Hyder Jafri, Developer in Karachi, Sindh, Pakistan
Hyder is available for hire
Hire Hyder

Hyder Jafri

Verified Expert  in Engineering

Cloud Architect and DevOps Expert Developer

Karachi, Sindh, Pakistan

Toptal member since October 31, 2019

Expertise
DNSAWS CloudSystem SecurityCloud ArchitectureSystem AdministrationAzureAWSSite ReliabilityIISMERN StackAWS SolutionsLinuxDevOpsLAMP
Bio

Hyder is adept at understanding business objectives, establishing value for transformation and reformation change while streamlining business requirements with scalable, effective, and future-proof solutions. He has 7+ years of solutions delivery experience in the areas of consumer, enterprise, and financial solutions; cloud infrastructure; and high availability, scalability, and performance optimization.

Portfolio

Analytiks International
Azure, SharePoint, Azure Active Directory, Linux, File Sharing, Networking...
Johnson Controls
Azure, Azure DevOps, Azure SQL, Azure Blobs, Azure Application Gateway...
ARPAtech
Amazon Elastic Container Registry (ECR), Amazon Web Services (AWS), .NET...

Experience

  • Linux - 8 years
  • DevOps - 8 years
  • Azure - 5 years
  • Kubernetes - 5 years
  • Ansible - 4 years
  • Docker - 4 years
  • Azure DevOps - 3 years
  • AWS Certified Solution Architect - 1 year

Availability

Full-time

Preferred Environment

Amazon Web Services (AWS), Docker, Azure, Ansible, Git, Linux, Kubernetes, Unix

The most amazing...

...project was leading DevOps for FIFA 2022 in Qatar, deploying twin infrastructure and processing data from millions of OT systems in eight stadiums in Azure.

Work Experience

Azure Engineer

2022 - PRESENT
Analytiks International
  • Performed successful migration of on-premises file share to Azure, transferring data and ACLs. Set up a domain server and AD Sync, enabled Azure AD authentication, assigned permissions, and ensured seamless data transfer.
  • Migrated Azure AD services, ensuring continuity of user identities, groups, and roles. Oversaw authentication set up, data syncing, policy implementation, and testing, securing a smooth transition.
  • Performed an upgrade for the DC server from 2012 to 2022, migrated DNS and FSMO roles, and configured an additional DC server for DR.
  • Configured a site-to-site VPN to secure connectivity from on-premises environments to Azure, enabling the local Linux and Windows workloads to authenticate via AD.
  • Managed and administered Office 365 environments, leveraging a decade of experience in O365 technologies to plan, implement, and maintain robust and secure setups.
  • Administered SharePoint permissions for internal and external users, enhancing access control and resource management while maintaining stringent security protocols.
  • Set up and configured resources and objects in SharePoint to facilitate ease of access, improving user experience and operational efficiency.
  • Implemented and managed O365 projects, utilizing best practices to deliver scalable and secure solutions tailored to organizational needs.
  • Led multiple migration projects, including seamless transitions from Google Workspace to Office 365, ensuring minimal disruption and optimal functionality.
Technologies: Azure, SharePoint, Azure Active Directory, Linux, File Sharing, Networking, Azure Migrate, Solution Architecture, Windows System Administration, Microsoft Defender Antivirus, On-premise, IT Operations Management (ITOM), Cloud Architecture, MacOS, Windows Server, VM, System Administration, Network Administration, DNS, Azure App Service, Azure SQL Databases, Azure Virtual Networks, API/Services Architecture, Samba, Licensing, Azure Cloud Services, SAML, Authentication, OpenID Connect (OIDC), B2B

DevOps Practice Lead

2021 - PRESENT
Johnson Controls
  • Oversaw development of IaC templates over Terraform to provision fully private Azure infrastructure such as AKS, Route Tables, Private Endpoints, EventHubs, Kubernetes services, etc.
  • Built monitoring framework using OpenTelemetry, Application Insights, and Azure Monitor to identify issues, track usage, and optimize utilization. The solution provided real-time alerts, traces, historical data, and analytics for trend identification.
  • Designed and executed a Business Continuity and Disaster Recovery (BCDR) strategy for the twin platform that supported FIFA 2022. This was designed to satisfy the RTOs and RPOs for the on-premise Kubernetes clusters and Azure resources.
  • Designed and implemented an end-to-end networking architecture to ensure secure and private communication between services. This utilized AKS, Azure Application Gateway, Azure EventHubs, Azure Private DNS, and Azure SQL.
  • Wrote make scripts and Ansible playbooks to deploy HA Kubernetes cluster running on top of Rancher, used JFrog to store artifacts and express route circuit to establish connectivity with IoT Hub and App Insights at Azure using private link scopes.
  • Wrote a .NET application to probe TCP endpoints for obtaining the health status of OT systems at stadiums, then published this data via Azure Application Insights using the SDK. It was deployed as a job at edge Kubernetes clusters to run periodically.
  • Configured route tables to direct all outgoing traffic from any subnet through the Non-virtual Appliance (NVA), ensuring thorough scrutiny of data flow.
  • Wrote Helm charts for the services running over AKS and on-premises Kubernetes deployments.
  • Developed CI/CD pipelines in Azure DevOps to deploy Terraform code and Kubernetes services.
  • Configured DNS forwarders to fetch the private DNS records from Azure DNS for on-premises workloads.
Technologies: Azure, Azure DevOps, Azure SQL, Azure Blobs, Azure Application Gateway, Terraform, Azure Kubernetes Service (AKS), Kubernetes, Helm, Rancher, Rancher Kubernetes Engine (RKE), Azure Event Hubs, Azure Logic Apps, Azure Functions, IP Networks, Prisma, Sysdig, DevSecOps, Business Continuity & Disaster Recovery (BCDR), Teams, Docker, Microservices, GraphQL, REST APIs, Web Application Firewall (WAF), Private Endpoints, ExpressRoute, VPN, Ansible, Python, Bash, Windows PowerShell, .NET, DevOps, Git, Version Control, Branching Strategy, GitFlow, Jira, Linux, Unix, Monitoring, Infrastructure Monitoring, Application Monitoring, Network Monitoring, Enterprise Architecture, Containerization, Continuous Integration (CI), Continuous Delivery (CD), SQL, PHP, Autoscaling, Networking, Proxies, WebSockets, Site Reliability Engineering (SRE), Solution Architecture, Windows System Administration, Bash Script, NGINX, Load Balancers, SSL Certificates, Azure Automation, IIS, Software Architecture, On-premise, IT Operations Management (ITOM), Cloud Architecture, GitHub, MacOS, Ubuntu, SSL Configurations, Web Applications, Windows Server, VM, System Administration, Network Administration, DNS, PostgreSQL, Amazon Route 53, Team Leadership, Azure Key Vault, Azure Application Insights, Azure App Service, Azure SQL Databases, Azure Virtual Networks, API/Services Architecture, Event-driven Architecture, Licensing, GitLab CI/CD, Azure Cloud Services, SAML, Authentication, OpenID Connect (OIDC), B2B, Shell

Lead Infrastructure | DevOps | Manager MSP

2018 - PRESENT
ARPAtech
  • Created CI/CD pipeline for ASP.NET application using Azure DevOps pipelines. Helped the engineering team setup Azure AD for authentication using LDAPs.
  • Implemented IPSec-based VPN tunnels between the client's on-premises equipment, the Amazon Virtual Private Cloud resources, and ARPAtech's engineering teams.
  • Followed best practice guidance for highly available, scalable, and secure cloud/hybrid cloud environments using AWS Config.
  • Configured route tables, internet and NAT gateways, load balancing, direct connect, and firewall rules in Amazon VPC to get access to the on-premises resources.
  • Established Azure MSP desk as technical manager and recruited a technical team of 20 engineers.
  • Led the Microsoft's audit for Azure Expert MSP and acquired the badge.
  • Provided support for Microsoft 365 applications and services.
  • Created automation for MSP customer onboarding, monthly reporting, and escalation management.
Technologies: Amazon Elastic Container Registry (ECR), Amazon Web Services (AWS), .NET, OpenVPN, Helm, Logstash, Kibana, Elasticsearch, GitFlow, Slack, Jira, Azure, AWS CloudFormation, Ansible, Zabbix, Jenkins, Kubernetes, Docker, Laravel, Architecture, Azure Application Gateway, Azure Cosmos DB, SecOps, Linux, Python, VPN, Unix, Datadog, Monitoring, Infrastructure Monitoring, Application Monitoring, Network Monitoring, Enterprise Architecture, AWS DevOps, Containerization, Terraform, Microservices, Continuous Integration (CI), Continuous Delivery (CD), SQL, PHP, LAMP, Autoscaling, DigitalOcean, Networking, Proxies, WebSockets, Site Reliability Engineering (SRE), Azure Kubernetes Service (AKS), Azure Migrate, Solution Architecture, Office 365, Windows System Administration, Microsoft 365, Microsoft Defender Antivirus, Bash Script, Ceph, Node.js, Amazon Elastic Container Service (ECS), NGINX, Amazon API Gateway, Load Balancers, Let's Encrypt, SSL Certificates, Azure Automation, IIS, AWS Cloud Architecture, Software Architecture, IT Operations Management (ITOM), Cloud Architecture, Amazon Machine Images (AMI), Amazon MSK, Amazon ElastiCache, Amazon RDS, Amazon Simple Email Service (SES), GitHub, MacOS, Ubuntu, SSL Configurations, Web Applications, Windows Server, VM, System Administration, Web Application Firewall (WAF), Network Administration, DNS, PostgreSQL, Amazon Route 53, Team Leadership, Azure Key Vault, Azure Application Insights, Azure App Service, Azure SQL Databases, Azure Virtual Networks, API/Services Architecture, Event-driven Architecture, Apache2, Apache, Licensing, SMTP, Email, Email Delivery, GitHub Actions, Azure Virtual Desktop, Azure Cloud Services, SAML, Authentication, OpenID Connect (OIDC), B2B, Shell

Cloud Architect

2020 - 2024
Dengage
  • Designed a multi-server and multi-IP setup for efficient high-volume email sending.
  • Configured AWS GuardDuty, AWS Config, and CloudTrail to provide continuous security monitoring, resulting in a significant decrease in detected misconfigurations over a 6-month period.
  • Hardened root account credentials and governance policies, effectively eliminating non-compliant root-level activities.
  • Migrated legacy on-premises workloads into secure, multi-account AWS Organizations, reducing operational costs by approximately 20%.
Technologies: Amazon EC2, Kubernetes, AWS ELB, Elastic Load Balancers, AWS NLB, Network Load Balancing (NLB), Docker Compose, Containerization, AWS Cost Explorer, Amazon CloudFront CDN, Amazon CloudFront, Linux, Bash, Firewalls, Cloud Networking, Amazon Virtual Private Cloud (VPC), VPN, Email Systems, DNS Servers, Amazon CloudWatch, Amazon GuardDuty, AWS Well-Architected Framework, AWS CloudFormation, AWS CloudTrail, AWS Config, Identity & Access Management (IAM), AWS IAM, AWS Secrets Manager

NGINX Specialist

2023 - 2023
Confidential 1
  • Designed a solution architecture with NGINX reverse proxy and SSL certificates for the company environment.
  • Replaced AWS Application Load Balancer (ALB) with AWS Network Load Balancer to forward the TLS connection to the back-end EC2 instances without offloading SSL at the load balancer.
  • Used an AWS Lambda function to provision and renew SSL certificates from Let's Encrypt; those keys and certificates were stored at AWS Secrets Manager.
  • Opted to use AWS Systems Manager to read changes from AWS Secrets Manager and deploy on the EC2 instances attached to the autoscaling group.
Technologies: NGINX, Amazon Web Services (AWS), AWS Lambda, Amazon API Gateway, Load Balancers, SSL Certificates, Let's Encrypt, Amazon EC2, AWS Systems Manager, AWS Secrets Manager, API/Services Architecture, Event-driven Architecture, SAML, B2B

Senior Infrastructure Engineer | Team Lead

2016 - 2018
Cloudways
  • Automated provisioning, deployment, scaling, and monitoring of WordPress applications.
  • Implemented Varnish Cache to reduce server load and improve website response times for high-traffic WordPress sites by writing VCLs per the site dynamics.
  • Leveraged Azure App Service for deploying WordPress sites, taking advantage of PaaS capabilities for auto-scaling, patch management, and integrated CI/CD pipelines, which streamlined operations and enhanced productivity.
  • Automated the daily tasks by fetching the data through REST APIs and processing it using Python scripts.
  • Used configuration management (Ansible) to automate and manage configurations across environments.
  • Led the design and implementation of scalable WordPress infrastructure leveraging AWS services, including EC2, S3 for media storage, and RDS for database management, enhancing site performance and reliability.
  • Designed and built various dashboards over New Relic and Circonus to monitor and visualize the service level indicators (SLIs) and other key performance indicators (KPIs); these dashboards are used in daily standups to drive the agenda.
  • Built dashboards over Power BI to visualize business performance data as a single source of truth for broader observation of the business as a whole.
  • Designed and implemented a microservices architecture for WordPress on Kubernetes, separating components into individual services (e.g., front end, database, caching) for improved scalability and maintenance.
  • Implemented and maintained security best practices for WordPress, Magento, and Laravel.
Technologies: Amazon Web Services (AWS), Ansible, Docker, Varnish, Linux, Apache, PHP-FPM, NGINX, Kubernetes, Git, Python, Unix, Datadog, Monitoring, Infrastructure Monitoring, Application Monitoring, SQL, PHP, WordPress, LAMP, Autoscaling, DigitalOcean, Cloudways, Grafana, Bash Script, Ceph, Chef, Puppet, Node.js, Load Balancers, Let's Encrypt, SSL Certificates, Cloud Architecture, Amazon Simple Email Service (SES), GitHub, Ubuntu, SSL Configurations, Web Applications, VM, System Administration, Web Application Firewall (WAF), Network Administration, DNS, Team Leadership, Apache2, Domains & Hosting, SMTP, Email, Email Systems, Email Marketing, Magento, Azure Cloud Services, Shell

Manager Operations

2014 - 2016
DIDx
  • Installed, configured, customized, and administered Linux servers (Centos).
  • Performed research and develop new technologies.
  • Set up load balancing and failover algorithms using Kamailio SIP Server.
  • Installed and configured monitoring tools for Linux Servers and VoIP traffic (HOMER 5, SNGREP, Captagent, and Nagios).
  • Evaluated performance of technical support team.
  • Integrated systems to VOIP providers (Voxbone, Verizon, LEVEL3, Windstream).
  • Monitored all customer inquiries and ensure appropriate resolution of the same.
  • Analyzed and catered all security problems on network.
Technologies: SIP, Nagios, Monit, Apache, NGINX, Elastix, FreePBX, Kamailio, Asterisk, Linux, Unix, Infrastructure Monitoring, Bash Script, SSL Certificates, Ubuntu, SSL Configurations, VM, DNS, Apache2, Shell

Experience

Built a Kubernetes Cluster with CI/CD in a DMZ Environment

I designed and built a scalable infrastructure using cloud-native architecture for a large-scale distributed application deployed on hybrid cloud systems (private cloud and AWS) using Kubernetes and Docker. My work also included creating CI/CD pipelines with Jenkins to spin up the whole infrastructure over CloudFormation, as well as managing deployments using CloudFormation, Ansible, and Helm.

Established Connectivity with AWS Direct Connect

Physically connected the client's data centers to AWS infrastructure using AWS Direct Connect and troubleshoot issues which included OSI layers 1-4, from setting up the physical connection, establishing ARP using 802.1Q VLAN encapsulation, and establishing eBGP peering relationships with AWS infrastructure.

Built a Microservices Architecture for .NET Apps Using Azure Kubernetes Service (AKS)

I built an architecture for .NET microservices for a large eCommerce platform using Azure Kubernetes Services (AKS). The project consists of an API gateway and five or more (dynamic) microservices developed on .NET Core. I had to containerize the application according to the AKS ecosystem and then design the CI/CD pipelines using Azure DevOps to orchestrate the build and deploy process. I also considered adding new microservices using the pipeline so developers can add a new service behind the gateway using a pipeline in Azure DevOps.

For DevSecOps, I used Veracode and SourceClear to scan all locally developed and 3rd-party code so all builds are scanned before getting to the build pipeline; JFrog Xray was used to scan the Docker containers.

Migrating from Heroku to AWS ECS

The client used a complex application running a blend of interdependent services with different tech stacks. The monthly cost was huge for Heroku's convenience, so we moved the application to AWS ECS Cluster with AWS Fargate. The CI/CD part was challenging, but we managed to implement a blue/green deployment model using AWS CodeStar.

Kubernetes-driven Deployment for a Leading Nigerian Blog Built on WordPress

CHALLENGES
• High Traffic Management: Requiring a flexible infrastructure that can scale dynamically, as the website experiences significant spikes in traffic, especially during breaking news events.
• Performance Optimization: Ensuring fast page load times and smooth content delivery to enhance user experience across diverse geographic locations.
• Continuous Deployment: Facilitating a streamlined workflow for continuous content updates and feature releases without downtime or service disruption.

SOLUTIONS
• Kubernetes Deployment: Orchestrated the deployment of the WordPress site on Kubernetes, enabling automatic scaling, self-healing, and load balancing to manage traffic spikes efficiently.
• Cloud-Native Technologies: Utilized Azure Kubernetes Service (AKS) for cluster management, Azure Blob Storage integrated with a Content Delivery Network (CDN) for media files, and Azure SQL Database for scalable and reliable data storage.
• Performance Tuning: Configured Nginx and PHP-FPM within the Kubernetes pods to optimize web serving and PHP processing. Implemented Varnish Cache for content caching, significantly reducing back-end load and accelerating content delivery.

AVD Solution for Remote Access

As a cloud consultant, I designed and implemented an Azure Virtual Desktop (AVD) environment to provide a team with secure, remote access to a standardized desktop experience. I created golden images containing the necessary operating system, applications, and security configurations to ensure consistency across all virtual desktops.

To keep these images updated, I established a pipeline for baking the images using Azure Image Builder and Azure DevOps pipelines, allowing for regular updates with minimal downtime. Auto-scaling was enabled to optimize resource utilization and costs, which also helped achieve high availability for the solution.

Additionally, I integrated FSLogix to manage user profiles efficiently, ensuring fast login times and a consistent user experience by storing profiles on Azure Files.

Legacy Infrastructure Modernization, Migration and Containerization Initiative

Developed architectural diagrams, conducted comparative analyses, and prepared proposals to modernize legacy infrastructure. This involved core strategy and platform analysis using DevSecOps principles, migrating on-premises systems to the cloud, containerizing Java and .NET applications, implementing GitOps practices with ArgoCD and Azure DevOps, and promoting the adoption of modern development workflows to enhance scalability and efficiency.

Education

2014 - 2016

Master's Degree in Computer Systems and Networks

Hamdard University - Karachi, Pakistan

2010 - 2014

Bachelor's Degree in Electronics Engineering

Sir Syed Universtiy - Karachi, Pakistan

Certifications

APRIL 2023 - APRIL 2026

Certified Kubernetes Administrator

Cloud Native Computing Foundation (CNCF)

DECEMBER 2020 - DECEMBER 2023

AWS Certified Solution Architect Professional

AWS

SEPTEMBER 2020 - SEPTEMBER 2022

Microsoft Certified: DevOps Engineer Expert

Microsoft

SEPTEMBER 2020 - SEPTEMBER 2022

Microsoft Azure Solutions Architect Expert

Microsoft

JANUARY 2020 - PRESENT

AZ-203

Microsoft

Skills

Libraries/APIs

REST APIs, Amazon EC2 API, Node.js

Tools

Amazon Simple Notification Service (SNS), Azure DevOps Services, Amazon EKS, Ansible, Jenkins, NGINX, Nagios, Zabbix, Amazon Elastic Container Registry (ECR), AWS ELB, AWS IAM, Docker Compose, OpenVPN, Dynatrace, Varnish, Docker Hub, Apache, Terraform, AWS CodeDeploy, Azure Application Gateway, Azure Kubernetes Service (AKS), VPN, Let's Encrypt, Azure Key Vault, Azure Application Insights, Azure App Service, Shell, RabbitMQ, Logstash, Kibana, AWS CloudFormation, Amazon Elastic Container Service (ECS), Docker Swarm, Google Kubernetes Engine (GKE), Helm, Azure Automation, Amazon ElastiCache, Amazon Simple Email Service (SES), GitHub, Amazon CloudWatch, GitLab CI/CD, Chef, Puppet, Azure Network Security Groups, Azure Logic Apps, Git, PHP-FPM, Kamailio, FreePBX, Elastix, Monit, Slack, Jira, Asterisk, Artifactory, Prisma, Amazon Virtual Private Cloud (VPC), Grafana, Amazon Cognito, AWS Systems Manager, FPM, AWS Fargate, AWS CodeBuild, Automail, SonarQube, AWS Cost Explorer, Amazon CloudFront CDN, Amazon CloudFront, AWS CloudTrail

Languages

PHP, Bash Script, Bash, SAML, Python, SQL, Python 2, Python 3, GraphQL

Paradigms

Automation, Azure DevOps, DevOps, Continuous Integration (CI), Continuous Delivery (CD), Event-driven Architecture, B2B, Microservices Architecture, Microservices, API/Services Architecture, Samba, DevSecOps

Platforms

New Relic, Linux, Kubernetes, WordPress, Apache2, Docker, DigitalOcean, Azure, Azure Event Hubs, Amazon Web Services (AWS), LAMP, Unix, Ubuntu, Heroku, Magento, Sensu, Amazon EC2, AWS Lambda, MacOS, Windows Server, Azure PaaS, Apache Kafka, LEMP, Rancher, Azure Functions, Sysdig, AWS ALB, SharePoint, AWS NLB

Storage

Cloudways, Amazon S3 (AWS S3), LAMP Server, AWS CodeStar, PostgreSQL, Azure Cloud Services, Redshift, MySQL, Memcached, Redis, Elasticsearch, Ceph, Redis Cache, Ingres, Azure Active Directory, Datadog, Azure Cosmos DB, On-premise, Azure SQL Databases, GlusterFS, Spring Data Elasticsearch, Azure SQL, Azure Blobs

Frameworks

Laravel, Lumen, AWS HA, .NET, Windows PowerShell, AWS Well-Architected Framework

Other

Monitoring, ECS, Containerization, NFS, AWS Certified Solution Architect, MERN Stack, Autoscaling, AWS CodePipeline, Architecture, CI/CD Pipelines, Web Application Firewall (WAF), Networking, Infrastructure Monitoring, Application Monitoring, Network Monitoring, Proxies, Site Reliability Engineering (SRE), Azure Migrate, Solution Architecture, Office 365, Windows System Administration, Microsoft 365, Load Balancers, SSL Certificates, IIS, AWS Cloud Architecture, Software Architecture, Cloud Architecture, SSL Configurations, Web Applications, VM, System Administration, Network Administration, DNS, Amazon Route 53, Team Leadership, Azure Virtual Networks, Domains & Hosting, SMTP, Email, Email Delivery, Email Systems, Email Marketing, GitHub Actions, Azure Virtual Desktop, NginxRT, Amazon Glacier, Container Orchestration, AWS Certified DevOps Engineer, AWS DevOps, SecOps, Amazon API Gateway, Enterprise Architecture, WebSockets, Microsoft Defender Antivirus, IT Operations Management (ITOM), Amazon Machine Images (AMI), Amazon MSK, Amazon RDS, Authentication, Azure Resource Manager (ARM), Business Continuity & Disaster Recovery (BCDR), Infrastructure as Code (IaC), SIP, GitFlow, Service Meshes, Redis Clusters, Security, Direct Connect (DC), Configuration Management, Veracode, JFrog, Rancher Kubernetes Engine (RKE), IP Networks, Teams, Private Endpoints, ExpressRoute, Version Control, Branching Strategy, Autoscaling Groups, AWS VPN, File Sharing, AWS Secrets Manager, Licensing, FSlogix, OpenID Connect (OIDC), Argo CD, GitOps, Elastic Load Balancers, Network Load Balancing (NLB), Firewalls, Cloud Networking, DNS Servers, Amazon GuardDuty, AWS Config, Identity & Access Management (IAM)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring