Rishi Gautam
Verified Expert in Engineering
DevOps Engineer and Software Developer
Berlin, Germany
Toptal member since February 25, 2022
Rishi has been working as a freelance DevOps and DevSecOps consultant for many years. He started as a system engineer, working with the underlying infrastructures, and he loves playing with Linux and shell scripts. As a solo achiever and a team player, Rishi believes that his leadership capability, quick learning ability, and quest to learn newer technologies are his greatest strengths.
Portfolio
Experience
- Linux - 8 years
- Amazon Web Services (AWS) - 5 years
- Google Cloud Platform (GCP) - 5 years
- Terraform - 5 years
- Security - 5 years
- Kubernetes - 5 years
- Azure Cloud Services - 5 years
- Cloud Architecture - 5 years
Availability
Preferred Environment
Linux, Amazon Web Services (AWS), Google Cloud Platform (GCP), Kubernetes, Azure, Python
The most amazing...
...thing I've successfully implemented is the secure and reliable architecture for the 1st online examination portal for Nepalese governmental jobs.
Work Experience
Infrastructure Engineer
Amalgamated Token Services Inc., dba CoinList
- Designed a completed infrastructure for a time-sensitive project on AWS to get it live.
- Created a centralized logging system for multiple AWS accounts to collect audit logs, application logs, metrics, monitoring logs, and agent logs to a central AWS account.
- Refactored the Terraform modules and created the release pipelines.
- Helped the company to manage seecurity audits to align with security complainces.
MLOps Engineer (Volunteer)
Stop the Traffik
- Developed MLOps pipelines for sentiment analysis jobs in a Kubernetes cluster with GPU nodes.
- Conducted a data science model review, including code refactoring and optimization, containerization, deployment, versioning, and monitoring of its quality.
- Designed a solution for the sequential trigger of cron jobs. Used init containers and kubectl patch techniques.
- Implemented AWS SageMaker with GPU to run the model training. Also enabled HPA to automatically spawn the pods based on CPU utilization for the ML job.
Terraform Expert
Spoon Guru Ltd
- Created a Terraformed proof of concept (POC) project replica for the production environment.
- Upgraded the security fixes and CI/CD pipeline procedures by integrating GitHub Actions and Google Cloud Builds.
- Designed the dynamic branch deployment. If a developer pushes a feature branch, a new isolated test environment is created where the test can be done. After code merging, the environment gets deleted.
- Conducted training and handover with the proper documentation.
Senior Platform Engineer and Kubernetes Expert
Soobr
- Designed and suggested the infrastructure architecture in Google Cloud Platform for the company's SaaS application.
- Transformed existing unmanaged cloud resources to managed infrastructure as code (IaC) using Terraform and enabled management of GitLab variables, GitLab Agents, Helm charts, and Kubernetes object deployment using Terraform.
- Implemented metrics and optimized resources to reduce costs. Used private networks and a NAT gateway to improve security saving $4,000 per month after optimization.
- Trained the company's existing colleagues on the proper management of resources using IaC with Terraform and carried out a successful handover of the works with appropriate documentation.
- Decided on tech stacks to be implemented for automation and application delivery pipelines.
Senior Cloud Solution Architect | Cloud Security Consultant
CloudHero
- Migrated clients' monolithic applications to microservices, using Kubernetes and on-premise applications to cloud platforms.
- Designed a secure and reliable infrastructure architecture based on application requirements. Created a proof-of-concept for application migration and security auditing.
- Developed a secured and automated migration, deployment, and monitoring process, which resulted in easier application management, quick delivery, and enhanced performance.
- Refactored cloud resources for one of my clients, saving them $9,000 monthly.
- Implemented security auditing for one of my clients and provided a solution that protected their infrastructure from numerous attacks.
- Managed multiple DNS zones with SSL termination on Cloudflare. Implemented access, page, firewall, and rate-limiting rules to secure access control. Also used Cloudflare analytics for performance monitoring.
- Implemented Logstash, Elasticsearch, and Kibana to collect, process, filter, and visualize application data.
- Configured external storage with Amazon EBS and EFS for persistent volumes on EKS.
- Implemented the idea for major upgrade tasks of some resources in GCP using Google Tasks.
- Developed an ETL process in Azure, from data scraping and extracting, transforming and cleaning, loading to the destination data warehouse, and exporting to Azure functions for application deployment.
AWS DevOps Lead Engineer
TakePart (Toptal Project)
- Designed the Infrastructure architecture skeleton and decided on tools, technologies, methods, and processes to achieve the company's product goal.
- Researched the ETL tool and included AWS Glue in the ETL process. Achieved the goal of collecting data catalogs from different countries to our data warehouse, transforming them to our required formats, and making them visible via the application.
- Created the MVP on AWS using a modular approach. Used terraform to automate resource creation for different environments and assumed the role of pipelines and deployments. Focused mainly on security, IAM, SSO, and caching.
- Decided to adopt Agile and helped the company hire required software engineers for the development.
- Was re-hired by the client to train their DevOps for infrastructural development and application support after the completion of the project.
- Trained developers and DevOps on AWS and its resources with the use case for our product development. I guided software engineers from not knowing about AWS to being capable of creating applications on AWS.
Senior Site Reliability Engineer
Motional (Toptal Project)
- Created Grafana monitoring and alerting system with VM metrics as a Prometheus Agent with tens of EKS clusters. Implemented Kubecost monitoring to determine the cost of every cluster and its components.
- Automated Argo CD deployment with Argo CD Image Updater, which replaces the deployment pipelines for deploying newer application image tags.
- Enhanced Atlantis parallel builds to handle multiple PRs for Terraform deployments.
- Managed Slurm cluster monitoring and alerting with minute descriptions of GPU components, NFS usage per user, disk IOPS, and network interface ingress and egress traffic.
Senior DevOps Engineer
Itonics GmbH
- Helped the company to migrate the applications from EC2 ASG to a serverless architecture.
- Developed Single Sign-on (SSO) functionality with the research and development on AWS Cognito and IdP.
- Migrated CI/CD pipelines from Bitbucket to the self-hosted Jenkins server on ECS Fargate.
- Managed AWS cross-account functionalities with proper IAM access management for users and roles via the SSO and MFA.
- Helped hundreds of clients to achieve SSO via their external emails.
- Researched, tested, and integrated SNS and SES to track failed and bounced emails.
Senior DevSecOps Engineer
ESR Technology
- Designed 3-tier architecture in Google Cloud Platform for applications, including access plane, data plane, and security plane.
- Migrated in-premise Docker containers to Google Cloud Run, along with the implementation of Cloud Scheduler, Cloud Builder, and other dependent resources.
- Released management of multiple services and applications to production with fully secure and automated principles.
- Optimized cost and security auditing of resources for best performance. Helped the company to attain HIPAA compliance.
- Managed and trained DevOps and DevSecOps engineers and focused on their engagement and growth.
- Implemented a secure, private, and reliable network using Cloudflare for multiple application services.
System Engineer | System Administrator
F1Soft International Pvt
- Established the on-premise system architecture design and development, data center, and disaster recovery management. Worked with bare metal servers, VMware, NAS, SAN, switches, firewalls, routers, and other physical layer systems.
- Implemented application deployment using various CI/CD and automation tools.
- Focused on clusters, high availability, and load-balancing technologies.
- Enabled the system hardening function for the company's overall infrastructure to become PCI DSS compliant.
- Conducted static and dynamic application testing in various stages before deploying to production. Used a shift-left policy in deployment pipelines, reducing production deployment error rates.
- Worked as a technical interviewer to help the company hire competent staff while collaborating with the CIO of the organization; my focus was on hiring system engineers, DevOps, DevSecOps, security, and cloud engineers.
- Managed DNS services from Cloudflare for multiple domains.
- Implemented VMware Vsphere to manage VMware ESXi cluster installed in multiple bare metal servers for enabling virtualizations.
- Managed 100+ virtual machines with host failover, storage clusters, nic teaming, and authorization administration.
Technical Volunteer
Help Nepal Network
- Volunteered to set up and monitor an e-library system (Ubuntu LTSP, client-server architecture with network boot) in rural areas of Nepal.
- Deployed the e-library to almost 35 districts of Nepal.
- Taught basic Linux and open source concepts to teachers and students of government schools.
- Helped the organization select and train new volunteers from different universities to help continue the community development process.
Experience
Jibri on Kubernetes
https://github.com/rraj-gautam/k8s-jibriAWS SES: Capture Bounced Emails
https://github.com/rraj-gautam/terraform/tree/master/aws/ses-log-bounced-emailsAll the resources are Terraformed.
Rate Limiting on Istio Ingress Controller - Kubernetes
https://github.com/rraj-gautam/istio-ratelimitDemo Architecture Applications in AWS, Kubernetes, and Terraform
https://gitlab.com/rraj-gautam/testapp/-/blob/master/testapp-architecture.jpg• AWS cloud resources
• Containerization using Kubernetes orchestration of AWS EKS
• Manifests templated using Helm
• Infrastructure as Code (IaC) using Terraform
• GitLab self-hosted runners in Kubernetes for CI/CD
• AWS Secrets Manager and external secrets
• Cluster Autoscaler and Horizontal Pod Autoscaler
• Identity and Access Management (IAM) roles and service accounts
• Amazon CloudWatch and Fluentd agents for logging and monitoring
• Istio and network load balancer (NLB)
• Cloudflare for Secure Sockets Layer (SSL) termination and Domain Name System (DNS)
• OpenVPN for VPN
GCP Architecture Demo with GKE and Terraform
https://github.com/rraj-gautam/gcp-gke-demo• Custom VPC
• Private subnetworks
• Cloud NAT and Routers
• VPN to connect private networks
• GKE
• Google storage buckets
• Google projects
• Cloud functions
• Cloud runs
• Cloud SQL
• Kubernetes objects deployed by Terraform
• Helm packages deployed by Terraform
• GitLab environment variables managed by Terraform
Trigger CronJob by CronJob - Python, MongoDB, Kubernetes
https://github.com/rraj-gautam/cronjob-trigger-cronjobEducation
Bachelor's Degree in Computer Engineering
Kathmandu University - Dhulikhel, Nepal
Certifications
AWS Certified Solutions Architect Associate
AWS
Certified Kubernetes Administrator (CKA)
The Linux Foundation
Beginner's Guide to Linux Kernel Development (LFD103)
The Linux Foundation
Skills
Libraries/APIs
Terragrunt, Google Apps, Amazon API, Auth, Node.js, AWS Amplify, REST APIs
Tools
Helm, Terraform, NGINX, Ansible, Jira, Zimbra, Git, Jenkins, GitLab CI/CD, Bitbucket, GitHub, ELK (Elastic Stack), Istio, Logging, Amazon CloudWatch, Amazon EKS, OpenVPN, Fluentd, Grafana, AWS IAM, Docker Swarm, Amazon CloudFront CDN, Amazon Cognito, Amazon Elastic Container Service (ECS), Azure DevOps Services, Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), AWS CloudFormation, Notion, Figma, Amazon Virtual Private Cloud (VPC), GitLab, VMware, VMware vSphere, GitLab Runner, Amazon SageMaker, VPN, Geth (go-ethereum), Microsoft Exchange, Google Workspace, Let's Encrypt, Amazon Simple Email Service (SES), Azure Automation, Google Compute Engine (GCE), Splunk, Amazon Simple Notification Service (SNS), System Center Configuration Manager (SCCM), Hyper-V, AWS Key Management Service (KMS), AWS CLI, AWS Cloud Development Kit (CDK), Observability Tools, CircleCI, Apache Tomcat, Confluence, Amazon Elastic Block Store (EBS), Artifactory, Chef, AWS Subnets, SonarQube, Bazel, Kibana, Zabbix, AWS Glue, BigQuery, Open Neural Network Exchange (ONNX), Apache Solr, Cron, Prisma, Microsoft Dynamics CRM, AWS CloudTrail
Languages
Python, Bash Script, Bash, PHP, Java, JavaScript, YAML, Ruby, SQL, Python 3, Go, TypeScript, C#, Perl, C++, C, SAS
Frameworks
Windows PowerShell, Ruby on Rails (RoR), Flask
Paradigms
Agile, Automation, Scrum, DevOps, Azure DevOps, DevSecOps, Continuous Integration (CI), Continuous Deployment, HIPAA Compliance, Microservices, Fuzz Testing, Continuous Delivery (CD), Microservices Architecture, API/Services Architecture, Event-driven Architecture, Samba, Scalable Application, Role-based Access Control (RBAC), Load Testing, ETL, REST
Platforms
Linux, Kubernetes, Docker, Rancher, Google Cloud Platform (GCP), Azure, DigitalOcean, New Relic, Amazon Web Services (AWS), PagerDuty, AWS Lambda, Windows, Amazon EC2, Unix, Databricks, Windows Server, AWS IoT, Microsoft Dynamics 365, Azure Functions, Firebase, AWS ALB, WordPress, Red Hat Linux, Azure IaaS, Azure PaaS, Heroku, Ethereum, Ubuntu, AWS Cloud Computing Services, Blockchain, Apache Kafka, Oracle, Kubeflow, NVIDIA CUDA
Storage
Azure Active Directory, MySQL, Datadog, Elasticsearch, Amazon DynamoDB, Amazon S3 (AWS S3), Oracle Cloud, Azure SQL, Google Cloud, Google Cloud Datastore, Azure Cloud Services, Cloud Environments, Data Centers, Ceph, On-premise, PostgreSQL, Database Performance, Google Cloud Storage, Redis, Memcached, Microsoft SQL Server, Data Synchronization, Database Security, Databases, NoSQL, Google Cloud SQL, Redshift, NAS Servers, MongoDB, JSON
Industry Expertise
Network Security, Cybersecurity
Other
Networking, Shell Scripting, Serverless, Cloud, IT Project Management, Team Leadership, Troubleshooting, Monitoring, Prometheus, DNS, Security, Communication, Veeam, Microsoft Servers, Jitsi, Cloud Architecture, Infrastructure as Code (IaC), Argo CD, Solution Architecture, CI/CD Pipelines, Cloudflare, Virtual Machines, Slurm Workload Manager, Atlantis, Kubecost, Release Management, Team Management, Technical Hiring, Source Code Review, Interviewing, Site Reliability Engineering (SRE), Identity & Access Management (IAM), Leadership, Cost Analysis, Amazon API Gateway, Amazon Route 53, Amazon Inspector, Lambda Functions, DevOps Engineer, AWS Certified Solution Architect, AWS Certified DevOps Engineer, AWS DevOps, Cloud Migration, System Administration, API Gateways, Multiple Factor Analysis (MFA), Amazon RDS, GitHub Actions, Scripting, Reporting, VMware ESXi, VMware vCenter, VMware vCloud, Disaster Recovery Plans (DRP), Documentation, Training, Azure Data Factory, Google Cloud Functions, Web Security, Cloud Security, ETL Tools, Machine Learning Operations (MLOps), PCI DSS, Enterprise Architecture, Cloud Services, Load Balancers, Scalability, TCP/IP, Blockchain & Cryptocurrency, Windows System Administration, Azure Migrate, Microsoft 365, Office 365, Server Administration, SOC 2, Containerization, Kubernetes Operations (kOps), Networks, Cloud Infrastructure, Direct Connect (DC), Configuration Management, AWS NAT Gateway, SSL Certificates, AWS Cloud Architecture, Software Architecture, Architecture, IT Operations Management (ITOM), IIS, Control & Cost Analysis, Back-end Performance, Single Sign-on (SSO), VM, SysOps, Linux Server Administration, VPS/VDS, ECS, APIs, Backup & Recovery, GPU Computing, Containers, Licensing, Email, Domains & Hosting, Email Systems, AWS VPN, Infrastructure, Orchestration, SDKs, Cost Reduction & Optimization (Cost-down), Amazon EventBridge, Deployment, Azure VDI, Microsoft Azure, Security Policies & Procedures, IT Security, HTTPS, Scripting Languages, Web Application Firewall (WAF), SIEM, Multitenancy, Authentication, SecOps, LDAP, Unix Shell Scripting, Server Infrastructure, API Integration, Memorystore, Web Platforms, Software Testing Lifecycle (STLC), Data Feeds, Objects, RPC, Redis Clusters, Startups, GitOps, Azure Cloud Security, Transport Layer Security (TLS), FastAPI, DMARC, IT Infrastructure, Kubernetes Security, Firewalls, Masternodes, Telemetry, Azure Databricks, MLflow, Palo Alto Networks, Natural Language Processing (NLP), Document Management Systems (DMS), Linux Kernel, Universal Router, Cisco Switches, ISO 27001, IBM Cloud, Azure Data Lake, Big Data, Data Warehousing, Data Engineering, Data Science, Google BigQuery, Google Cloud Build, Machine Learning, Sentiment Analysis, Incident Response, Artificial Intelligence (AI), Data Modeling, IT Audits, Centralized Logging
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring