripts.
- Collaborated within a multinational team where all communication was conducted in English.
Experience
Android Application Test Laboratory
College Schedule Google Calendar Automation
Many university students had trouble organizing their schedules since the course schedule was released only a week up-front. If the students wanted to use a calendar (e.g., Google Calendar), they had to manually import every event every week (which took more than a hundred manual mouse clicks).
The application had over a hundred users from my university and was in active development for over a year. In the end, it served as a basis for my Bachelor's degree and has motivated the university to implement a proper solution due to the applications' overwhelming popularity and benefit.
Education
Bachelor's Degree in Computer Science
Faculty of Electrical Engineering, Computer Science and Information Technology Osijek - Osijek, Croatia
Certifications
Microsoft Certified: Identity and Access Administrator Associate
Microsoft
Certified Kubernetes Security Specialist
The Linux Foundation
Certified Kubernetes Administrator
The Linux Foundation
AWS Certified Solutions Architect Associate
AWS
Red Hat Certified Systems Administrator
Red Hat
Skills
Libraries/APIs
Jenkins Pipeline, Node.js, Terragrunt, Google Cloud API, Google Calendar API, Google Maps API, OpenSSL, GitHub API, POSIX, Metadata API, Azure Active Directory Graph API
Tools
Amazon Virtual Private Cloud (VPC), Terraform, AWS IAM, Azure Web Application Firewall, Git, GitHub, AWS Deployment, Azure Key Vault, Postman, Amazon Elastic Container Registry (ECR), Azure Kubernetes Service (AKS), Azure Network Security Groups, Docker Hub, Ansible, GitLab CI/CD, Jenkins, Grafana, NGINX, Apache, AWS ELB, Amazon EKS, AWS CloudFormation, GitLab, Google Kubernetes Engine (GKE), Bitbucket, Amazon Elastic Container Service (ECS), Helm, Kafka Streams, VPN, Amazon CloudWatch, AWS Fargate, AWS Cloud Development Kit (CDK), Beanstalk, Chef, Puppet, Amazon Simple Notification Service (SNS), Azure Active Directory B2C (ADB2C), CircleCI
Languages
Python, YAML, Bash, PHP, Bash Script, Go, TypeScript, Python 3, SQL, JavaScript, HTML, Snowflake, GraphQL
Frameworks
AWS HA, Hadoop
Paradigms
Continuous Delivery (CD), Continuous Integration (CI), DevOps, REST, Azure DevOps, OLAP, Microservices, Microservices Architecture, Gang of Four (GOF) Design Patterns, ETL, Web Application Architecture, DevSecOps, Serverless Architecture, HIPAA Compliance, Role-based Access Control (RBAC), ABAC
Platforms
Kubernetes, Linux, Docker, Amazon Web Services (AWS), Azure, Apache2, AWS ALB, Azure PaaS, Unix, Ubuntu, Amazon EC2, Google Cloud Platform (GCP), AWS Lambda, New Relic, OpenShift, Apache Kafka, Azure Event Hubs, Red Hat OpenShift, Blockchain, Android, Azure IaaS
Storage
Amazon S3 (AWS S3), Azure Blobs, PostGIS, Azure SQL, OLTP, DB, MySQL, MongoDB, LokiJS, PostgreSQL, Data Pipelines, Databases, Google Cloud, Amazon DynamoDB, NoSQL, Azure Storage, Datadog, Database Security, Azure Active Directory, Microsoft SQL Server, Azure SQL Databases, Redis Cache, Azure Cosmos DB, Azure Cloud Services, Redis
Industry Expertise
Network Security, Telecommunications, Cybersecurity
Other
ECS, Site Reliability Engineering (SRE), Identity & Access Management (IAM), Certified Kubernetes Administrator (CKA), Microsoft Azure, CI/CD Pipelines, Cloud Infrastructure, Infrastructure, Infrastructure as Code (IaC), Azure Virtual Networks, Web Application Firewall (WAF), Containers, Secure Containers, Containerization, GitOps, Git Flow, Deployment, System Administration, Container Orchestration, DevOps Engineer, ARM, CORS, Cloud Services, Cloud, APIs, Pipelines, Shell Scripting, Azure Virtual Machines, Load Balancers, Web Development, IT Networking, Linux Administration, GitHub Actions, Distributed Systems, Operating Systems, Prometheus, Serverless, Cloud Computing, Monitoring, Zero Trust, Google Container Engine, Amazon RDS, Infrastructure Monitoring, Scalability, Cloud Security, Web Security, Red Hat Certified System Administrator (RHCSA), Cloud Architecture, Architecture, Azure Data Lake, Google Calendar, Argo CD, AWS DevOps, Pulumi, OWASP Top 10, OWASP, Azure Data Factory, Data Warehousing, Amazon Kinesis, Cloudflare, Content Delivery Networks (CDN), Amazon Route 53, AWS Cloud Architecture, Application Security, ELT, Integration, IT Security, Data Analysis, AWS Certified Solution Architect, DNS, API Gateways, SSL Certificates, Digital Certificates, Networking, Firewalls, Proxies, OAuth, Networks, Jira Administration, Big Data, Security, SecOps, Metadata, Active Directory Federation, Active Directory Synchronization, Single Sign-on (SSO), SCIM, User Management, User Roles, AWS Transit Gateway, Data Engineering, NixOS
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring