Younes is available for hire
Hire YounesYounes Bouchama
Verified Expert in Engineering
DevOps Engineer and Developer
Paris, France
Toptal member since November 4, 2024
Bio
Younes is a DevOps engineer with extensive experience working in diverse environments. He specializes in cloud infrastructure, CI/CD pipelines, and containerization. He has played significant roles at leading companies like RATP Dev, La Poste, and BeyondTrust—driving cloud migrations, optimizing DevOps processes, and implementing microservices architectures. Younes is also a certified AWS Solutions Architect, Kubernetes Administrator and Security Specialist (CKA/CKS), and Terraform Associate.
Portfolio
RATP Dev
Amazon EKS, Amazon EC2, Amazon RDS, Amazon S3 (AWS S3), AWS IAM...
La Poste
Amazon CloudWatch, Amazon EKS, Amazon Elastic Container Registry (ECR)...
Breakwater Solutions
Amazon EC2, Amazon Elastic Container Registry (ECR), Amazon CloudWatch...
Experience
- Terraform - 6 years
- GitLab CI/CD - 6 years
- Kubernetes - 6 years
- Docker - 6 years
- Amazon EKS - 6 years
- Helm - 6 years
- GitOps - 5 years
- Argo CD - 4 years
Availability
Full-time
Preferred Environment
Amazon EKS, GitLab CI/CD, Kubernetes, Argo CD, Helm, GitOps, Docker, Terraform, Ansible, DevOps
The most amazing...
...project I've developed is a GitOps CI/CD pipeline using ArgoCD, GitLab CI, and Terraform, enabling automated Helm deployments on EKS.
Work Experience
Senior DevSecOps Engineer
2023 - 2024
RATP Dev
- Designed highly available and fault-tolerant architectures on AWS using services such as VPC, EC2, S3, RDS, and EKS.
- Configured and managed secure Kubernetes environments using solutions like Amazon EKS.
- Automated container security scans with Trivy to identify and address vulnerabilities.
- Implemented security policies based on IAM roles to control access to AWS resources.
- Set up security alerts and metrics with Amazon CloudWatch to monitor suspicious activities.
- Enabled continuous visibility and compliance by integrating security tools like AWS Security Hub and AWS Config.
- Integrated Datadog with AWS and Kubernetes to collect and analyze real-time performance data.
- Detected performance anomalies and security issues through automated alerts in Datadog.
- Optimized cloud resources and reduced costs by configuring Karpenter to automatically balance workload demand with available capacity.
- Leveraged DefectDojo to automatically import security analysis results, including Trivy container scans and automated security tests.
Technologies: Amazon EKS, Amazon EC2, Amazon RDS, Amazon S3 (AWS S3), AWS IAM, AWS Elastic Beanstalk, Amazon Elastic Container Registry (ECR), Argo CD, Trivy, GitLab CI/CD, Helm, Kubernetes, CI/CD Pipelines, Canary Deployment, Infrastructure as Code (IaC), Docker
Senior DevOps Engineer
2019 - 2023
La Poste
- Leveraged SonarQube for static code analysis to identify quality and security issues.
- Set up GitLab CI/CD to automate Docker image building and infrastructure deployment.
- Integrated Terraform into GitLab CI/CD pipelines to automate infrastructure deployment.
- Configured the application load balancer on AWS to distribute traffic to Kubernetes services using AWS Certificate Manager to manage SSL/TLS certificates and the NGINX Ingress controller to route traffic to pods.
- Templated and versioned Kubernetes resources using Helm charts.
- Implemented local development environments with Docker Compose and Makefile.
- Used Ingress rules in Kubernetes to specify traffic routing paths and options to deployed services.
Technologies: Amazon CloudWatch, Amazon EKS, Amazon Elastic Container Registry (ECR), Amazon Elastic Container Service (ECS), Amazon EC2, Ansible, Argo CD, Amazon S3 (AWS S3), AWS Auto Scaling, GitLab CI/CD, CI/CD Pipelines, Canary Deployment, Infrastructure as Code (IaC), Docker
DevOps Engineer
2019 - 2019
Breakwater Solutions
- Collaborated with platform, machine learning, search, data, and front-end teams to understand their DevOps and infrastructure needs.
- Influenced the DevOps roadmap and led various projects.
- Designed and managed multi-tenant AWS cloud infrastructure for Responsum.
- Ensured scalability, performance, observability, resilience, and cost optimization.
- Managed all Kubernetes clusters and service deployments.
- Improved system observability and reliability through monitoring and alerting infrastructure using tools like Prometheus, Grafana, and PagerDuty.
- Built and managed CI/CD pipelines using infrastructure as code for the Responsum application stack across different environments.
- Developed networking infrastructure with best-in-class security practices.
- Enhanced the Responsum infrastructure's privacy and security posture.
Technologies: Amazon EC2, Amazon Elastic Container Registry (ECR), Amazon CloudWatch, Amazon EKS, Amazon S3 (AWS S3), Amazon RDS, Argo CD, AWS ALB, AWS Auto Scaling, CI/CD Pipelines, Canary Deployment, Infrastructure as Code (IaC), Docker
DevOps Engineer
2018 - 2019
BeyondTrust
- Provisioned AWS resources using infrastructure as code tools like Terraform and Ansible.
- Executed a continuous delivery pipeline with an immutable infrastructure philosophy using Golden AMIs, Docker, and blue-green deployment.
- Configured cloud-ready monitoring and log management tools using Datadog.
- Designed, built, managed, and operated the infrastructure and configuration of SaaS applications, focusing on automation and infrastructure as code.
- Implemented automatic scaling of infrastructure and services.
Technologies: Amazon EC2, Amazon EKS, Amazon Elastic Container Registry (ECR), Amazon Elastic Container Service (ECS), Amazon S3 (AWS S3), Argo CD, Amazon CloudWatch, Ansible, AWS ALB, AWS Auto Scaling, Amazon RDS, CI/CD Pipelines, Infrastructure as Code (IaC), Docker
Experience
Cloud Migration with AWS and Kubernetes
Designed a cloud migration strategy using AWS services such as VPC, EC2, S3, RDS, and Amazon EKS. I configured secure Kubernetes environments with Amazon EKS to migrate and modernize existing applications and integrated monitoring tools like Prometheus and Grafana to monitor application performance during and after migration.
Security Testing Automation with DevSecOps
Integrated automated security tools like Trivy into CI/CD pipelines to test applications throughout the development cycle. I configured alerts for detected vulnerabilities and automated security report generation. I also implemented feedback mechanisms so developers can promptly address security issues.
Performance Monitoring and Analysis with Datadog
Integrated Datadog for collecting and analyzing performance metrics of applications and infrastructures. I configured custom dashboards in Datadog to monitor key metrics and performance trends. I used Datadog to detect real-time performance anomalies and availability issues and set up alerts to be notified of incidents and enable prompt corrective actions.
Design of an Evolvable Cloud Architecture
Designed and implemented an evolvable cloud architecture to meet the company's growing needs.
I conducted an in-depth analysis of performance, availability, and security requirements to design a robust and flexible architecture. I leveraged AWS and Azure cloud services to create a highly available and scalable infrastructure and implemented resilience and disaster recovery strategies to ensure operational continuity in case of failure.
Additionally, I collaborated with development, operations, and security teams to align the architecture with best practices and business requirements. I created detailed architecture documentation, including diagrams, data flows, and security policies, to facilitate understanding and future maintenance. I also supervised the implementation and deployment of the cloud architecture, ensuring compliance with established specifications and standards. Finally, I evaluated the architecture continuously to identify optimization and improvement opportunities, considering technological advancements and new business needs.
I conducted an in-depth analysis of performance, availability, and security requirements to design a robust and flexible architecture. I leveraged AWS and Azure cloud services to create a highly available and scalable infrastructure and implemented resilience and disaster recovery strategies to ensure operational continuity in case of failure.
Additionally, I collaborated with development, operations, and security teams to align the architecture with best practices and business requirements. I created detailed architecture documentation, including diagrams, data flows, and security policies, to facilitate understanding and future maintenance. I also supervised the implementation and deployment of the cloud architecture, ensuring compliance with established specifications and standards. Finally, I evaluated the architecture continuously to identify optimization and improvement opportunities, considering technological advancements and new business needs.
Vulnerability Management and Code Analysis
The successful implementation of Trivy, DefectDojo, and SonarQube, significantly improving our application's security posture and the overall quality of the codebase.
I cultivated a culture of security awareness within the development team, emphasizing the importance of security best practices in the software development lifecycle. We achieved a 60% decrease in the critical vulnerabilities identified during external audits, showcasing the effectiveness of the integrated security measures. By minimizing security-related delays, we also reduced the time to market for new features by 25%, enhancing our competitive edge.
I cultivated a culture of security awareness within the development team, emphasizing the importance of security best practices in the software development lifecycle. We achieved a 60% decrease in the critical vulnerabilities identified during external audits, showcasing the effectiveness of the integrated security measures. By minimizing security-related delays, we also reduced the time to market for new features by 25%, enhancing our competitive edge.
Education
2019 - 2021
Master's Degree in Computer Systems and Networks
Institut F2i - Vincennes, France
2018 - 2019
Bachelor's Degree in Computer Systems and Networks
Institut F2i - Vincennes, France
Certifications
FEBRUARY 2023 - FEBRUARY 2025
Terraform Associate
HashiCorp
APRIL 2021 - APRIL 2023
Certified Kubernetes Security Specialist (CKS)
The Linux Foundation
DECEMBER 2020 - PRESENT
AWS Certified Developer - Associate
Amazon Web Services
JUNE 2020 - JUNE 2023
AWS Certified Solutions Architect - Associate
Amazon Web Services
APRIL 2020 - APRIL 2022
Certified Kubernetes Administrator (CKA)
The Linux Foundation
APRIL 2020 - DECEMBER 2023
AWS Certified Cloud Practitioner
Amazon Web Services
JUNE 2019 - JUNE 2024
LPIC-1
Linux Professional Institute (LPI)
JUNE 2019 - JUNE 2024
CompTIA Linux+ (powered by LPI)
CompTIA
Skills
Tools
Amazon EKS, GitLab CI/CD, Helm, Terraform, Ansible, AWS Subnets, Amazon CloudWatch, Amazon Elastic Container Service (ECS), AWS CodeBuild, AWS IAM, Amazon Elastic Container Registry (ECR), GitLab, DefectDojo
Paradigms
DevOps
Platforms
Kubernetes, Docker, Amazon EC2, AWS ALB, AWS Lambda, AWS Elastic Beanstalk
Storage
Amazon S3 (AWS S3), Datadog
Languages
JavaScript
Other
Argo CD, GitOps, Cloud, AWS DevOps, Virtual Private Cloud (VPC), AWS NAT Gateway, AWS Internet Gateway, AWS Secrets Manager, Amazon RDS, AWS WAF, AWS Auto Scaling, Certified Kubernetes Administrator (CKA), Kubernetes Security, IAS, AWS CodePipeline, Linux Administration, CI/CD Pipelines, Infrastructure as Code (IaC), Canary Deployment, Trivy, Azure Administrator, Networking
Collaboration That Works
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
1
Share your needs
Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2
Choose your talent
Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3
Start your risk-free talent trial
Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.
Top talent is in high demand.
Start hiring