Experience
Companies I've worked with
Senior DevOps Engineer · Contract
Halian · Client: Leading Financial Institution in UAE
Feb 2024 — Present
1+ yr
- CI/CD Migration: Migrated 30+ microservices CI/CD pipelines from on-premise Azure DevOps to AWS-native services (CodeBuild, CodePipeline, CodeCommit), with trunk-based branching strategy, event-driven automation using Lambda (Python), EventBridge, and SNS.
- GitOps Workflows: Designed and implemented GitOps pipelines for 40+ microservices on Azure AKS using GitHub Actions, with automated DEV → UAT → PROD promotion, PR-based approval gates, and a dedicated GitOps repo.
- Terraform CI/CD Pipelines: Built GitHub Actions pipelines for Terraform-based Azure infrastructure provisioning with plan/apply split, remote state in Azure Storage, environment-specific tfvars files, and secrets fetched at runtime from Azure Key Vault.
- DevSecOps Integration: Embedded SAST, SCA, and DAST (Checkmarx), container image scanning (Trivy), image signing (cosign), and code quality gates (SonarQube) across all CI/CD pipelines.
- End-to-End TLS: Leveraged existing Internal and Intermediate CAs to manage TLS certificates for 40+ microservices, enforcing encrypted communication across the full request path from APIM to AKS.
- Azure Landing Zone: Designed and provisioned a secure, multi-subscription Hub-and-Spoke Azure landing zone with Azure Firewall Premium (IDPS), UDRs, ExpressRoute, Azure Sentinel, RBAC, and Azure Policy across Management, Identity, Connectivity, Non-Prod, and Prod subscriptions.
- Azure API Management: Deployed external and internal APIM instances in internal mode within workload spoke subscriptions, fronted by Application Gateway with WAF in the Connectivity Hub for secure external access.
- AI Document Intelligence: Provisioned a dedicated Azure subscription for AI document extraction workloads using Azure Document Intelligence, AKS, PostgreSQL, Blob Storage, Key Vault, and APIM — all via Terraform with private endpoints and managed identities.
AzureAKSTerraformGitHub ActionsAPI ManagementCheckmarxDevSecOpsAzure Firewall
Senior Platform Engineer / Software Engineer 3
Banque Saudi Fransi
Sep 2022 — Jan 2024
1 yr 4 mos
- Automated Certificate Management: Employed cert-manager for streamlined certificate management via HTTP and DNS validations, enhancing security and efficiency.
- OAuth2 Authentication: Improved security posture by integrating OAuth2 authentication for internal services like Grafana, providing a seamless Single Sign-On (SSO) experience for developers.
- Unified Monitoring and Alerting: Implemented kube-prometheus to ensure robust observability of the Kubernetes cluster's health and performance.
- iOS Build Optimization: Reduced iOS build time by 75% (from 1 hour to 15 minutes) using self-hosted Mac Studio GitHub runners, significantly enhancing build efficiency.
- Infrastructure Architecture: Played a pivotal role in architecting a secure and robust infrastructure, utilizing Hub and Spoke model VCN, Next-Generation Firewall, DRG, NLB, ALB, and OCI Kubernetes.
- SAML Integration: Implemented SAML to create users for SonarQube using Keycloak as the Identity Provider, streamlining user access.
- Backup and Recovery: Set up full and differential backup jobs for self-managed MSSQL on Kubernetes to achieve the required RTO and RPO.
- CI/CD Pipelines: Developed and managed CI/CD pipelines leveraging GitHub Actions and ArgoCD. Automated Kubernetes manifests linting and deployment using Kubescore, Kubeval, and Kustomize.
- WAF Deployment: Configured WAF to protect against DDoS attacks, improving web application security.
- Agile Methodology: Actively participated in daily stand-ups, sprint planning, and adhered to agile methodologies for efficient project execution.
- Incident and Change Management: Proficient in incident and change management, prioritizing issue resolution to maintain optimal service performance.
OCIKubernetesArgoCDKeycloakPrometheusLokiTrivyGitHub ActionsMSSQL
DevOps Engineer
Tradeling
Jan 2020 — Aug 2022
2 yrs 7 mos
- Kubernetes Infrastructure: Set up infrastructure on self-managed Kubernetes cluster on AWS using Ansible, Terraform, and poseidon/typhoon. Generated k8s manifests using PHP.
- API Gateway Migration: Migrated all backend APIs to AWS Edge Optimized API Gateway and EKS. Used AWS WAF, API Throttling, API Caching, Network LB and VPC Link.
- CloudFront Caching: Caching APIs at AWS CloudFront with dynamic origins, reducing homepage response time by 75% (105ms → 25ms) with custom CORS and caching policies.
- China Performance: Reduced average website load time in China by 80% (2500ms → 500ms); reduced cost from $3,500 → $100/mo (97%) using Zenlayer Global Accelerator and geolocation records.
- PCI-DSS Compliance: Closed 70+ vulnerabilities reported in ASV, Network VAPT, and Web Application PT to achieve PCI-DSS compliance.
- ELK Monitoring: Set up monitoring for Tradeling infrastructure from scratch using ELK stack, Metricbeat, Journalbeat, and Ansible collecting data from 20+ servers across 3 environments.
- CI/CD Pipelines: Set up CI/CD on GitHub Actions and Docker Jenkins using Ansible, running 5,000+ jobs/day. Maintained Jenkins jobs using Groovy scripts.
- Kibana Dashboards: Created monitoring dashboards in Kibana for API Performance, MongoDB, NATS, MySQL, Kubernetes, Hosts, System Monitoring, and Docker.
- Automated Releases: Daily automated releases using Python script (2,000+ lines) sending automated email change logs of 50+ repositories to respective teams.
- Database Management: Maintained self-managed databases including MySQL and MongoDB using docker-compose. Daily backups uploaded to AWS S3 buckets using Ansible.
- Website Monitoring: 24/7 automated website monitoring using Prometheus, Alertmanager, and Blackbox Exporter with automated Slack alerts.
AWSKubernetesTerraformAnsibleELKJenkinsPythonCloudfront
DevOps Engineer
Accelya Group
Nov 2018 — Jan 2020
1 yr 2 mos
- Infrastructure Setup: Spearheaded the setup of infrastructure for Development, UAT, and Production environments on Weblogic and Tomcat platforms, catering to the specific needs of new customers.
- Migration of Build-Jobs: Successfully migrated the build-jobs of 66 customers, optimizing the process by separating the Build & Deployment phases, improving efficiency and deployment reliability.
- JIRA Dashboard: Crafted an extensive JIRA dashboard widely adopted across multiple teams, significantly streamlining ticket management and bolstering adherence to DevOps practices.
- Agile Methodology: Actively integrated Agile methodologies into project management and operational workflows, leading to more adaptive and responsive development cycles.
- SRE Practices: Applied SRE principles to ensure high availability and reliability of services. Focused on automating solutions for operational tasks, incident response, and system monitoring.
- Cross-Functional Collaboration: Fostered a culture of collaboration between development, operations, and quality assurance teams, promoting a unified approach to project execution and problem-solving.
WeblogicTomcatJenkinsJIRA
Software Engineer
Walmart Labs
Jan 2017 — Oct 2018
1 yr 9 mos
- Microservices Infrastructure: Developed and managed infrastructure for microservices on OneOps, incorporating disaster recovery capabilities spanning thousands of servers across two data centers, ensuring high availability and resilience.
- DevOps Automation Dashboard: Engineered a DevOps Automation Dashboard using Django and Python to automate responses to Splunk alerts via passwordless SSH, significantly enhancing operational efficiency and reducing manual intervention.
- Agile in Infrastructure: Applied Agile principles in the development and maintenance of infrastructure, enabling rapid adaptation to changing requirements and continuous improvement.
- Proactive Incident Management: Implemented proactive monitoring and alerting systems aligned with SRE best practices to anticipate and swiftly address potential issues, minimizing downtime and service disruptions.
- Cross-Functional Collaboration: Fostered a collaborative environment between development, operations, and IT teams, ensuring seamless integration and efficiency in managing large-scale infrastructure.
OneOpsDjangoPythonCelerySplunkSSH