CV
Table of contents
Open Table of contents
Professional Summary
- 10+ years of end-to-end systems architecture experience designing highly available enterprise systems accounting for many technology architecture concerns (e.g. availability, scalability, performance, security) and comprising of wide variety of technologies
- Experience designing, developing, deploying, and operating Kubernetes environments and applications at large scale
- Expert proficiency with cloud IaaS/PaaS/SaaS providers (Azure, AWS, GCP) including experience working on large cloud migration and transformation projects
- Proficient with Go language, using it in architecting and developing microservices based applications
- Expert knowledge of Azure DevOps and extensive hands-on experience with various DevOps (CI/CD) tools including HashiCorp Terraform, Git, and Ansible. Strong competency with bash, Azure CLI, and PowerShell.
- Experience with databases (relational and NoSQL), data migrations, and integration technologies.
- Experience and comfort working at all levels of technology, from high-level architecture developing solution blueprints and enterprise standards, down to code implementation
- Experience leading delivery of system implementations from requirements gathering to development of operational procedures and successful transition to production operations teams using Agile delivery
- Passion for learning new technologies and solving complex problems with focus on bringing value to clients
- Ability to collaborate with technical and non-technical personnel demonstrated through experience working directly with client executive leadership, and other partner resources at various leadership ranks
- Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), Certified Kubernetes Security Specialist (CKS), Azure Solutions Architect Expert Certified, Azure DevOps Engineer Expert Certified, Azure Developer Associate Certified, Azure Security Engineer Associate Certified; AWS Certified Solutions Architect – Professional, AWS Certified DevOps Engineer – Professional, AWS Certified Solutions Architect – Associate, AWS Certified Developer – Associate, AWS Certified SysOps Administrator – Associate, AWS Certified Security – Specialty, AWS Certified Database – Specialty, AWS Certified Advanced Networking – Specialty, AWS Certified Data Analytics – Specialty, AWS Certified Cloud Practitioner, HashiCorp Certified Terraform Associate, TOGAF Certified, ITIL Certified, Canada Top Secret Clearance
Work Experience
DevOps / Infrastructure Engineer (Independent Consultant) — May 2023 — present
Agriculture and Agri-Food Canada — June 2024 - present
- Member of AWS Operations Team responsible for designing and implementing AWS Cloud platform environment for use by numerous organization clients
- Using Terraform and a number of AWS Services (Amazon EventBridge, Amazon ECS, AWS Lambda), designed and implemented a solution for automated version updates of FluentBit logging service. Service update was part of requirements for Security Assessment and Authorization.
- Designed and implemented Terraform framework for deploying common infrastructure to multiple AWS accounts. The framework resulted in simpler code base and reduced code duplication.
- Improved efficiency, maintainability, and speed of Azure DevOps Pipelines by designing and implementing Azure DevOps Pipelines framework to utilize container-based job runners.
- Designed a framework for integrating Azure DevOps Pipelines authentication to the various AWS environment accounts. The new solution used OIDC (Azure Entra ID as the OIDC provider) and AWS STS and AWS IAM services to implement temporary credentials across all accounts. This solution replaced previous mechanism which relied on long-lived AWS IAM Access Keys. Implemented the solution using Azure DevOps Pipelines and Terraform. The new solution greatly simplified previously implemented Azure DevOps pipelines and increased the security posture of the Azure DevOps and AWS environments.
- Migrated existing Terraform code and Azure DevOps Pipelines to utilize newly designed deployment framework improving reliability of deployments.
- Implemented Terraform code to deploy AWS Athena tables and AWS Glue ETL jobs to help in querying FortiGate Application logs and AWS Web Application Firewall (WAF) logs. Implemented AWS Glue ETL job in PySpark. The solution provided capability for Operations team and Security teams to query application network logs for security investigations.
- Implemented numerous Azure DevOps pipelines to deploy Terraform and AWS CloudFormation based application infrastructure.
- Provided general troubleshooting support for AWS cloud infrastructure and numerous cloud based applications.
Shared Services Canada — May 2023 — June 2024
- As part of the Cloud Engineering team, designed and implemented Kubernetes based platform to enable clients to automatically provision cloud resources, deploy, and host applications. The platform supports a GitOps deployments using Google ConfigConnector utilizing GKE Anthos Kubernetes clusters.
- Implemented a demo application (using Go) to demonstrate the application deployment process and use of the custom Kubernetes platform and other Google PaaS services.
- Designed and implemented Kubernetes controls to ensure workloads comply with policies required by the CIS Kubernetes Benchmark,the CIS GKE Benchmark, and the NIST SP 800-53 standards.
- Developed and deployed automation scripts to provision cloud infrastructure resources and seamlessly initialize new environments.
- Provided general support to platform clients by investigating and resolving issues.
Senior Software Engineer (Render) — Jan 2022 — April 2023
- Member of Site Reliability Engineering and Infrastructure team at a startup building next generation developer focused cloud platform.
- The SRE / Infrastructure team built and supported self-managed multi-tenant Kubernetes environments growing our environment to 15 clusters, with each cluster containing 250+ nodes. During my time there, Render Cloud platform supported 200K+ web services, 25K+ databases, 150K+ active users, and 1M+ daily requests. All infrastructure provisioned using AWS compute and network services.
- Designed and implemented solution to enable customers to create multiple databases in a single PostgreSQL instance. The solution had to account for network routing, security, and database backup/recovery. Solution implemented using custom Go code and shell scripts deployed on Kubernetes.
- Designed and implemented a Go language microservice to validate custom domains hosted on the Render platform.
- Designed and implemented a solution for sharding of self-managed ETCD clusters to improve performance and reliability of Kubernetes and ETCD environments. The solution eliminated ETCD memory utilization related incidents.
- Designed and implemented a solution to reduce outbound network traffic resulting in estimated savings of $200K+/year. Solution implemented using Terraform for IaC, and AWS compute and network services.
- Using Terraform, AWS security services (e.g. SCP) and monitoring services (e.g. CloudWatch, CloudTrail), implemented numerous cloud infrastructure security controls part of SOC2 Type II compliance program.
- Implemented various automation scripts, Ansible playbooks, and Terraform modules to enable provisioning and configuration of AWS infrastructure, upgrading of Kubernetes clusters, and renewal of Kubernetes certificates
- Using Terraform, implemented various Datadog observability dashboards and alerts for monitoring platform service performance, reliability, and security.
- Participated in business hours, off business hours, and weekend on-call rotations and customer support rotations. Responsibilities included troubleshooting and resolving various platform incidents, and investigating and correcting customer support issues.
- Presented at LeadDev San Francisco 2022 conference to an audience consisting of 450+ technology managers and leaders.
- Technologies utilized: Golang, Terraform, Ansible, Kubernetes, Docker, AWS, GCP, Datadog, Prometheus, Grafana, Cloudflare.
Cloud Solution Architect (Independent Consultant) — May 2019 — Dec 2021
Fisheries and Oceans Canada — July 2020 – December 2021
- Working as a Cloud Engineer designing, implementing, and operating Azure Kubernetes Service (AKS) environments for client’s enterprise-wide Data and Application Platform hosting numerous business critical applications. Technologies utilized: AKS, Helm, NGINX, Cert Manager, Secrets Store CSI driver, Gatekeeper, Falco, Azure storage, Azure Key Vault, Azure Monitor.
- Independently designed and developed production-ready secure implementation of Apache Nifi data processing system on top of AKS.
- Implemented Protected-B staging and production AKS cluster environments utilizing HashiCorp Terraform.
- Performed security hardening and audits of Kubernetes environments using Azure Policy, Gatekeeper, and Falco solutions
- Implemented Kubernetes application integration with Azure Key Vault using Secrets Store CSI driver
- Implemented Kubernetes cluster layer 7 routing using NGINX Ingress Controller
- Independently designed and implemented back-up and recovery solution for AKS (using Velero), PostgreSQL server databases, and Azure Key Vaults (using Azure DevOps).
- Working as a DevOps Engineer developing CI/CD pipelines for continuous delivery of applications to client’s Kubernetes based Data and Application Platform using Azure DevOps platform, Helm, Docker, and Terraform.
- Implemented security scanning of applications in CI/CD pipelines using Aqua Trivy and conftest products to ensure that applications adhered to organization security requirements
- Implemented security monitoring and alerting using Azure Monitor, Azure Log Analytics, and Azure Security Center
- Performed security audits and remediation of custom Docker images using Azure Container Registry
- Provided general development and operational support for all non-production and production AKS clusters.
Canada Border Services Agency — May 2020 – September 2021
- Cloud Solutions Architect designing and implementing client’s enterprise-wide data lake and data analytics platform and two applications built on-top of the platform.
- Designed and documented data lake/data analytics platform capabilities (data ingestion, data transformation, machine learning, data visualization/reporting) and architectural concerns (e.g. security, DevOps, operations) to be used as a blueprint for future business applications utilizing the platform.
- Implemented and provided operational support for various integration and ETL processes for data ingestion/export/transformation using AWS Lambda, AWS Glue, and boto3 (AWS Python SDK) resulting in an increased frequency of business-critical BI reports.
- AWS Services utilized: S3, Lambda, Glue, IAM, Athena, Redshift, SQS, SNS, CloudTrail, CloudWatch, SageMaker, CloudFormation, KMS, DynamoDB.
City of Ottawa — May 2020 – July 2020
- Designing and implementing cloud native solution to migrate self-hosted on-prem Kubernetes environments to Azure Cloud. Target cloud architecture consists of Azure Kubernetes Service for application hosting with Azure DevOps, and HashiCorp Terraform for CI/CD and IaC (infrastructure as code) capabilities.
Export Development Canada — May 2019 – April 2020
- Cloud Solutions Architect designing and implementing client’s hybrid on-prem/Azure cloud platform offering core cloud capabilities to multiple business teams.
- Using Azure Service Bus and Azure Functions, designed and implemented enterprise-wide Azure Log aggregation solution collecting logs from various systems across multiple Azure subscriptions and integrated it with existing on-prem SIEM products.
- Designed and implemented Azure tagging policy across multiple subscriptions to improve resource operational management, utilization reporting, and cost allocation
- Designed and implemented platform services for automated provisioning of SQL Server PaaS Databases, Azure Storage Accounts, Azure Key Vaults, SQL Server Firewall rules, and Azure Private Link Endpoints
- Provisioned Azure compute resources (VM’s) to clients using Terraform and Ansible
- Technologies utilized: Azure Cloud IaaS and PaaS services (e.g. VNet, Networking, Linux and Windows Compute, Azure Storage, Azure Event Hubs, Azure Monitor, Azure Log Analytics, Security Center, SQL Server, Azure Blueprints), CI/CD (Azure DevOps, Git, Terraform, Ansible, ARM Templates)
Cloud Technology Architecture Manager (Accenture) — Nov 2011 — May 2019
Major Transportation Services Client (Crown Corporation) — Feb 2019 – May 2019
- Solutions Architect designing Azure cloud-native RESTful microservice APIs with very stringent requirements around performance, site reliability, availability, and security
- Technologies utilized: Azure Cloud IaaS (e.g. VNet, Networking, Compute), Kubernetes (AKS), Docker, Kafka (Event Hubs), Kotlin, CosmosDB, CI/CD (Git, Ansible, Terraform)
Major Financial Services and Insurance Industry Client (Crown Corporation) — Oct 2016 – Feb 2019
- Member of technology architecture team on a large enterprise cloud migration and transformation program utilizing Microsoft Azure Cloud. This includes “lift and shift” server migration and complete custom application re-platforming
- Member of enterprise architecture team developing cloud migration roadmap and strategy, enterprise-wide standards, guidelines, and best practices
- Responsible for defining various application integration patterns (e.g. Asynchronous brokered messaging, RESTful web API, ETL) and specifying guidelines and best practices for their use
- Lead delivery of integration components as part of large Dynamics 365 CRM implementation from interface design to production deployment. Integration systems included other custom on-prem/IaaS applications and SaaS platforms (Dynamics 365 for Operations, PowerBI). Technologies utilized in implementation consisted of various Azure Cloud services (e.g. Service Bus, Logic Apps, Azure SQL Database, Functions, API Apps, SSIS)
- Member of Enterprise Architecture Steering Committee reviewing technical designs, identifying project risks, and proposing solutions
Major Delivery Services Client (Crown Corporation) Oct 2014 – Aug 2016
- Responsible for creating the technical specifications of various architectures necessary for delivery of a mobile application modernization project of approximately 35000 devices. Designed and documented specifications for technology architectures, including back-end system application architecture, development (continuous integration) architecture, operations architecture, and execution architecture.
- Managed infrastructure provisioning required for various development, QA, and production environments in support of the project utilizing a hybrid IaaS (AWS) and traditional on-premise data-center environment. Responsible for designing and standing up the AWS cloud networking and compute components.
- Served as a subject matter expert for high-level solution. Worked with third party service provider during the design and implementation phases of the project, providing guidance on integration of various systems.
Major Delivery Services Client (Crown Corporation) — Oct 2014 – Aug 2016
- Responsible for creating the technical specifications of various architectures necessary for delivery of a mobile application modernization project of approximately 35000 devices. Designed and documented specifications for technology architectures, including back-end system application architecture, development (continuous integration) architecture, operations architecture, and execution architecture.
- Managed infrastructure provisioning required for various development, QA, and production environments in support of the project utilizing a hybrid IaaS (AWS) and traditional on-premise datacenter environment. Responsible for designing and standing up the AWS cloud networking and compute components.
- Served as a subject matter expert for high-level solution. Worked with third party service provider during the design and implementation phases of the project, providing guidance on integration of various systems.
Major Banking Industry Client — Nov 2013 - Sept 2014
- Focused on designing and supporting design changes/updates to web-service interfaces supporting credit card transactions and related business operations
- Worked with delivery partner organizations and client resources (development teams, testing teams, etc.) in providing functional testing guidance and assistance by reviewing test cases ensuring proper test case coverage. Collaborated with client resources in performing analysis for non-functional performance testing
- Played key role in identifying issues, performing triage, coordinating resources, and providing defect solution guidance in order to resolve issues during testing phases and project go-live
Major Retail Industry Client Jan 2012 – Sept 2013
- Independently installed, upgraded, and configured SAP application software in multiple QA environments
- Working with Solution Architects & Technical Architects, I was key contributor in designing source code control, deployment and configuration processes
- Reviewed deployment plans; performed deployment/configuration tasks to QA/production environments
- Performed testing activities, complex triage on issues and effectively coordinated activities and collaborated with other client resources and vendors to prioritize tasks and solve issues in timely manner
Education
- Master of Science, Physics University of Waterloo — Sep 2007 — Dec 2010
- Bachelor of Science, Physics University of New Brunswick — Sep 2001 — May 2007
- Bachelor of Science, Computer Science University of New Brunswick — Sep 2001 — May 2007