DevOps Engineer

Support Interim financial projects - ML/Data pipelines with emphasis on DevOps, provide support to the entire SDLC(end to end - dev to prod) using GitOps model

My core responsibilities in this positions are as below:

• Support Data pipelines over databricks, aws apache airflow (MWAA), AWS Sage Maker and Argo-Workflows

• Support Infrastructure pipelines using Terraform as its primary deploy tool using github actions, codebuild/codepipeline/codedeploy and legacy pipelines with Jenkins all of this targets deploys over AWS and GCP

• Support/Admin/Develop Datameshes on AWS Lakeformation/Glue/Athena and Databricks

• Support/Admin/Develop K8s pipelines onboardings on ArgoCD, EKS/GKE and support Istio meshes.

• Implement core deployments using Argo-Rollouts, Blue-Green patterns, AB testing and Canary Releases

• Part of the Architecture Enabling Initiative that POC new technologies

• Adhere to Security CSPM(CIS, guidelines, apply patches and automate most of our security concerns via Prisma Cloud security policies

• Support/Admin/Develop Observability Platform - Elastic Stack on hybrid architecture using cloud service and onprem (over cloud)

Provide support to AWS Governance, part of the Data and Governance team, working on security automations to maintain data consistency across accounts. Author of a wide variety of automations like DevSecOps and some other compliance pipelines.

• Organization Unit administration, responsible to maintain organization units, set up GuardRails, and maintain IAM SCP

• ControlTower automation across accounts.

• Responsible for helping teams on account administration, IAM, SCP, IAM Boundaries, SSO user/groups, troubleshooting - CloudTrails,CloudWatch.

• Administrate master AWS SSO and its customization to match the least privilege pattern.

• Provide automations for data and account configuration migration, DataSync and Terraformer.

• Provide assistance to isolate network issues TGW/VPC.

• Provide support to several accounts on EKS/GKE administration and design/solutions

• Provide support to integrational services, SQS, SNS, Cognito and APIGW.

• Maintain Security Posture across accounts, code and deployments by implementing DevSecOps patterns using different strategies as per the case require

• AWS SecHub administration, we maintain compliance across CIS, NSA and CISO benchmark

• Pipelines security based with tools like Palo alto CSPM, CSPM rule development, Chekov, TFSEC.

Provide support to the aws infrastructure and help to re-factor aws architecture strategy using terraform modules. Additionally I help to maintain the SDLC and CICD contributing actively with code. Also part of the container migration from ECS to EKS. Cloud: Terraform:

• Mainly deploying over AWS and GCP,although sometimes Authorization(LDAP) topics that are handled via Azure

• Maintain underlying networking and make use of modules for most of the SDLC and infrastructure pieces.

• Have the chance to participate in the monitoring tooling migration which is AWS CW to Grafana

• Have the chance to participate in the ECS/FARGATE to EKS initiative, migrating several services to it.

• CICD:

  • Jenkins: Maintain Groovy base libs, improvements and new modules are implied.
  • SCM : Bitbucket, git
  • Ansible. Responsible to maintain and develop roles related to the core infrastructure
  • Concourse. Responsible to maintain and develop pipelines related to the core infrastructure
  • AWS pipeline. Responsible to maintain and develop pipelines related to the core infrastructure Nexus. Maintain the tool for the java and javascript projects , additionally help to maintain

• Queue:

  • Rabbit / SQS. Helped to migrate the from the old architecture to our new distributed and multi account architecture

• Cache:

  • Redis / Memcached. Helped to migrate the from the old architecture to our new distributed and multi account architecture

• Provided solution for one of it’s IoT products, designing and improving their software development lifecycle

• Helped teams to create a fully automated pipeline using the most common patterns such as CI/CD , Automated Tests and Security pipelines

• Was also responsible for maintaining the whole infrastructure.

• Docker containers , helped team to jump in containerization, authoring containers using silo pattern via docker-compose

• Gitlab pipelines. Code is versioned using it. All pipelines were authored by me, I had the responsibility to maintain, tune up and troubleshoot all of them.

• Sonarqube. Used to grant best quality code integrated via pipelines.

• AWS. I was in charge to maintain the whole infrastructure used in the development of the project.

• Ansible. Used to maintain and deploy the final product.

• Responsible to maintain and dockerize tests , also integrate them into the pipeline

Provide solutions for Fintech - Transformation teams to design best devops chain base on the need of the project, all projects I handle are cloud-microservices based(cruds/apis) and my team is responsible to provide support to the entire SDLC, the solutions relies on the below tech stack.

• Design and implementation of multi-tier architectures using aws stack GCP
• Design and implementation of multi-tier architectures using gcp stack for data pipelines purposes
• responsible to create/maintain orgs, spaces and configurations for configserver and repositories, as well as to provide further network configuration such as routes, domains and cups
• responsible to help teams to dockerize and modernize legacy projects using kubernetes architecture.
• Planning and authoring aws, gcp infrastructure using terraform
• responsible to create/maintain Jobs for application builds
• Develop Pipelines over Blue Ocean plugin
• Design pipeline as code files(Jenkinsfiles)
• Design pipelines over Diego CloudFoundry containers using dockerfiles
• Docker strategies authoring using swarm, oc and cloudfoundry with its respective tool
• Automating Blue-green releases
• Automating code promotions from stage to stage on demand
• in charge to provide component so that developer can be able to promote their own code
• create component and design promotions from stage to stage

• Responsible to grant CD/CI for Big Data Projects - lambda algorithm, over SMACK stack

• Responsible to automate as much as possible the entire lifecycle

• In charge of administering the Public Cloud and Private Cloud for several projects

In charge to automate Rational CLM deploy, covering Infrastructure provisioning for each project, middleware installation and configuration(db2,websphere app server installed and configured by jython and bash scripts) and software installation and deploy(jython), this task include provision the infrastructure by code with aws-cli, openstack or IBM ICO.

• Maintain Docker environments with our configuration managers(chef), in charge to perform changes, patches and security assessment to stay in compliance with the ISO 27000 and IBM ITCS
• Provide support for some of the Rational Tools, this include configuration, troubleshoot and PMR ticket creation(with developers)

In charge to raise & give support to the development/testing environments. Apply architects requests. Give Dev/Test/Devops support to IBM internal/commertial projects. Part of the LDAP, Websphere APP server and AIX team, whom are in charge to give solutions for customers and isolate difficult issues. Responsibilities:

• IBM POWER SYSTEMS iSeries, pSeries setup & support
• NIM (Network installation Manager)
• Upgrades, Updates, Cloning environments,HMC Hardware Assessment Hardware configuration
• IBM Websphere Edge Load Balancer setup & support Setup & configure clusters and HA clusters Add clusters and members as the case required
• IBM Websphere Edge Network Dispatcher setup & basic support Network dispatcher dedicated servers configuration
• IBM TIvoli Directory Server (LDAP) setup & support Configure ldap database Configure certificates
• IBM Websphere App Server Network Deployment setup & support Setup Cells and Profiles as the case required Basic troubleshoot Advance scripting with wsadmin.sh(jython)
• IBM Internet Http Server setup & config
• IBM DB2 setup & config Instance setup & basic support
• IBM Tivoli Monitoring setup & support RHEL support :
• Work with LVM to set VGs as per request
  • Work with ESXi
  • Restores
  • Upgrades
• Isolate difficult issues with strace, ltrace
• Forensics(able to work with volatility and other python-based frameworks) to rescue information
  • Software, middleware deployments
  • Work with cloud and traditional servers

As a system administrator I have 800 server in my charge & the following duties:

• Check for vulnerabilities on MAD(Mixed Address Database) nessus-based
• Correct properly the vulnerability as the case require
• Solve APARs(Authorized Program Analysis Report) and ISO27001 potential threads Fix properly security issues
• Solve Certificates issues
• Solve Security issues Health checks according with IBM ISO ITS400
• Automate processes by scripting