Hyder Jafri
Verified Expert in Engineering
Cloud Architect and DevOps Expert Developer
Karachi, Sindh, Pakistan
Toptal member since October 31, 2019
Hyder is adept at understanding business objectives, establishing value for transformation and reformation change while streamlining business requirements with scalable, effective, and future-proof solutions. He has 7+ years of solutions delivery experience in the areas of consumer, enterprise, and financial solutions; cloud infrastructure; and high availability, scalability, and performance optimization.
Portfolio
Experience
- Linux - 8 years
- DevOps - 8 years
- Azure - 5 years
- Kubernetes - 5 years
- Ansible - 4 years
- Docker - 4 years
- Azure DevOps - 3 years
- AWS Certified Solution Architect - 1 year
Availability
Preferred Environment
Amazon Web Services (AWS), Docker, Azure, Ansible, Git, Linux, Kubernetes, Unix
The most amazing...
...project was leading DevOps for FIFA 2022 in Qatar, deploying twin infrastructure and processing data from millions of OT systems in eight stadiums in Azure.
Work Experience
Azure Engineer
Analytiks International
- Performed successful migration of on-premises file share to Azure, transferring data and ACLs. Set up a domain server and AD Sync, enabled Azure AD authentication, assigned permissions, and ensured seamless data transfer.
- Migrated Azure AD services, ensuring continuity of user identities, groups, and roles. Oversaw authentication set up, data syncing, policy implementation, and testing, securing a smooth transition.
- Performed an upgrade for the DC server from 2012 to 2022, migrated DNS and FSMO roles, and configured an additional DC server for DR.
- Configured a site-to-site VPN to secure connectivity from on-premises environments to Azure, enabling the local Linux and Windows workloads to authenticate via AD.
- Managed and administered Office 365 environments, leveraging a decade of experience in O365 technologies to plan, implement, and maintain robust and secure setups.
- Administered SharePoint permissions for internal and external users, enhancing access control and resource management while maintaining stringent security protocols.
- Set up and configured resources and objects in SharePoint to facilitate ease of access, improving user experience and operational efficiency.
- Implemented and managed O365 projects, utilizing best practices to deliver scalable and secure solutions tailored to organizational needs.
- Led multiple migration projects, including seamless transitions from Google Workspace to Office 365, ensuring minimal disruption and optimal functionality.
DevOps Practice Lead
Johnson Controls
- Oversaw development of IaC templates over Terraform to provision fully private Azure infrastructure such as AKS, Route Tables, Private Endpoints, EventHubs, Kubernetes services, etc.
- Built monitoring framework using OpenTelemetry, Application Insights, and Azure Monitor to identify issues, track usage, and optimize utilization. The solution provided real-time alerts, traces, historical data, and analytics for trend identification.
- Designed and executed a Business Continuity and Disaster Recovery (BCDR) strategy for the twin platform that supported FIFA 2022. This was designed to satisfy the RTOs and RPOs for the on-premise Kubernetes clusters and Azure resources.
- Designed and implemented an end-to-end networking architecture to ensure secure and private communication between services. This utilized AKS, Azure Application Gateway, Azure EventHubs, Azure Private DNS, and Azure SQL.
- Wrote make scripts and Ansible playbooks to deploy HA Kubernetes cluster running on top of Rancher, used JFrog to store artifacts and express route circuit to establish connectivity with IoT Hub and App Insights at Azure using private link scopes.
- Wrote a .NET application to probe TCP endpoints for obtaining the health status of OT systems at stadiums, then published this data via Azure Application Insights using the SDK. It was deployed as a job at edge Kubernetes clusters to run periodically.
- Configured route tables to direct all outgoing traffic from any subnet through the Non-virtual Appliance (NVA), ensuring thorough scrutiny of data flow.
- Wrote Helm charts for the services running over AKS and on-premises Kubernetes deployments.
- Developed CI/CD pipelines in Azure DevOps to deploy Terraform code and Kubernetes services.
- Configured DNS forwarders to fetch the private DNS records from Azure DNS for on-premises workloads.
Lead Infrastructure | DevOps | Manager MSP
ARPAtech
- Created CI/CD pipeline for ASP.NET application using Azure DevOps pipelines. Helped the engineering team setup Azure AD for authentication using LDAPs.
- Implemented IPSec-based VPN tunnels between the client's on-premises equipment, the Amazon Virtual Private Cloud resources, and ARPAtech's engineering teams.
- Followed best practice guidance for highly available, scalable, and secure cloud/hybrid cloud environments using AWS Config.
- Configured route tables, internet and NAT gateways, load balancing, direct connect, and firewall rules in Amazon VPC to get access to the on-premises resources.
- Established Azure MSP desk as technical manager and recruited a technical team of 20 engineers.
- Led the Microsoft's audit for Azure Expert MSP and acquired the badge.
- Provided support for Microsoft 365 applications and services.
- Created automation for MSP customer onboarding, monthly reporting, and escalation management.
NGINX Specialist
Confidential 1
- Designed a solution architecture with NGINX reverse proxy and SSL certificates for the company environment.
- Replaced AWS Application Load Balancer (ALB) with AWS Network Load Balancer to forward the TLS connection to the back-end EC2 instances without offloading SSL at the load balancer.
- Used an AWS Lambda function to provision and renew SSL certificates from Let's Encrypt; those keys and certificates were stored at AWS Secrets Manager.
- Opted to use AWS Systems Manager to read changes from AWS Secrets Manager and deploy on the EC2 instances attached to the autoscaling group.
Senior Infrastructure Engineer | Team Lead
Cloudways
- Automated provisioning, deployment, scaling, and monitoring of WordPress applications.
- Implemented Varnish Cache to reduce server load and improve website response times for high-traffic WordPress sites by writing VCLs per the site dynamics.
- Leveraged Azure App Service for deploying WordPress sites, taking advantage of PaaS capabilities for auto-scaling, patch management, and integrated CI/CD pipelines, which streamlined operations and enhanced productivity.
- Automated the daily tasks by fetching the data through REST APIs and processing it using Python scripts.
- Used configuration management (Ansible) to automate and manage configurations across environments.
- Led the design and implementation of scalable WordPress infrastructure leveraging AWS services, including EC2, S3 for media storage, and RDS for database management, enhancing site performance and reliability.
- Designed and built various dashboards over New Relic and Circonus to monitor and visualize the service level indicators (SLIs) and other key performance indicators (KPIs); these dashboards are used in daily standups to drive the agenda.
- Built dashboards over Power BI to visualize business performance data as a single source of truth for broader observation of the business as a whole.
- Designed and implemented a microservices architecture for WordPress on Kubernetes, separating components into individual services (e.g., front end, database, caching) for improved scalability and maintenance.
- Implemented and maintained security best practices for WordPress, Magento, and Laravel.
Manager Operations
DIDx
- Installed, configured, customized, and administered Linux servers (Centos).
- Performed research and develop new technologies.
- Set up load balancing and failover algorithms using Kamailio SIP Server.
- Installed and configured monitoring tools for Linux Servers and VoIP traffic (HOMER 5, SNGREP, Captagent, and Nagios).
- Evaluated performance of technical support team.
- Integrated systems to VOIP providers (Voxbone, Verizon, LEVEL3, Windstream).
- Monitored all customer inquiries and ensure appropriate resolution of the same.
- Analyzed and catered all security problems on network.
Experience
Built a Kubernetes Cluster with CI/CD in a DMZ Environment
Established Connectivity with AWS Direct Connect
Built a Microservices Architecture for .NET Apps Using Azure Kubernetes Service (AKS)
For DevSecOps, I used Veracode and SourceClear to scan all locally developed and 3rd-party code so all builds are scanned before getting to the build pipeline; JFrog Xray was used to scan the Docker containers.
Migrating from Heroku to AWS ECS
Kubernetes-driven Deployment for a Leading Nigerian Blog Built on WordPress
• High Traffic Management: Requiring a flexible infrastructure that can scale dynamically, as the website experiences significant spikes in traffic, especially during breaking news events.
• Performance Optimization: Ensuring fast page load times and smooth content delivery to enhance user experience across diverse geographic locations.
• Continuous Deployment: Facilitating a streamlined workflow for continuous content updates and feature releases without downtime or service disruption.
SOLUTIONS
• Kubernetes Deployment: Orchestrated the deployment of the WordPress site on Kubernetes, enabling automatic scaling, self-healing, and load balancing to manage traffic spikes efficiently.
• Cloud-Native Technologies: Utilized Azure Kubernetes Service (AKS) for cluster management, Azure Blob Storage integrated with a Content Delivery Network (CDN) for media files, and Azure SQL Database for scalable and reliable data storage.
• Performance Tuning: Configured Nginx and PHP-FPM within the Kubernetes pods to optimize web serving and PHP processing. Implemented Varnish Cache for content caching, significantly reducing back-end load and accelerating content delivery.
AVD Solution for Remote Access
To keep these images updated, I established a pipeline for baking the images using Azure Image Builder and Azure DevOps pipelines, allowing for regular updates with minimal downtime. Auto-scaling was enabled to optimize resource utilization and costs, which also helped achieve high availability for the solution.
Additionally, I integrated FSLogix to manage user profiles efficiently, ensuring fast login times and a consistent user experience by storing profiles on Azure Files.
Legacy Infrastructure Modernization, Migration and Containerization Initiative
Education
Master's Degree in Computer Systems and Networks
Hamdard University - Karachi, Pakistan
Bachelor's Degree in Electronics Engineering
Sir Syed Universtiy - Karachi, Pakistan
Certifications
Certified Kubernetes Administrator
Cloud Native Computing Foundation (CNCF)
AWS Certified Solution Architect Professional
AWS
Microsoft Certified: DevOps Engineer Expert
Microsoft
Microsoft Azure Solutions Architect Expert
Microsoft
AZ-203
Microsoft
Skills
Libraries/APIs
REST APIs, Amazon EC2 API, Node.js
Tools
Amazon Simple Notification Service (SNS), Azure DevOps Services, Amazon EKS, Ansible, Jenkins, NGINX, Nagios, Zabbix, Amazon Elastic Container Registry (ECR), AWS ELB, AWS IAM, Docker Compose, OpenVPN, Dynatrace, Varnish, Docker Hub, Apache, Terraform, AWS CodeDeploy, Azure Application Gateway, Azure Kubernetes Service (AKS), VPN, Let's Encrypt, Azure Key Vault, Azure Application Insights, Azure App Service, Shell, RabbitMQ, Logstash, Kibana, AWS CloudFormation, Amazon Elastic Container Service (ECS), Docker Swarm, Google Kubernetes Engine (GKE), Helm, Azure Automation, Amazon ElastiCache, Amazon Simple Email Service (SES), GitHub, Amazon CloudWatch, GitLab CI/CD, Chef, Puppet, Azure Network Security Groups, Azure Logic Apps, Git, PHP-FPM, Kamailio, FreePBX, Elastix, Monit, Slack, Jira, Asterisk, Artifactory, Prisma, Amazon Virtual Private Cloud (VPC), Grafana, Amazon Cognito, AWS Systems Manager, FPM, AWS Fargate, AWS CodeBuild, Automail, SonarQube
Languages
PHP, Bash Script, Bash, SAML, Python, SQL, Python 2, Python 3, GraphQL
Paradigms
Automation, Azure DevOps, DevOps, Continuous Integration (CI), Continuous Delivery (CD), Event-driven Architecture, B2B, Microservices Architecture, Microservices, API/Services Architecture, Samba, DevSecOps
Platforms
New Relic, Linux, Kubernetes, WordPress, Apache2, Docker, DigitalOcean, Azure, Azure Event Hubs, Amazon Web Services (AWS), LAMP, Unix, Ubuntu, Heroku, Magento, Sensu, Amazon EC2, AWS Lambda, MacOS, Windows Server, Azure PaaS, Apache Kafka, LEMP, Rancher, Azure Functions, Sysdig, AWS ALB, SharePoint
Storage
Cloudways, Amazon S3 (AWS S3), LAMP Server, AWS CodeStar, PostgreSQL, Azure Cloud Services, Redshift, MySQL, Memcached, Redis, Elasticsearch, Ceph, Redis Cache, Ingres, Azure Active Directory, Datadog, Azure Cosmos DB, On-premise, Azure SQL Databases, GlusterFS, Spring Data Elasticsearch, Azure SQL, Azure Blobs
Frameworks
Laravel, Lumen, AWS HA, .NET, Windows PowerShell
Other
Monitoring, ECS, Containerization, NFS, AWS Certified Solution Architect, MERN Stack, Autoscaling, AWS CodePipeline, Architecture, CI/CD Pipelines, Web Application Firewall (WAF), Networking, Infrastructure Monitoring, Application Monitoring, Network Monitoring, Proxies, Site Reliability Engineering (SRE), Azure Migrate, Solution Architecture, Office 365, Windows System Administration, Microsoft 365, Load Balancers, SSL Certificates, IIS, AWS Cloud Architecture, Software Architecture, Cloud Architecture, SSL Configurations, Web Applications, VM, System Administration, Network Administration, DNS, Amazon Route 53, Team Leadership, Azure Virtual Networks, Domains & Hosting, SMTP, Email, Email Delivery, Email Systems, Email Marketing, GitHub Actions, Azure Virtual Desktop, NginxRT, Amazon Glacier, Container Orchestration, AWS Certified DevOps Engineer, AWS DevOps, SecOps, Amazon API Gateway, Enterprise Architecture, WebSockets, Microsoft Defender Antivirus, IT Operations Management (ITOM), Amazon Machine Images (AMI), Amazon MSK, Amazon RDS, Authentication, Azure Resource Manager (ARM), Business Continuity & Disaster Recovery (BCDR), Infrastructure as Code (IaC), SIP, GitFlow, Service Meshes, Redis Clusters, Security, Direct Connect (DC), Configuration Management, Veracode, JFrog, Rancher Kubernetes Engine (RKE), IP Networks, Teams, Private Endpoints, ExpressRoute, Version Control, Branching Strategy, Autoscaling Groups, AWS VPN, File Sharing, AWS Secrets Manager, Licensing, FSlogix, OpenID Connect (OIDC), Argo CD, GitOps
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring