DevOps/Cloud Engineer | Solutions Architect

Analyzed the existing on-premise infrastructure and identified Azure services that best
matched business needs, ensuring a cost-effective and seamless migration.

Developed and automated an Infrastructure-as-Code (IaC) framework in Terraform,
allowing for repeatable, scalable, and efficient deployment of Azure resources.

Led the migration of an on-premise PostgreSQL database to a fully managed Azure SaaS
solution, eliminating maintenance overhead and improving scalability and reliability.

Replaced a self-hosted object storage solution with Azure Object Storage, leveraging
Azure’s security and redundancy features to enhance data availability and disaster
recovery.

Designed and deployed a CosmosDB for PostgreSQL cluster, automating provisioning
and management through Terraform to optimize database performance and reduce
manual intervention.

Implemented a Terraform-driven management layer that centralized resource
governance and policy enforcement, streamlining operations and ensuring compliance
with cloud best practices.

Developed and implemented a versatile Terraform base for all product teams, prioritizing
ease of use, flexibility, and multi-environment/region support, resulting in a widely
adopted skeleton structure that enhances productivity and efficiency across teams.

Successfully designed, coordinated, and implemented an enterprise network topology
on AWS using the HUB-Spoke strategy for centralized account connectivity,
leveraging TransitGateway to manage traffic through route tables and firewall, and
establishing seamless cross-regional communication among eu-central-1, us-east-1,
and ap-southeast-1 with TransitGateway Global-Peering. Streamlined the entire project
with Terragrunt for enhanced efficiency, resulting in a well-connected and automated
network topology that meets business needs.

Developed and implemented a secure and accessible strategy for product teams to
make changes to systems they don’t normally have direct access to, establishing a
community organization for firewall, Datadog, account management, and other areas
with easy-to-use Terraform projects tailored to meet the needs of the teams without
requiring a deep understanding of Terraform. Automated the entire process through
Github Actions, and ensured every change was reviewed through a pull request by the
Platform team, resulting in a streamlined and efficient system that promotes productivity
and collaboration.”

Collaborated with the Platform team to identify areas for improvement and provided
valuable advisory support in the creation of new organizational processes to enhance
collaboration, resulting in a more cohesive team and improved productivity.

Successfully developed and implemented a Terraform project that effectively manages
AWS firewall rules, overcoming the challenge of the AWS API’s lack of a process to remove
a rule group from the AWS firewall policy before deletion. Developed a detach and attach
rule group Terraform module that efficiently performs this task, and established the
project as a community initiative, enabling product teams to easily adjust firewall rules
through pull requests and reducing reliance on the platform engineering team, resulting
in a more efficient workflow and enhanced productivity.

Played a key role in the successful implementation of a centralized logging and
monitoring solution at Statista, leading the planning and coordination efforts in
collaboration with Datadog to execute a proof-of-value (PoV) project that prioritized
key elements such as terraform automation, single sign-on, logging, application
performance monitoring, and tagging concepts. As a result of overseeing the PoV
project and skillfully integrating the new solution with the entire Statista infrastructure,
operational workflows were significantly streamlined, and monitoring capabilities were
vastly improved.

Pioneered the development of a robust solution for the centralized provision of
vital information required by every terraform or terragrunt project for AWS accounts.
Recognizing that the platform team’s terraform/terragrunt projects for deploying the
cloud framework required the same information, a comprehensive catalog was created
that provides all necessary details such as naming conventions and network CIDR ranges,
automatically generated for easy consumption by each terraform/terragrunt project.
This solution successfully eliminated the need to manually add critical information to
each project as the accounts expand, optimizing the efficiency of the cloud framework
deployment process.

Conceptualized and planned a successful cloud migration from Amazon Web Services to Google Cloud, ensuring a seamless transition and optimized performance for the client.

Designed and implemented a Kubernetes cluster on Google Cloud (GKE), optimized for autoscaling Gitlab runners with focus on cost efficiency, featuring node pools that provide nodes only when required, and leveraging preemptible nodes to minimize costs while maintaining high performance and scalability.

Orchestrated a comprehensive logging and application performance monitoring solution on a Kubernetes cluster using Helm Charts, utilizing tools such as Prometheus, Grafana, Graylog, MongoDB, and Elasticsearch on Google Kubernetes Engine, enabling efficient and scalable management of resources.

Performed ongoing maintenance and service for Google Cloud resources, regularly updating Helm Charts and importing updates for provided applications, ensuring reliable and up-to-date infrastructure for clients.

Developed and implemented a log event transmission strategy for non-standard log files, converting the logs into a contemporary format and sending them to Graylog via fluentd and multiline(RegEx), ensuring effective log management and analysis.

Provided guidance to internal staff and collaborated on the development of GROK patterns within Graylog, enabling the mapping of logs processed by fluentd into usable and searchable attributes, facilitating effective log management and analysis.

Established Graylog pipelines that extracted values from message blocks based on regex and mapped them into usable and searchable attributes for developers, facilitating streamlined log management and analysis.

Achieved centralized control of the Azure enterprise landing zone by implementing a fully automated blue-green deployment strategy for a Terraform project, utilizing Azure DevOps CI pipelines.

Successfully planned and executed two major migrations of the Terraform module “terraform-azurerm-caf-enterprise-scale” which manages the Enterprise Landing Zone, adapting to the new handling procedures introduced in the latest versions, while also performing cleanup work to ensure the codebase was collaborative and dynamic.

Developed and implemented over 50 Azure Policies based on Berenberg’s regulatory guidelines, including BaFin, ensuring compliance with banking regulations, and enabling governance and compliance in the Azure Cloud through centralized deployment using Terraform.

Provided support to developers in effectively utilizing Azure DevOps and managing access rights, ensuring streamlined project workflows and improved productivity.

Took charge of developing and modifying Azure DevOps Continuous Integration pipelines for applications and Hashicorp Terraform, ensuring reliable and efficient software delivery pipelines.

Collaborated on a joint pair review of Terraform code structure managed in Azure Cloud, providing analytical feedback that improved the quality and efficiency of the codebase.

Diagnosed and resolved Azure API Gateway issues that were causing delays for developers, discovering and reporting a bug that was acknowledged by Azure Support and ultimately fixed.

Conceptualized an enterprise landing zone strategy in Microsoft Azure, enabling centralized control over security, logging, monitoring, access rights, platform, and respective landing zones, while also ensuring seamless integration between them.

Developed and delivered workshops on Infrastructure-as-Code (Hashcorp Terraform), Azure Network Hub-Spoke topology, cross-regional IP address space calculation, and Azure landing zone for employees from the Cloud Competence Center and Network Administration departments at Beiersdorf, facilitating knowledge sharing and skill-building for these critical topics.

Conducted a review of existing cross-regional connections and connected the existing SD-WAN, ensuring seamless and efficient communication across all regions.

Planned and implemented a repository for dot.net applications, based on nugget within the Gitlab server, enabling centralized sourcing of dot.net dependencies for various teams and enhancing collaboration and efficiency.

Created Gitlab CI pipelines for the creation of nugget artifacts, automatically storing them in the nugget repository with tests, dependencies, and semantic versioning, streamlining developers’ processes and saving valuable time.

Project responsibility for the planning, conception and implementation of a hybrid-cloud network solution using Microsoft Azure and Terraform. The following Azure resources were used: Express Route, Route Tables, Firewall Manager, Application Gateway, VPN and the HUB-SPOKE network topology

 

Designing a secure data traffic to manage the traffic between the data center, cloud and the public endpoints in a controlled way.

Delivered a Proof-of-Concept for Puppet, enabling the Operations Team to test changes locally before pushing them to production through Jenkins Pipelines, increasing development velocity and failure tolerance.

Improved the existing Infrastructure as Code solution for Cloudflare based on Terraform, redesigning the code architecture to a modular basis, minimizing duplication and allowing reuse of Cloudflare resources, and creating a golang program to leverage the Cloudflare API, improving maintainability and usage of the Terraform runtime.

Implemented DNS Zone Forwarding to multiple Environments for services registered in environment-specific Consul clusters, enabling developers to browse their environment-specific Services using Consul DNS with only the datacenter and service names.

Automated the updating of expired Intermediate CA Certificates on all Puppet-managed hosts and added new certificates to the system and browser truststores, ensuring secure and efficient certificate management.

Planned capacity for a future Kubernetes Topology in accordance with existing services and resources used on hypervisors, ensuring effective and efficient resource allocation for future deployments.

Played a key role in the main automation project converting the infrastructure from a mainly manual
maintenance state into a completed automated state using Saltstack and GitLab, joining the design
sessions and being responsible for a sizeable part of the implementation effort, later taking over the
responsibility for being the main driver of automation and testing for any expansions using tools like
kitchen and InSpec and respecting a git-flow model, ensuring that a machine park with more than
300 hosts is completely managed through an automated and audited interface.

Successful proof-of-concept of a monitoring solution for MySQL databases based on Prometheus,
Grafana, and related exporters. This solution enabled developers to find inconsistencies amongst
database schemas and Infrastructure engineers to adjust and enhance the database performance.

Creation of a new segregated environment standard to run the company's applications, covering
different roles such as web servers, backend servers, and batch job servers backed by a set of
reusable Ansible deployment scripts.

Successful migration of the company hypervisor technology from VMWare to Proxmox, greatly
enhancing the automation capabilities of the platform and making it possible to run applications
with LXC container technology.

Design and implementation of a new load balancing architecture for dynamic request routing based
on consul, consul-template, and nginx. This new architecture enabled central log aggregation,
TLS-secured connections and dynamic routes based on service registration information stored from
the Consul service catalog.

Development of a new set of guidelines for service registration and discovery in the company,
together with automation systems for Consul and Consul Template management using SaltStack,
including enhancements to the core states and modules for Consul.

Rollout of a new Docker Registry based on Gitlab EE together with an S3 backend with controlled
access and encryption using in-house certificates. Provided documentation and examples for the
internal teams to migrate to the new solution.

Setup of a new test infrastructure based on Gitlab CI and dynamic build workers on AWS governed by
auto scaling runners. The solution enabled all teams working in both infrastructure and application
development to have an elastic environment for functional and end-to-end testing whilst greatly
reducing the need for on-premise testing infrastructure, resulting in significant cost savings. The
rollout of the solution included pair sessions with the development teams in order to adapt the
solution to be compatible with semantic versioning and the Java build process used in the company.

Successful PoC of infrastructure management on AWS using Terraform and a set of custom
scripts, allowing better view on what would be required to migrate all AWS resources to a
Terraform-managed setup.

Creation of a team vision and moderation of discussion sessions which enabled the team to map
pending work in form of a comprehensive roadmap, which is used to guide the Scrum planing
process.

Nginx Rollout of Graylog as the default log aggregator within the company, starting with PoC projects all
Amazon AWS the way to a fully automated setup backed by SaltStack running in the AWS cloud.

LANGUAGES Improved an existing DataStax Cassandra Cluster through a multi phased process of collecting
performance data with prometheus, identifying existing bottlenecks and implementing multiple
German configuration enhancements, amongst them fixing rack awareness, heap space allocation, number

English of nodes, data replication level and automation with Ansible. After the changes the amount of
running transactions per second was increased in around 400%.
Greek Automated the installation of Apache Kafka brokers by creating custom Debian packages and an

Ansible role to install them, improving provisioning time for new clusters.

Deployed a PoC project for Java application tracing based on Dynatrace, enabling development
teams to proactively detect performance bottlenecks across services and infrastructure
components.

Planned and migrated a Cloudera cluster from major release version 4 to 5, including an linux
upgrade from CentOS 6 to 7 managed by puppet with all new configurations and components
(Hadoop HDFS, YARN, HBase, Hive, ZooKeeper, Kafka, Flume, Spark). The existing data was
synchronized by homegrown scripts with zero downtime.

Participated in a true DevOps culture in steadily improving YARN. Worked hand in hand with
development teams to determine the best resources for the various workloads to achieve the best
possible result, obtaining a performance increase of 50%.

Creation of various enrichment scripts for 3rd party data consumed from many data sources saving
on-demand changes to Hadoop HDFS.

Participation in the construction of a data enrichment pipeline by means of Kafka brokers and
flumes in the process of sequential data processing, storing data of a defined file size limit in a HDFS
cluster. The system was able to process 2 million synthetic data messages per second.

Created a python-based data backup and recovery solution for Cassandra database systems
emulating 1 automated recovery per month.

Setup a Gitlab CI 8 build pipeline to support development teams in their build and release process.

Migrated workloads running over bare metal to an OnApp KVM based solution with Samba4 acting
as a Domain Controller for the environment. Also deployed a unified monitoring and alerting setup
for this environment with Nagios.

Implemented a centralized configuration management system with puppet (v3.4) and created
custom puppet modules for various infrastructure components (MariaDB, Nagios core, vsftpd,
OpenVPN, shorewall, iptables, HAProxy, POSIX users and groups, PowerMTA, ActiveMQ, Apache,
MongoDB, sudo, OnApp, NFS, OpenLDAP).

Provided consultancy on performance tuning for MariaDB Galera clusters to subsidiaries of the ad
pepper holding.

Performed migration of Microsoft SQL Server clusters to version 2014 from 2005 with the following
features: DB-Engine, Analysis Services, Integration Services.

Administration and governance of the entire IT infrastructure including high availability, security,
backup on ubuntu linux servers and ruby application and moving software business workloads into
a software defined datacenter with VMWare vSphere.

Implemented a unified security solution via multiple Sophos UTM (WAN, LAN, VPN).