- Built and maintained cloud infrastructure in mainly GCP, but also AWS and Azure
- Terraformed all the things using various providers including GCP, AWS, Azure, Pingdom, DataDog, Cloudflare (Zero Trust), Spot.io, OpsGenie and GitHub
- Creation and maintenance of GKE-based Kubernetes clusters hosting the entire UP42 platform
- Designed and implemented secrets management using HashiCorp Vault
- Introduction of Cloudflare Zero Trust: Providing non-public IP access to internal applications utilizing SAML and GitHub authorization
- Introduction of cloud user and service permissions scheme based on the principle of least privilege
- Managed conduction of penetration tests with multiple external companies and organized fixing the found issues
- Support of SOC 2 Type 2 cyber security certification process
- Increased observability of the system using Datadog, GCP Metrics and Pingdom and introduced alerting and on-call using OpsGenie
- Reduced Kubernetes cluster node costs by 75 percent using spot.io
- Network design and administration: NAT's, firewall rules, routing, peering, Shared VPC's.
- Designed and implemented application and infrastructure CI/CD pipelines with CircleCI and Slack reporting
- Supported software engineers with SRE-related questions and problems
- Supported various product efforts in the geospatial domain
- Hiring Manager for SRE team: Interviewed and hired new team members
- First steps into leadership role with 1 report and being part of the extended leadership group
Tech Stack: GCP (GKE, Shared VPC / Cloud NAT / Firewall and Routing, IAM, CloudSQL, Pub/Sub, GCS, GCR, Logging), Kubernetes, Terraform, Helm, Docker, CircleCI, GitHub (Actions), ArgoCD, Argo Workflows, HashiCorp Vault, DataDog, Prometheus / Alertmanager / Grafana, Cloudflare (Zero Trust), OpsGenie, Pingdom, Spot.io, AWS (IAM / S3 / SageMaker), Ruby, Golang, Java / Kotlin, bash/zsh/ash, Windows VM Licensing