Può essere disponibile
(Aggiornato% updatedDate%)Cloud Security Expert
Stuttgart, Germany
Nativo Romanian, Moldavian, Moldovan, Fluente English, German
- 3+ years, Enterprise Cloud Security, DevSecOps and Gitops
- 3+ years in Microsoft Azure Cloud Transformation Projects
- 10+ years in IT Infrastructure and system administration
Competenze (36)
SECURITY
GITOPS
grafana
Soultions
Network
AKS
Monitoring
Terraform
Iac
DevOps
Bash
Loki
Kubernetes Services
MS EXCHANGE
Azure
Container Runtime Security
LOGGING
PIPELINE
CONTINUOUS INTEGRATION/DELIVERY
Terragrunt
Workloads Security
API
MAPPING
prometheus
NETWORK SECURITY
ArgoCD
Git
SHELL SCRIPTING
PowerShell
SIEM
Jenkins
SALES CAMPAIGNS
Terraspace
MSFT Exchange
JavaScript
Javascript Frameworks and Libraries
Esperienze professionali
2021-01 - Presente
− Responsible for the solution, architecture and setup of the IT Terraform Helm Charts Grafana Prometheus infrastructure.
− Review requirements, design and configure, monitor and maintain cloud based solutions in Azure. GitCrypt KeyVault CR EsXi Hyper-V − Assist in the creation of the technical design, documentation and implementation of the cloud infrastructure. UnRaid Proxmox Backup DRP VmWare − Maintain and create new cloud environments Cloud Security Migration CSPM CWPP − Design and development of IaC components (Infrastructure as Code), Terraform MariaDB Cosmos DB SQL Data Warehouse − YAML Manifests Configuration, Helm Chart Deployments − Implementation of organizational cloud compliance requirements Python Flask Django Javascript ReactJS − IAM-Security and Role Based Authentication (RBAC) Talend ETL Magento Shopware SysDig − Definition of security controls and standards to meet business and user requirements − Implementation security best practices in Azure infrastructure to comply with industry standard frameworks and policies. CERTIFICATES − AKS - Kubernetes Services Security Best Practices − Runtime Security, Container Image Scanning ✓ Microsoft Certified: Azure Solutions Architect Expert ✓ Microsoft Certified: Azure Architect Design (AZ-304) − Kubernetes, Container und Pods Security (Gatekeeper, ✓ Microsoft Certified: Azure Architect Technologies (AZ-303) securityContext) ✓ Microsoft Certified: Azure Administrator Associate (AZ-104) − Metrics Monitoring & Alerting (Grafana, Prometheus) ✓ Microsoft Certified: Azure Fundamentals − Network Security und Traffikmanagement, Istio service mesh ✓ IBM Cloud Private Infrastructure and Architecture ✓ IBM Cloud Private - Continuous Integration/Continuous Delivery Pipelines ✓ IBM Cloud Pak for Security - Security Engineer DevSecOps Cloud Advisory Consulting ✓ IBM Cloud Containers & Kubernetes Essentials Capgemini Outsourcing Services GmbH ✓ IBM Cloud Essentials
2021-01 - Presente
2021-01 - Presente
- The handouts are developed under the NIST Cyber Security - Microsoft Azure Cloud Training Framework exclusively for the eight core topics of Supply Chain - AZ-303: Microsoft Azure Architect Technologies Risk Management, Risk Management, Identity Management & - AZ-304: Microsoft Azure Architect Design Access Control, Data Security, Information Protection Processes & Procedures, Protective Technology, Security Continuous Monitoring, Recovery Planning. The eight core topics include 52
2021-01 - Presente
− Cloud Security Expert - Azure Migration, Container and Workloads Security, Automotive Project − Migrating Java core applications from Openshift environments to Azure Kubernetes Service (AKS), I work closely within an agile team of international software developers and use a variety of DevOps tools Jenkins, Git, Bitbuckets to manage the entire software development lifecycle.
− In the current automotive project as a cloud security expert, I am responsible for assessing the cloud infrastructure by securing all running business applications and related cloud infrastructure resources as well as the associated service applications from potential threats -DevSec-Ops during and after cloud migration.
− The cloud infrastructure is provided and managed via IaC, Terraform. Together with the Solution and Delivery Architects I am the first contact person at the customer and responsible for the technical planning and implementation of the Shitf-Left principle from DevOps to DevSecOps. The delivered resources and their security profiles are analyzed and tested for vulnerabilities to ensure that the resources are at the recommended maturity level and the security requirements are met.
− Source code separation and configurations into different Git repositories and the use of Helm charts enable continuous deployment using GitOps tools such as Argo CD which we used in the project. Argo CD automates the processes in the specified target environments, making possible the deployments and lifecycle management easily understandable and auditable.
− In the daily meetings with the software developers we are discussing the user stories in the active sprint (Jira) and individual tasks are prioritized to ensure that we are up to date and can deliver in time.
− The migration of on-prem applications and their transformation into microservices by means of known refactoring processes brings with it an increase in the complexity and diversity of computing systems and at the same time requires a high level of expertise. At the same time, the security of the IT Infrastructure and the continuous improvement of these systems through proper compliance with security standards should not be neglected and should be implemented with great care.
2020-08 - 2020-12
2019-01 - 2020-01
2020-01 - 2020-01
- Deploy and configure a Ubuntu VM Instance for the web application - Deploy and configure a Windows Server 2016 VM / MS Exchange - Configuration of Active Directory (AD) DC and user permissions
2020-01 - 2020-01
- Price Definitions Updates in Scripts/Queries.
- Code review and changes according to the Front Arena Release documentation Development of a Python-based Profile Tool
2019-01 - 2019-01
- Filling the database with the profile data of the employees.
- Revision of the profile design and presentation of the various variants.
- Implementing the functionality for reading the data from the database and creation of appropriate data structures.
- Implementing the functionality for generating PDF files using the PDFkit library.
- Programming a web application with profile data input functionality using the Flask library.
Development of a Python-based Real-Time Data feed streaming pipeline into MS SQL 2019 CFS - Consulting for Financial Services GmbH - Access to Stocks, Currencies historical data from Exchange Services - Dataframe Conversion, NumPy, Pandas - Reading values: Bid, Ask, High, Low, Open, Current Volume - Creating and executing SQL queries
2010-01 - 2018-01
2010-01 - 2018-01
- Template design and customization of layouts for best user experience and usability - Integration of new database tables and mapping of the respective attributes on the article page for an improved and more comprehensive product presentation - Creation of filter functions on the article page according to different criteria and attribute selection - Development of ETL/ELT processes with TALEND OpenStudio. This was necessary to process large amounts of data records from respective suppliers and to extract article information.
- Development of cronjob scripts in the respective shopping system for an automatic and timely import of item data.
- Development of cronjob scripts for a regular update of stock levels and prices.
- VMWare EsXi virtualization.
- Design of an on-premises infrastructure - Migration V2P from Ubuntu server Magento/Shopware to on-premises VMWare EsXi environment.
- Hosting/configuration of GCP/Shopware Bitnami Stack instances on Google Cloud Platform.
- Hosting/configuration of Windows Server 2016 instances HETZNER AG Cloud Infrastructure - Installation and configuration of Let's Encrypt SSL certificates.
- Installation and configuration Windows Server 2016 Active Directory - Installation and configuration of email services Ubuntu Server & GCP Active Directory Domain Controller Config. (AD DC) - Creating users and setting permissions accordingly.
- Email backups, storage backups, VM snapshots - Ensure directories and files are set with correct permissions and are fully protected from potential attacks.
- Development of a BASH script for automatic renewal of SSL/TLS certificates.
- Use of the ACME protocol and CertBot.
2010-01 - 2018-01
- Participation in ITK events and partnership programs.
- Member of the Synaxon AG IT-VerbundgruppeMicrotrend IT Partner.
- FUJITSU SELECT Partner.
- Certification in the field of Workplace Systems FUJITSU Technology Solution.
- Negotiation of framework agreements to enable better purchasing conditions with leading service providers and suppliers.
- Member of the ITScope trading platform.
- Conception and regular exchange with the specialist department on the subject of B2B system connectivity.
- Close cooperation in adhering to the technical and legal guidelines for the use of article information and its properties on the article page, especially images of high resolution that have potential CopyRight rights.
- Collaboration with content provider vendors DCI, Ingram Micro.
- Planning effective seasonal marketing campaign in various niche markets - Creation and optimization of Google Shopping Listing Campaigns for targeted groups.
- Cooperation with price comparison portals IDEALO, Geizhals, Rakuten online portal, Hitmeister.
- Performing market analysis to identify potential trends and their products at an early stage. This enables the launch of targeted campaigns with a high return on investment (ROI).
- Organize FLASH sales campaigns in cooperation with MYDEALZ bargain portal.
- Spreading the product range on various internet portals.
- Organize freelance program in an international environment and cooperation with coders and Google Adwords "connoisseurs" on sophisticated and seasonal campaigns.
- Responsible for budget planning for all project steps and investments.
Esperienze formative
2010-01 - 2013-01
2009-01 - 2010-01
2008-01 - 2009-01
2005-01 - 2008-01
2001-01 - 2005-01