I joined GEC to work on their flagship product, Oncite, which is essentially a large system composed of multiple servers, routers, and switches. It is shipped to the customer?s location and serves as an on-premise data center and cloud provider. The cloud platform is OpenStack, which runs on top of Kubernetes
I joined the company when the product was in its early stages. Much of my work involved migrating from ad-hoc scripts to robust, production-ready solutions adhering to DevOps principles
Some of the things I did include:
Built on-premise Kubernetes clusters using Kubeadm and RKE
Ran OpenStack on top of Kubernetes for scalability and used it as an on-premise cloud provider
Offered Ansible Tower / AWX as a SaaS for configuration management and on-premise infrastructure provisioning
Built CI/CD pipelines with GitLab CI and ArgoCD, treating all infrastructure pillars as microservices within the CI/CD process
Migrated Kubernetes configuration management from a mix of Kustomize and Helm to Ytt.
Used Terraform to orchestrate OpenStack infrastructure as code via dynamically generated GitLab CI pipelines
Designed and implemented observability from scratch (Prometheus Operator, Grafana, Loki, Thanos, OTEL, Vector)
Upgraded various OpenStack components to newer versions and backported necessary functionality from the latest releases
Designed and maintained database solutions such as PerconaDB, PostgreSQL, Redis, Kafka, and more
Implemented Netbird as a VPN mesh, allowing secure connections to offshore Oncite systems
Maintained various container images based on upstream ones, incorporating the required changes for the Oncite solution to work
Developed reusable Terraform modules offered as a service to multiple SRE teams and developers
Wrote Checkov security policies for Terraform to enforce compliance
Worked with Rook Ceph for distributed storage on the Oncite
Acted as a tech lead and introduced new? technologies and solutions across the organization
German Edge Cloud
Berlin, Germany
4 years
2022-01 - now
greenfield project
Freelance Cloud Architect, DevOps & SRE
Freelance Cloud Architect, DevOps & SRE
I joined Brenntag to work on a greenfield project focused on building an API platform solution based on EKS as the container platform and Istio as the service mesh, providing API platform capabilities offered as a SaaS to internal teams
Some of the things I did include:
Designed AWS infrastructure from scratch and used Terraform for IaC via dynamically generated GitLab CI pipelines
Developed reusable Terraform modules offered as a service to multiple SRE teams and developers
Built and maintained multiple EKS clusters interconnected using Gloo Enterprise based on the Istio service mesh
Managed Gloo Enterprise and Istio operations, including highly available cluster upgrades, multi-revision management, QA testing, and more
Wrote extensive documentation and code samples for developers on how to use the provided features for API security and traffic management, including SSO, JWT authentication, traffic mirroring, rate limiting, header manipulation, cluster failover, fault injection, retries and timeouts, and access policies
Implemented Cilium as the CNI and layer 4 firewall, and Istio access policies as the layer 7 firewall, isolating workloads from one another
Implemented Istio gateways for both ingress and egress, locking everything by default and allowing only required remote endpoints based on team requirements
Introduced the "workspace" concept above namespaces in the cluster, giving developers more flexibility in designing their workloads while maintaining strict security requirements
Built CI/CD pipelines using GitLab CI and ArgoCD
Designed and implemented observability (Prometheus Operator, Grafana, Loki, Thanos, OTEL, Vector)
Built multi-cluster Grafana dashboards for developers to monitor everything running across clusters
Wrote Kyverno compliance policies to strengthen cluster security and isolate workloads.
Used Argo Workflows to implement end-to-end QA testing for both the API platform features (Gloo + Istio) and all applications deployed in the cluster, including supporting infrastructure such as observability and secret management
Brenntag
4 years
2022-01 - now
implementing Istio for security
Freelance Cloud Architect, DevOps & SRE
Freelance Cloud Architect, DevOps & SRE
I worked for a German state through Accenture on a short-term project focused on implementing Istio for security, designing highly durable ELK clusters, and deploying observability solutions
Some of the things I did include:
Deployed Istio service mesh for enhanced security
Enforced mTLS across all services and disallowed unencrypted traffic
Onboarded legacy applications running on bare metal
Implemented Istio ingress and egress gateways, routing all outgoing traffic through isolated egress nodes
Designed and deployed highly durable Elasticsearch clusters, benchmarking them with Rally to ensure they could handle customer traffic
Implemented observability for all solutions using Prometheus and Grafana
Accenture
1 year 6 months
2020-10 - 2022-03
Built the container orchestration infrastructure
Senior DevSecOps Engineer
Senior DevSecOps Engineer
Built the container orchestration infrastructure from scratch on AWS EKS
Set up infrastructure monitoring using Prometheus Operator and Grafana
Built CI/CD pipelines and automated security processes using GitLab CI and Ansible
Ran production-ready Elasticsearch clusters for log aggregation and security monitoring
Designed CI/CD workflows for services running on Kubernetes
Built Kustomize bases for all tools and services and deployed them in Kubernetes via ArgoCD
Wrote Terraform code to manage AWS infrastructure and enforce security policies; refactored existing code to be compatible with the latest Terraform version
Implemented Anchore Enterprise as a container compliance solution, supporting package, dependency, secret, and malware scanning; wrote security policies for the business unit
Added runtime security scanning for all Kubernetes deployments
Encrypted secrets using Sops for infrastructure and Bitnami Sealed Secrets on Kubernetes
Implemented HashiCorp Vault as a central secrets server for the entire company
OLX Group
Berlin, Germany
1 year 8 months
2019-03 - 2020-10
Set up and maintained infrastructure
Senior DevOps Engineer
Senior DevOps Engineer
Set up and maintained infrastructure in a highly restricted and secure environment
Migrated the platform from traditional infrastructure to containers running on a private cloud provider
Implement the latest technologies, including:
Rancher Kubernetes Engine for container orchestration
Terraform for cloud infrastructure management
Ansible and Ansible Tower for configuration management and continuous deployment
Prometheus Operator, Thanos, and Grafana for centralized multi-cluster monitoring
Elastic Stack and ElastAlert for log aggregation and monitoring
GitLab CI for CI/CD pipelines
PostgreSQL, Kafka, Redis, and Barman, all deployed and managed via Ansible roles
Istio service mesh
Helm for Kubernetes c?onfiguration management
Verimi GmbH
Berlin, Germany
7 months
2018-09 - 2019-03
Set up production-ready Kubernetes clusters
DevOps Engineer
DevOps Engineer
Set up production-ready Kubernetes clusters on AWS (EKS and Kops) and managed applications using Kubernetes Operators
Integrated complete monitoring and logging solutions for Kubernetes using Prometheus Operator and ELK Stack
Researched and implemented the best ingress controllers for Kubernetes based on specific use cases
Enhanced Kubernetes security by implementing image vulnerability scanning in pipelines, restricting Docker registries to specific namespaces or cluster-wide using a Kubernetes Operator, and applying image signing
Set up and maintained Harbor as a Docker registry with Clair, Chartmuseum, and Notary server
Proposed and implemented the concept of Kubernetes Operators within the company
Designed and implemented CI/CD on top of Kubernetes using Jenkins and containers to continuously integrate and rapidly deploy software through automated pipelines
Improved and maintained AWS cloud infrastructure using Terraform
Provided input for documentation of new or existing solutions to ensure information accessibility
Designed and built Docker container images
Performed code reviews and promoted best practices
Bonial International GmbH
Berlin, Germany
11 months
2017-11 - 2018-09
Worked across all areas of Jenkins
DevOps Engineer
DevOps Engineer
Worked across all areas of Jenkins, including setting up CI for new branches, build automation, plugin management, security, and master/slave configurations
Integrated various version control tools, build tools, and deployment methodologies into Jenkins to create end-to-end orchestration of build cycles
Used Ansible for provisioning, configuration management, orchestration, and continuous delivery
Coordinated all build and release activities, ensured release processes were well documented, and managed source control repositories including branching and tagging.
Applied automation tools such as Ansible and Jenkins for deployment procedures
Wrote Python scripts to implement various monitoring checks
Maintained existing scripts and extended Linux system functionality as needed
Researched monitoring solutions on Azure and exported data to external monitoring platforms such as Prometheus, Icinga, and Graphite
Researched, evaluated, and implemented new technology solutions
Reduced technology costs while maintaining the same level of service for business clients
Documented and implemented a disaster recovery plan, including backup schedules, regular testing, and off-site recovery procedures to ensure data integrity and business continuity
Developed holistic solutions by analyzing client needs and applying critical thinking throughout the specification, design, implementation, and testing phases
AnsibleJenkinsDockerRHELIcingaZabbixNginxMariaDBGrafanaProxmox VE
Enterprise Albania
Tirana, Albania
1 year 1 month
2016-11 - 2017-11
Re-engineered institutional system setups
Linux System Admin
Linux System Admin
Re-engineered institutional system setups by establishing automated server generation routines, optimizing system performance, installing upgrades and patches, implementing system monitoring, and maintaining security protocols
Ensured that operating systems, software, and procedures aligned with organizational standards and strategic plans
Remediated major server vulnerabilities by updating components and replacing them with enterprise-class open-source alternatives
Ensured that assigned systems were engineered, configured, and optimized for maximum functionality
Albanian Armed Forces, Ministry of Defence
Tirana, Albania
1 year 1 month
2016-11 - 2017-11
Re-engineered institutional system setups
Linux System Admin
Linux System Admin
Re-engineered institutional system setups by establishing automated server generation routines, optimizing system performance, installing upgrades and patches, implementing system monitoring, and maintaining security protocols
Ensured that operating systems, software, and procedures aligned with organizational standards and strategic plans
Remediated major server vulnerabilities by updating components and replacing them with enterprise-class open-source alternatives
Ensured that assigned systems were engineered, configured, and optimized for maximum functionality
Albanian Armed Forces, Ministry of Defence
Tirana, Albania
Aus- und Weiterbildung
Aus- und Weiterbildung
3 years 8 months
2015-08 - 2019-03
Informatics
Master of Science in Informatics, Faculty of Natural Sciences, UT
A dynamic and self ? motivated DevOps engineer. Aspiring for a bright and challenging career in the field of container orchestration and application management, which enables me to upgrade myself with emerging trends and technologies
In my career, I have led at least 7 migrations from traditional infrastructure (mostly apps running natively on VMs) to container orchestration on Kubernetes and Openshift. This has given me the opportunity to research all modern technologies and implement them
I also have experience in platform security and have implemented great solutions such as central policy platform for security and governance, IDS for Kubernetes, admission controllers, Elasticsearch as a SIEM, CI scanning, Sonarqube, Terraform code policies and more
Einsatzorte
Einsatzorte
Deutschland, Schweiz, Österreich
möglich
Projekte
Projekte
4 years
2022-01 - now
work on their flagship product
Freelance Cloud Architect, DevOps & SRE
Freelance Cloud Architect, DevOps & SRE
I joined GEC to work on their flagship product, Oncite, which is essentially a large system composed of multiple servers, routers, and switches. It is shipped to the customer?s location and serves as an on-premise data center and cloud provider. The cloud platform is OpenStack, which runs on top of Kubernetes
I joined the company when the product was in its early stages. Much of my work involved migrating from ad-hoc scripts to robust, production-ready solutions adhering to DevOps principles
Some of the things I did include:
Built on-premise Kubernetes clusters using Kubeadm and RKE
Ran OpenStack on top of Kubernetes for scalability and used it as an on-premise cloud provider
Offered Ansible Tower / AWX as a SaaS for configuration management and on-premise infrastructure provisioning
Built CI/CD pipelines with GitLab CI and ArgoCD, treating all infrastructure pillars as microservices within the CI/CD process
Migrated Kubernetes configuration management from a mix of Kustomize and Helm to Ytt.
Used Terraform to orchestrate OpenStack infrastructure as code via dynamically generated GitLab CI pipelines
Designed and implemented observability from scratch (Prometheus Operator, Grafana, Loki, Thanos, OTEL, Vector)
Upgraded various OpenStack components to newer versions and backported necessary functionality from the latest releases
Designed and maintained database solutions such as PerconaDB, PostgreSQL, Redis, Kafka, and more
Implemented Netbird as a VPN mesh, allowing secure connections to offshore Oncite systems
Maintained various container images based on upstream ones, incorporating the required changes for the Oncite solution to work
Developed reusable Terraform modules offered as a service to multiple SRE teams and developers
Wrote Checkov security policies for Terraform to enforce compliance
Worked with Rook Ceph for distributed storage on the Oncite
Acted as a tech lead and introduced new? technologies and solutions across the organization
German Edge Cloud
Berlin, Germany
4 years
2022-01 - now
greenfield project
Freelance Cloud Architect, DevOps & SRE
Freelance Cloud Architect, DevOps & SRE
I joined Brenntag to work on a greenfield project focused on building an API platform solution based on EKS as the container platform and Istio as the service mesh, providing API platform capabilities offered as a SaaS to internal teams
Some of the things I did include:
Designed AWS infrastructure from scratch and used Terraform for IaC via dynamically generated GitLab CI pipelines
Developed reusable Terraform modules offered as a service to multiple SRE teams and developers
Built and maintained multiple EKS clusters interconnected using Gloo Enterprise based on the Istio service mesh
Managed Gloo Enterprise and Istio operations, including highly available cluster upgrades, multi-revision management, QA testing, and more
Wrote extensive documentation and code samples for developers on how to use the provided features for API security and traffic management, including SSO, JWT authentication, traffic mirroring, rate limiting, header manipulation, cluster failover, fault injection, retries and timeouts, and access policies
Implemented Cilium as the CNI and layer 4 firewall, and Istio access policies as the layer 7 firewall, isolating workloads from one another
Implemented Istio gateways for both ingress and egress, locking everything by default and allowing only required remote endpoints based on team requirements
Introduced the "workspace" concept above namespaces in the cluster, giving developers more flexibility in designing their workloads while maintaining strict security requirements
Built CI/CD pipelines using GitLab CI and ArgoCD
Designed and implemented observability (Prometheus Operator, Grafana, Loki, Thanos, OTEL, Vector)
Built multi-cluster Grafana dashboards for developers to monitor everything running across clusters
Wrote Kyverno compliance policies to strengthen cluster security and isolate workloads.
Used Argo Workflows to implement end-to-end QA testing for both the API platform features (Gloo + Istio) and all applications deployed in the cluster, including supporting infrastructure such as observability and secret management
Brenntag
4 years
2022-01 - now
implementing Istio for security
Freelance Cloud Architect, DevOps & SRE
Freelance Cloud Architect, DevOps & SRE
I worked for a German state through Accenture on a short-term project focused on implementing Istio for security, designing highly durable ELK clusters, and deploying observability solutions
Some of the things I did include:
Deployed Istio service mesh for enhanced security
Enforced mTLS across all services and disallowed unencrypted traffic
Onboarded legacy applications running on bare metal
Implemented Istio ingress and egress gateways, routing all outgoing traffic through isolated egress nodes
Designed and deployed highly durable Elasticsearch clusters, benchmarking them with Rally to ensure they could handle customer traffic
Implemented observability for all solutions using Prometheus and Grafana
Accenture
1 year 6 months
2020-10 - 2022-03
Built the container orchestration infrastructure
Senior DevSecOps Engineer
Senior DevSecOps Engineer
Built the container orchestration infrastructure from scratch on AWS EKS
Set up infrastructure monitoring using Prometheus Operator and Grafana
Built CI/CD pipelines and automated security processes using GitLab CI and Ansible
Ran production-ready Elasticsearch clusters for log aggregation and security monitoring
Designed CI/CD workflows for services running on Kubernetes
Built Kustomize bases for all tools and services and deployed them in Kubernetes via ArgoCD
Wrote Terraform code to manage AWS infrastructure and enforce security policies; refactored existing code to be compatible with the latest Terraform version
Implemented Anchore Enterprise as a container compliance solution, supporting package, dependency, secret, and malware scanning; wrote security policies for the business unit
Added runtime security scanning for all Kubernetes deployments
Encrypted secrets using Sops for infrastructure and Bitnami Sealed Secrets on Kubernetes
Implemented HashiCorp Vault as a central secrets server for the entire company
OLX Group
Berlin, Germany
1 year 8 months
2019-03 - 2020-10
Set up and maintained infrastructure
Senior DevOps Engineer
Senior DevOps Engineer
Set up and maintained infrastructure in a highly restricted and secure environment
Migrated the platform from traditional infrastructure to containers running on a private cloud provider
Implement the latest technologies, including:
Rancher Kubernetes Engine for container orchestration
Terraform for cloud infrastructure management
Ansible and Ansible Tower for configuration management and continuous deployment
Prometheus Operator, Thanos, and Grafana for centralized multi-cluster monitoring
Elastic Stack and ElastAlert for log aggregation and monitoring
GitLab CI for CI/CD pipelines
PostgreSQL, Kafka, Redis, and Barman, all deployed and managed via Ansible roles
Istio service mesh
Helm for Kubernetes c?onfiguration management
Verimi GmbH
Berlin, Germany
7 months
2018-09 - 2019-03
Set up production-ready Kubernetes clusters
DevOps Engineer
DevOps Engineer
Set up production-ready Kubernetes clusters on AWS (EKS and Kops) and managed applications using Kubernetes Operators
Integrated complete monitoring and logging solutions for Kubernetes using Prometheus Operator and ELK Stack
Researched and implemented the best ingress controllers for Kubernetes based on specific use cases
Enhanced Kubernetes security by implementing image vulnerability scanning in pipelines, restricting Docker registries to specific namespaces or cluster-wide using a Kubernetes Operator, and applying image signing
Set up and maintained Harbor as a Docker registry with Clair, Chartmuseum, and Notary server
Proposed and implemented the concept of Kubernetes Operators within the company
Designed and implemented CI/CD on top of Kubernetes using Jenkins and containers to continuously integrate and rapidly deploy software through automated pipelines
Improved and maintained AWS cloud infrastructure using Terraform
Provided input for documentation of new or existing solutions to ensure information accessibility
Designed and built Docker container images
Performed code reviews and promoted best practices
Bonial International GmbH
Berlin, Germany
11 months
2017-11 - 2018-09
Worked across all areas of Jenkins
DevOps Engineer
DevOps Engineer
Worked across all areas of Jenkins, including setting up CI for new branches, build automation, plugin management, security, and master/slave configurations
Integrated various version control tools, build tools, and deployment methodologies into Jenkins to create end-to-end orchestration of build cycles
Used Ansible for provisioning, configuration management, orchestration, and continuous delivery
Coordinated all build and release activities, ensured release processes were well documented, and managed source control repositories including branching and tagging.
Applied automation tools such as Ansible and Jenkins for deployment procedures
Wrote Python scripts to implement various monitoring checks
Maintained existing scripts and extended Linux system functionality as needed
Researched monitoring solutions on Azure and exported data to external monitoring platforms such as Prometheus, Icinga, and Graphite
Researched, evaluated, and implemented new technology solutions
Reduced technology costs while maintaining the same level of service for business clients
Documented and implemented a disaster recovery plan, including backup schedules, regular testing, and off-site recovery procedures to ensure data integrity and business continuity
Developed holistic solutions by analyzing client needs and applying critical thinking throughout the specification, design, implementation, and testing phases
AnsibleJenkinsDockerRHELIcingaZabbixNginxMariaDBGrafanaProxmox VE
Enterprise Albania
Tirana, Albania
1 year 1 month
2016-11 - 2017-11
Re-engineered institutional system setups
Linux System Admin
Linux System Admin
Re-engineered institutional system setups by establishing automated server generation routines, optimizing system performance, installing upgrades and patches, implementing system monitoring, and maintaining security protocols
Ensured that operating systems, software, and procedures aligned with organizational standards and strategic plans
Remediated major server vulnerabilities by updating components and replacing them with enterprise-class open-source alternatives
Ensured that assigned systems were engineered, configured, and optimized for maximum functionality
Albanian Armed Forces, Ministry of Defence
Tirana, Albania
1 year 1 month
2016-11 - 2017-11
Re-engineered institutional system setups
Linux System Admin
Linux System Admin
Re-engineered institutional system setups by establishing automated server generation routines, optimizing system performance, installing upgrades and patches, implementing system monitoring, and maintaining security protocols
Ensured that operating systems, software, and procedures aligned with organizational standards and strategic plans
Remediated major server vulnerabilities by updating components and replacing them with enterprise-class open-source alternatives
Ensured that assigned systems were engineered, configured, and optimized for maximum functionality
Albanian Armed Forces, Ministry of Defence
Tirana, Albania
Aus- und Weiterbildung
Aus- und Weiterbildung
3 years 8 months
2015-08 - 2019-03
Informatics
Master of Science in Informatics, Faculty of Natural Sciences, UT
A dynamic and self ? motivated DevOps engineer. Aspiring for a bright and challenging career in the field of container orchestration and application management, which enables me to upgrade myself with emerging trends and technologies
In my career, I have led at least 7 migrations from traditional infrastructure (mostly apps running natively on VMs) to container orchestration on Kubernetes and Openshift. This has given me the opportunity to research all modern technologies and implement them
I also have experience in platform security and have implemented great solutions such as central policy platform for security and governance, IDS for Kubernetes, admission controllers, Elasticsearch as a SIEM, CI scanning, Sonarqube, Terraform code policies and more
Vertrauen Sie auf Randstad
Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung