I bring a 15-year foundation in scientific R&D automation. Since 2016, my work has centered on Drug Discovery—leading technical automation and managing massive, highly sensitive datasets (50+ million records). This evolved into 5+ years in the IT sector, including 3 years explicitly focused on DevOps engineering. Today, I apply this scientific rigor and strict security mindset to build resilient, highly available (SLA 99.9%) cloud-native and hybrid systems—fully focused on DevOps and Platform engineering.
🌐 Current Focus: Infrastructure reliability, Kubernetes optimization (HPA, RBAC), scalable hybrid/multi-cloud provisioning, and secure monitoring stacks.
🧪 Domain Expertise: High-throughput screening pipelines, large-scale SQL database management, and implementing strict network/data isolation.
💬 Ask me about: Multi-stage Docker hardening, Helm templating, and automated ETL pipelines.
🔍 Looking For: Open to challenging engineering roles across all industries, with a particular interest in high-load systems, FinTech, BioPharma, MedTech, and MilTech.
| Category | Technologies |
|---|---|
| Cloud & PaaS |       |
| Containers & IaC |     |
| CI/CD |    |
| DataOps & ETL/ELT |     |
| Monitoring |    |
| Linux |     |
| R&D & Scientific |     |
| Languages & DBs |     |
-
AWS Scalable ECS Cluster via Terraform — Provisioned a highly available, serverless web infrastructure on AWS utilizing a modular Terraform architecture. Orchestrated zero-management container execution via Amazon ECS (Fargate), integrated encrypted Amazon EFS for persistent shared storage across tasks, and configured an Application Load Balancer (ALB) to ensure dynamic, cross-AZ traffic distribution for Nginx workloads, ensuring fault tolerance and strict network isolation for high-load environments.
-
Azure Infrastructure-as-Code: Django Deployment — Architected a modular Terraform Infrastructure-as-Code (IaC) solution to provision a secure Azure cloud environment for a Django application. Configured a remote state backend via Azure Blob Storage for collaborative workflows and automated zero-touch server bootstrapping using the Azure CustomScript VM Extension, enforcing strict network security with dedicated VNets and dynamic NSGs.
-
On-Premise Monitoring Stack (PoC) — Built a secure, scalable monitoring system using VictoriaMetrics, Grafana, and Node Exporter to monitor remote Oracle Linux instances. Integrated with system firewalls (
firewalld) and enforced metric-scraping security with SELinux, meeting strict enterprise compliance and zero-trust requirements for bare-metal infrastructure. -
Automated Hetzner & Cloudflare Infrastructure — Architected a fully automated Terraform (IaC) pipeline to dynamically provision and configure secure Hetzner Cloud workloads. Utilized
cloud-initfor zero-touch Nginx deployment and integrated Cloudflare for automated DNS routing, edge WAF protection, and flexible SSL/TLS encryption. Designed with an "Apply & Destroy" methodology to demonstrate ephemeral resource management and strict cost optimization. -
Production-Ready CI/CD & Kubernetes Deployment — Engineered an enterprise-grade GitHub Actions pipeline featuring dynamic matrix testing, concurrency control, and manual staging approvals for a Django application. Packaged the workloads and a stateful MySQL database into custom Helm charts for scalable Kubernetes orchestration, integrating ephemeral clusters for CI dry-runs and configuring HPA for automated resource scaling.
-
Production-Ready Django Dockerization — Containerized a monolithic Django application utilizing multi-stage Docker builds to significantly reduce final image size and enhance security. Configured dynamic Python base images, isolated dependency compilation, and executed build-time SQLite migrations to ensure the container is completely ready to serve traffic immediately upon startup.
-
Event-Driven Extension Architecture — Executed a complete migration of the SelectionSK project to Google's Manifest V3 standard. Refactored persistent background logic into an event-driven model using modern Service Workers, ensuring high reliability and strict CSP compliance.
-
Kubernetes RBAC Security Baseline — Enforced zero-trust security in K8s workloads. Implemented strict RBAC controls (custom ServiceAccounts, Roles, RoleBindings) combined with container immutability (readOnlyRootFilesystem) for an Nginx deployment. Successfully validated restricted API access and filesystem locks, establishing an enterprise-grade baseline ready for PCI DSS and ISO 27001 compliance audits.
-
Terraform DevSecOps Baseline: Azure OIDC & Remote State — Engineered a secure, passwordless Infrastructure as Code (IaC) pipeline. Migrated local state to an isolated Azure Blob Storage backend with State Locking enabled. Implemented federated OIDC authentication via GitHub Actions, completely eliminating static credentials (zero secrets) and establishing an enterprise-grade standard for collaborative infrastructure management.
-
Secure EFK Stack: Nginx Observability & RBAC — Architected a lightweight, secure log management pipeline using Elasticsearch, Filebeat, and Kibana. Refactored traditional ELK architecture to an EFK stack to resolve Out-Of-Memory (OOM) constraints and optimize resource consumption. Enforced enterprise-grade security by implementing xpack.security, strict RBAC policies, and API-based credential injection for isolated infrastructure monitoring.
-
K8s Observability Stack: Prometheus & Grafana — Instrumented a web application to expose custom metrics and deployed the kube-prometheus-stack via Helm. Configured K8s ServiceMonitors for dynamic scraping and built custom Grafana dashboards using PromQL.
🔥 Always shipping code
⚙️ Automating everything
🧬 Science + DevOps brain combo