Murat Hatipoglu

Cloud Solution Architect Developer

Location

London, United Kingdom

Toptal Member Since

November 6, 2018

Murat has been working in the IT industry for more than 20 years. With extensive network, system, and applications experience, he is able to relate the different requirements and provide clear insight into navigating the complex technology landscape. Murat's philosophy is to focus on building long-term relationships with clients, working with them to simplify their lives, and becoming a trusted partner rather than be just an outside consultant.

Security Architecture Security Testing SSL Configurations Firewalls Identity & Access Management (IAM)ASA Firewalls Threat Intelligence Web App Security Unix Linux Security Perl MySQL DevSecOps Amazon Web Services (AWS)

Murat is available for hire

Hire Murat

Portfolio

Avon Products

Amazon Web Services (AWS), Azure, Terraform, Jenkins...

Bridgestone

DevSecOps, Security Analysis, Security, Writing & Editing, DevOps, Azure

Service Rocket

Amazon Web Services (AWS), Amazon CloudWatch, AWS CloudTrail...

Experience

Identity & Access Management (IAM) - 20 years Security - 20 yearsCloud - 10 yearsAzure - 10 years Amazon Web Services (AWS) - 5 yearsInfrastructure as Code (IaC) - 3 yearsKubernetes - 2 years Terraform - 2 years

Location

Availability

Part-time

Preferred Environment

Amazon Web Services (AWS), Python, Docker, Kubernetes, Terraform, Azure

The most amazing...

...projects I've completed help clients secure applications deployed on public cloud environments and protect them from sophisticated application layer attacks.

Work Experience

2020 - PRESENT

Cloud Security Architect | DevSecOps Engineer

Avon Products

Designed the security architecture of multi-cloud hybrid infrastructure.
Designed security as an integral part of SDLC and DevOps practices.
Worked on IaC development for the deployment of designed solutions and architectures.
Delivered POCs for new products and technologies, such as AWS Network Firewall, Snyk, and CrowdStrike in cloud environments.

Technologies: Amazon Web Services (AWS), Azure, Terraform, Jenkins, Azure Kubernetes Service (AKS), AWS Transit Gateway, Firewalls, AWS Security Hub, Amazon CloudWatch, NGINX, Web Application Firewall (WAF), Amazon Route 53, Hybrid Cloud Infrastructure

2020 - 2020

Azure DevOps and Security Architect

Bridgestone

Documented Azure application’s security, privacy, compliance, reliability/resiliency, and intellectual property.
Assessed the existing Azure environment(s). Collected data to build the document.
Compared the existing environment against Azure CIS Foundation Benchmark, documenting implemented security controls and missing and recommended controls.

Technologies: DevSecOps, Security Analysis, Security, Writing & Editing, DevOps, Azure

2019 - 2020

Cloud Security Architect

Service Rocket

Performed the audit and security review of the existing product, staging, and development environments on multiple AWS accounts.
Completed GAP-analysis against the CIS Framework, PCI DSS, and SOC-2 requirements. Documented actions required for remediation of findings.
Deployed, configured, and integrated AWS services, SecurityHub, Inspector, Macie, Config, CloudTrail, and CloudWatch.

Technologies: Amazon Web Services (AWS), Amazon CloudWatch, AWS CloudTrail, Identity & Access Management (IAM)

2019 - 2020

DevOps and Cloud Security Engineer

Dentsu Aegis Network

Oversaw the design of coud security perimeter on Azure and AWS.
Developed Terraform automation code to deploy designed architecture components.
Developed Terraform codes to implement infrastructure as a code (IaaC/IaaS) practices.
Integrated automated infrastructure deployments into CI/CD pipelines.
Designed, deployed, and configured cloud-native security solutions and also third-party security products on a multi-cloud environment.

Technologies: Amazon Web Services (AWS), Vault, HashiCorp, Docker, Azure Kubernetes Service (AKS), Kubernetes, Terraform, Helm, Azure

2018 - 2019

Senior Application Delivery and Security Specialist

Opel Vauxhall Finance

Deployed a new application delivery infrastructure.
Supported application migrations between data centers.
Managed remote access infrastructure and identity and access management.
Developed TCL codes for application traffic manipulation and controls.
Secured external and internal applications.

Technologies: ServiceNow, Splunk, DNS, APM

2018 - 2018

Contractor Security Architect

Derbyshire County Council in UK

Deployed ADFS and F5 security products in Azure.
Implemented layer 4 DDoS protection for ADFS service.
Ensured L7 DoS protection for ADFS service.
Built a high-availabile infrastructure for ADFS service.

Technologies: ASM, ADFS, Azure

2017 - 2017

Network and Security Architect

Nottinghamshire City Council

Designed new application delivery infrastructure.
Created and deployed high available, optimized, and secured access to applications.
Deployed secure remote access to internal applications and VDI environment.
Integrated a new solution with existing infrastructure and identity access management solution.
Designed and deployed a Global Server Load Balancing solution to provide active-active and active-passive use of two datacenters.

Technologies: Identity & Access Management (IAM), DNS, Load Balancers

2017 - 2017

Network and Security Architect

University of Lincoln

Designed a new data center application delivery and security infrastructure.
Planned a phased migration of applications from legacy data center to the new one while both data centers run in production in parallel.
Created and deployed a high available application delivery infrastructure.
Designed and deployed network and application firewall systems to provide Layer 3-7 protection.
Developed customer TCL codes to integrate Cisco ISE and F5 Networks solutions to provide controlled Wi-Fi and remote access to the campus network.
Designed and deployed of Global Server Load Balancing infrastructure for active-active operation of old and new datacenters together with active-passive operation of new and disaster recover datacenters for business continuity.

Technologies: DNS, Firewalls, Load Balancers

2017 - 2017

Cloud Architect

Ofgem (Gas and Electricty Markets Authority)

Migrated local applications to the cloud.
Deployed web application firewall and configured to secure application access.
Set up remote access infrastructure to enable users to access VDI environment.

Technologies: Virtual Desktop Infrastructure (VDI), Web Application Firewall (WAF), Cloud

2013 - 2016

Systems Engineer

F5 Networks

Maintained a high level of technical knowledge of F5 Networks and the relevant industry.
Participated in the development and support of presentations for customers and partners.
Articulated technical elements of the F5 value proposition to customers and partners.
Provided complex design and systems engineering configurations.
Partnered with product development and product management to assist with Change Request (CR) and Customer Special Request (CSR) cases.
Contributed to the creation of case studies, white papers, and media articles for customers and/or partners.

Technologies: Virtual Desktop Infrastructure (VDI), Single Sign-on (SSO), Kerberos, SAML, PKI, OpenSSL, SMTP, DDoS, Firewalls, VMware NSX, Cisco, Node.js, Remote Control, Tcl, VPN, SSL, DNS, Manufacturing, ASM

2012 - 2013

Sales Specialist

Teradata

Handled direct sales in all financial accounts including banks and insurance companies.
Sold the Teradata solution portfolio products including software, professional services, hardware, and support services. This included products such as Customer Retention Management Solutions, Campaign Management Solutions, Scale-able Data Warehousing, Customer Interaction Solutions, Teradata database software, and Object Relational technologies and specific solutions on finance segment.
Interfaced with contacts at all levels, including those at director and executive management CXO levels, in both the IT and the business community.
Effectively advised and influenced customers through consultative selling techniques.
Closed profitable Teradata high scale data warehouse solution business incorporating hardware, software, professional services, and customer services.

Technologies: Customer Relationship Management (CRM), Analytics, Business Intelligence (BI), Internet of Things (IoT), Artificial Intelligence (AI), Cloud, Big Data, Enterprise

1998 - 2012

Solution Architect - Consultant

Hewlett Packard

Served as the technical lead of Governmental Disaster Insurance Intuition project. Provided the design and implementation of the entire infrastructure.
Performed risk assessment, security review, security policies development and security solutions design/implementation for customers in different industries.
Provided on-site network and security consultancy for a GSM operator.
Served as the technical project lead of Security Risk Assessment and Ethical Hacking Projects.
Provided technical lead services for a Business Continuity project which has the national best integration project award in Turkey.
Integrated existing and new services to SDPA (Service Delivery Platform Architecture) environment of a GSM operator as a solution architect.
Consulted for Enterprise Networking, IT Security, IT Service Management, Identity and Access Management, Managed Services (outsourcing) projects.

Technologies: Router Development, Riverbed, Firewalls, Service-oriented Architecture (SOA), BPEL, Oracle, Cisco, ITSM, PKI, Identity & Access Management (IAM), Security, Networks

Experience

DoS/DDoS Protection for Cloud-based Applications

Protection of cloud-based applications by implementing Layer2-7 security controls.

Development of Code to Distribute User Traffic Between Data Centers

Development of Node.js code to check end-user traffic in a Mobile operator environment.

The solution captures end-user IMEI/IMSI data and query against centralized Oracle database to find out the details of that specific user. The user is redirected automatically based on their subscription details to the corresponding data center.

This custom solution saved hundreds of thousand dollars of the mobile operator.

Development of Code to Integrate IAM Solution Components

Developed series of TCL based custom code to integrate Cisco ISE product and F5 Networks LTM and APM modules. None of those components were able to provide the solution required alone.

The developed solution tracks, captures, and makes available the critical information to all solution components during the full cycle of user identification, authentication, and authorization.

Powershell and Perl-based Code Development for Automation and Multi-tenant Management of F5 Products

Developed Powershell and Perl-based codes to communicate with F5 products using REST API. Those codes are used to enable automation of regular tasks and also to enable individual application owners to take actions on their application delivery infrastructure without a need to connect F5 systems directly.

Python and Perl-based Codes for Automation and Integration

Developed custom codes to automate tasks in the scope of projects utilizing HP Openview product portfolio. Also codes for integration between HP products and with external third-party products monitored.

Development of Codes to Integrate F5 APM and Airwatch MDM Solutions

Development of TCL and Powershell custom codes to perform additional security checks against mobile user traffic when they access corporate applications. The solution makes sure only registered corporate mobile devices are allowed to access applications published to and accessed from the Internet.

High Availability for Application Access in Azure and AWS Environments

Deployment of third-party high availability solutions in Azure and AWS environments. The solutions provide advanced functionality over Azure and AWS standard load balancing solutions.

Advanced Security in Azure and AWS Environments

Design and deployment of advanced security solutions by using third-party products in Azure and AWS environments. These solutions include web application firewall for additional security controls at Layer7, network firewalls for next-generation controls and stronger segmentation in cloud environment, phishing and fraud detection and controls, secure remote access solutions, and SSL certificate management.

Integration of Third-party Cloud-based Applications (SaaS) With Corporate User Directories

SAML-based solutions design and deployments for providing corporate directory based authentication and authorization of users when they access to third-party cloud applications such as Webex, Concur, Egencia, Salesforce, and SuccessFactors.

MQL4 and MQL5-based Automated Trading Systems

Developed personal automated trading systems (robots) with MQL4 and MQL5 programming languages in MetaTrader environments.

Development of Codes for Application Traffic Control

TCL-based iRule codes running on F5 systems for content switching of application traffic, Traffic shaping and steering, manipulation of application traffic on-the-fly as required, running additional security controls on application traffic, and custom logging of application access related information.

Design, Deployment, and Terraform Automation of Cloud Landing Zone

Design of the security perimeter architecture, creating its automated deployment as Infrastructure as a Code (IaaS) integrated into CI/CD pipeline of multi-cloud digital media ecosystem platform running on Azure, AWS and GCP cloud platforms. Used Kubernetes, Docker, Nginx Ingress, Terraform, Helm, and cloud native as well as third-party security solutions in public cloud environments.

Audit and Security Review of an Existing AWS Environment

Audit and security review of the existing product, staging, and development environments on multiple AWS accounts. GAP-analysis against CIS framework, PCI DSS, and SoC-2 requirements. Documentation of actions required for remediation of findings.

Skills

Languages

SAML, Tcl, Perl, SQL, C, Python, MQL4, MQL5

Frameworks

ASM

Libraries/APIs

OpenSSL, Node.js

Tools

VPN, AWS CloudTrail, Amazon CloudWatch, Syslog, Ansible, Terraform, Azure Kubernetes Service (AKS), Splunk, ADFS, Helm, Jenkins, Cisco Webex Meetings Server, SAP Concur, NGINX

Paradigms

DevOps, DevSecOps, DDoS, ITIL, Continuous Deployment, Continuous Delivery (CD), Continuous Integration (CI), Business Intelligence (BI), Service-oriented Architecture (SOA), REST, Automation

Platforms

Unix, Linux, Kubernetes, Docker, Azure, Amazon Web Services (AWS), Oracle, Salesforce

Industry Expertise

Cybersecurity, IT Security, Security

Storage

MySQL, Neo4j

Other

APM, SMTP, PKI, Single Sign-on (SSO), Enterprise, Networks, ITSM, Security Architecture, Threat Intelligence, Writing & Editing, Vulnerability Assessment, Security Testing, Security Analysis, Dynamic Load Balancing, Load Balancers, CISSP, IT Service Management (ITSM), Network Monitoring, Continuous Monitoring, Monitoring, Business Continuity & Disaster Recovery (BCDR), SSL Configurations, SSL Certificates, SSL, Firewalls, Web Application Firewall (WAF), DNS Configuration, Domain Name System (DNS), DNS Servers, DNS, ASA Firewalls, Cisco Networking, Unix Shell Scripting, Identity & Access Management (IAM), F5 Networks, Infrastructure as Code (IaC), Cloud, Web App Security, Virtual Desktop Infrastructure (VDI), Kerberos, Content Delivery Networks (CDN), PCI DSS, Big Data, Artificial Intelligence (AI), Internet of Things (IoT), SaaS, IaaS, PCI, SoC, Audits, GAP Analysis, AWS Transit Gateway, AWS Security Hub, Amazon Route 53, Hybrid Cloud Infrastructure, Computer Engineering, Consulting, Cloud Security, Containerization

Education

1993 - 1998

Bachelor of Science Degree in Computer Engineering

Ege Univerisy - Izmir, Turkey

Certifications

MAY 2019 - MAY 2021

F5 Certified Solution Expert - Cloud (402)

F5 Networks

FEBRUARY 2019 - FEBRUARY 2022

AWS Certified Solution Architect

AWS

APRIL 2018 - APRIL 2020

F5 Technology Specialist - APM - 304

F5 Networks

APRIL 2018 - APRIL 2020

F5 Technology Specialist - ASM - 303

F5 Networks

APRIL 2018 - APRIL 2020

F5 Technology Specialist - DNS/GTM - 302

F5 Networks

APRIL 2018 - APRIL 2020

F5 Technology Specialist - LTM - 301a & 301b

F5 Networks

APRIL 2018 - APRIL 2020

F5 Certified Solution Expert - Security (401)

F5 Networks

OCTOBER 2008 - SEPTEMBER 2014

CCIE

Cisco

JUNE 2008 - PRESENT

CISSP

ISC2