Oliver Ewert, Developer in Upper Hutt, Wellington, New Zealand
Oliver is available for hire
Hire Oliver

Oliver Ewert

Verified Expert  in Engineering

Software Developer

Upper Hutt, Wellington, New Zealand

Toptal member since March 19, 2020

Expertise
System AdministrationAWS DevOpsPythonCybersecurityAWSAWS IAMDockerAuth0Web DevelopmentCloudflareSystem SecurityXero Development
Bio

Oliver has over five years of experience with automation in the cloud—from automated firewall appliance provisioning to modern, serverless web applications. Along with a strong security and systems background, he's successfully worked as a full-stack developer. He started freelancing because he enjoys new challenges and helping people and wants more flexibility. Oliver is an active member of his local developer community, speaking at conferences and contributing to open source.

Portfolio

Fantail Consulting
Amazon Web Services (AWS), Azure, Azure IoT Hub, Auth0, Web Security, Balena...
ControlPlane
Vault, Kubernetes, Kubernetes Operators, AWS IAM, Google Cloud Platform (GCP)...
Permiso Security
AWS Lambda, Amazon API Gateway, API Gateways, Terraform, Web Security...

Experience

  • Python 3 - 7 years
  • DevOps - 6 years
  • Amazon Web Services (AWS) - 6 years
  • Security - 6 years
  • Docker - 3 years
  • Auth0 - 2 years
  • Azure - 2 years
  • Azure Kubernetes Service (AKS) - 2 years

Availability

Part-time

Preferred Environment

Docker, Python 3, Amazon Web Services (AWS), Cybersecurity, Terraform, Identity & Access Management (IAM)

The most amazing...

...thing I've done was the automation of the deployment of a legacy system that "couldn't be automated," saving us countless hours of pain and suffering.

Work Experience

Cloud Native Security Consultant

2020 - PRESENT
Fantail Consulting
  • Developed end-to-end IoT solutions from designing circuit boards to embedded Python, device operating system management, cloud connectivity, and Azure IoT Hub management. Utilized Raspberry Pi, balenaCloud, and 4G IoT networks.
  • Helped small businesses move legacy software into containers, streamlining deployment, update processes, and database management through automation.
  • Migrated on-premise infrastructure to the cloud, from moving apps to containers in the cloud/serverless to migrating email servers to G Suite/Microsoft 365/ProtonMail.
  • Developed custom dashboards to integrate multiple systems, providing a bespoke integration point, utilizing Python, AWS Lambda, and DynamoDB/Amazon RDS.
  • Consulted with small organizations on raising their security posture with minimal effort. This included analysis of risks and workshops with staff on basics (e.g., MFA, etc.) to secure development practices and infrastructure security.
Technologies: Amazon Web Services (AWS), Azure, Azure IoT Hub, Auth0, Web Security, Balena, PyCharm, Content Delivery Networks (CDN), Cloud Security, Web Development, GitHub, Python 3, Python 2, AWS CloudFormation, Web App Security, Django, Bash, Amazon S3 (AWS S3), DevOps, Continuous Delivery (CD), Network Security, AWS Lambda, Amazon CloudWatch, Kubernetes, Linux, System Administration, Cybersecurity, Amazon EKS

Cloud Native Security Engineer

2022 - 2023
ControlPlane
  • Wrote a Terraform provider for an internal secrets management API.
  • Integrated HashiCorp Vault with GCP to allow Vault clients to retrieve short-lived GCP access tokens.
  • Maintained, enhanced, and upgraded legacy Python scripts, adding tests, features, and modern Python syntax.
  • Wrote new tests for existing internal Terraform providers to ensure their correct functioning and maintainability.
  • Sped up and downsized various container image builds significantly.
Technologies: Vault, Kubernetes, Kubernetes Operators, AWS IAM, Google Cloud Platform (GCP), Terraform, Python, Flask

Senior Cloud Security Engineer

2021 - 2022
Permiso Security
  • Improved CI/CD processes for deploying code and infrastructure, including importing resources into Terraform, automating manual deployment steps and checks, improving pipeline security and speed, and reducing errors.
  • Improved AWS environment security, cost, and toil by improving management automation, making IAM resources and networking more granular and locking them down. Implemented VPC endpoints, significantly reducing NAT gateway cost.
  • Improved incident response and post-mortem processes, introducing more structure to the process and making it more user-friendly for the team to engage with the process.
  • Improved logging, monitoring, and alerting by implementing Grafana Cloud dashboards and alerting and Loki log collection. Unified logging output formats to allow easier searching and aggregation of logs.
  • Advised the product development team on how their software might be used in a Security Operations environment, what workflows for different security roles look like, and how they can streamline their application for these workflows.
Technologies: AWS Lambda, Amazon API Gateway, API Gateways, Terraform, Web Security, Cloud Security, DevOps, GitHub, Cloud, Security, Amazon Web Services (AWS), AWS IAM, Amazon S3 (AWS S3), Continuous Delivery (CD), Network Security, Jira, Amazon CloudWatch, JavaScript, PostgreSQL, Amazon DynamoDB, Elasticsearch, Amazon Virtual Private Cloud (VPC), Continuous Integration (CI), DevSecOps, Grafana, CI/CD Pipelines, Web Development, Content Delivery Networks (CDN), AWS CloudFormation, Web App Security, Bash, Linux, System Administration, Cybersecurity

Security Consultant

2020 - 2021
Environmental Science and Research Ltd
  • Deployed and supported Azure-managed Kubernetes cluster using Azure DevOps, Terraform, and Helm for infrastructure as code deployed by automated pipeline.
  • Managed and improved Azure environment architecture and security, implementing various Azure security features and reducing waste and cost.
  • Supported development teams in building out CI/CD pipelines to deploy apps with automation, including implementing auto-scaling agent pools and per-pipeline service principle-based authentication and improving secrets management.
  • Sole technical advisor on a multi-agency board to appoint vCISO; supported the process from the board's inception to the selection and onboarding of vCISO.
  • Assessed organizational security maturity against NIST and PSR. Implemented a program of work to uplift organizational security maturity.
  • Managed the external security resource, including scoping and scheduling security assessments for systems, overseeing the resulting work items, and working with development teams to understand and address underlying systemic issues.
Technologies: Azure, Azure Kubernetes Service (AKS), Kubernetes, Palo Alto Networks, Docker, ShinyProxy, Helm, Azure DevOps, Auth0, CI/CD Pipelines, Security, Python 3, DevOps, IT Security, Network Security, PostgreSQL 10, Cloud Security, Terraform, PostgreSQL, Web Security, Web Application Firewall (WAF), Web Development, GitHub, Web App Security, SecOps, Bash, Continuous Delivery (CD), Linux, System Administration, Cybersecurity

Platform Engineer (Contract)

2020 - 2020
Westpac New Zealand, Limited
  • Migrated Java applications from legacy infrastructure to a Kubernetes environment.
  • Implemented visibility and monitoring via metrics to Prometheus and Grafana and logs to an Elasticsearch cluster.
  • Improved the developer experience by prebuilding containers for local development and maintenance for legacy Java apps.
Technologies: Elasticsearch, Grafana, Prometheus, Jenkins, Kubernetes, Security, DevOps, IT Security, CI/CD Pipelines, ELK (Elastic Stack), Helm, DevSecOps, Continuous Integration (CI), Cloud Security, Web Development, Web Security, Bash, Continuous Delivery (CD), Linux

Security Engineer

2015 - 2020
Xero
  • Contributed to Netflix's open-source tool—Security Monkey (now unfortunately discontinued) by implementing RBAC across the front end and back end.
  • Built a fully automated CI/CD pipeline that deployed applications into AWS ECS via AWS CodePipeline and CodeBuild.
  • Implemented auditing and compliance automation across a fleet of around 100 AWS accounts with Lambda, cross-account IAM roles.
  • Consulted with product teams on secure, best practices and cost savings in the AWS architecture.
  • Validated platform and application-level security issues—command injection, cache poisoning, token misuse, server-side request forgery (SSRF), domain hijacking, and more.
  • Led the development of DevSecOps practice at Xero, implementing various automated tools into the development pipeline to give security and developers greater confidence in the security of their applications before deploying.
Technologies: Amazon Web Services (AWS), Jenkins, Python, Docker, AWS Cloud Architecture, Security, Python 3, DevOps, Amazon DynamoDB, IT Security, CI/CD Pipelines, Xero API, DevSecOps, PagerDuty, Slack, Continuous Integration (CI), Jenkins Pipeline, Amazon Virtual Private Cloud (VPC), Amazon Elastic Container Service (ECS), Xero, Network Security, PostgreSQL 10, Cloud Security, PostgreSQL, JavaScript, Web Security, Web Application Firewall (WAF), Content Delivery Networks (CDN), Web Development, API Gateways, Amazon API Gateway, GitHub, Python 2, AWS CloudFormation, Web App Security, SecOps, Django, Bash, Amazon S3 (AWS S3), Continuous Delivery (CD), Jira, AWS Lambda, Amazon CloudWatch, Linux, System Administration, Cybersecurity

Experience

IAM Action Tracker

https://aktion.io/
An app to track and manage available AWS IAM actions, services, and policies by scraping open data sources. It has a serverless architecture hosted on GitHub pages. The app was a collaboration with former colleagues written in Go with a front end in Bootstrap.

Prism | Photographic Portfolio Submission and Grading

A Django app that allows students (children) to submit portfolios of photographs with a simple, intuitive, and mobile-friendly interface. The app was built with htmx, Bootstrap 5, and various Django libraries. It needed to be robust and function in an offline environment.

The application container is built on GitLab pipelines and shell scripts, enabling easy deployment and management of the application server.

Education

2013 - 2017

Bachelor of Engineering Degree in Network Engineering

Victoria University of Wellington - Wellington, New Zealand

Certifications

SEPTEMBER 2018 - PRESENT

Akamai Bot Manager Foundations

Akamai

AUGUST 2018 - PRESENT

Akamai Kona Site Defender

Akamai

JULY 2018 - PRESENT

Akamai Web Performance Foundations

Akamai

MARCH 2018 - MARCH 2021

AWS Certified Solutions Architect Associate

AWS

Skills

Libraries/APIs

Jenkins Pipeline, Xero API, HTMX, Django ORM, PIL

Tools

AWS IAM, Amazon Elastic Container Service (ECS), AWS CloudFormation, Auth0, Jira, Xero, Amazon Virtual Private Cloud (VPC), Amazon CloudWatch, Jenkins, Bitbucket, Slack, Azure Kubernetes Service (AKS), Terraform, PyCharm, Grafana, Sentry, Helm, NGINX, ELK (Elastic Stack), ShinyProxy, Azure IoT Hub, GitHub, Amazon EKS, Vault, Kubernetes Operators, GitLab, GitLab CI/CD

Languages

Python 3, Python, Python 2, Bash, JavaScript, Ruby, C#, Go, HTML, CSS

Platforms

Docker, Amazon Web Services (AWS), AWS Lambda, Kubernetes, Mailgun, PagerDuty, Azure, Linux, Heroku, Google Cloud Platform (GCP)

Industry Expertise

Cybersecurity

Frameworks

Django, Flask

Paradigms

DevOps, DevSecOps, Continuous Delivery (CD), Continuous Integration (CI), Azure DevOps

Storage

Amazon S3 (AWS S3), AWS CodeStar, PostgreSQL, Elasticsearch, Amazon DynamoDB, PostgreSQL 10

Other

Security, AWS DevOps, Cloud Security, Web Security, Web Application Firewall (WAF), System Administration, Akamai, Cloudflare, Web App Security, SecOps, Network Security, IT Security, Balena, CI/CD Pipelines, AWS Cloud Architecture, Web Development, Content Delivery Networks (CDN), Prometheus, Slackbot, Palo Alto Networks, Amazon API Gateway, API Gateways, Cloud, Identity & Access Management (IAM), Bootstrap 5

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring