Qualtie Technologies LLC
As Senior Engineer of DevSecOps at Qualtie, I helped our customer, Sparta Science, to implement robust information security practices in the cloud, and prepare CI/CD, build and deploy pipelines for their Federal environment on Palantir FedStart. My key responsibilities and accomplishments include:
- Developing 20+ helm charts with bundled services and build/deploy pipelines for the deployment to federal environment (Palantir Apollo).
- Implementing hardening of container images and DoD-approved security configuration on helm charts, as well as vulnerability patching pipelines for Federal environment, achieving 100% compliance with DoD standards and reducing critical vulnerabilities to zero on an automated basis.
- Developing secure EC2 image builder pipelines from scratch with CIS-benchmarked and STIG'd "golden" AMIs and base container images, ensuring full compliance with security scanners.
- Configuring and managing AWS GuardDuty and SecurityHub to monitor and detect threats across all available services and regions, achieving 100% score for CIS and NIST-800-53 conformance packs.
- Setting up and configuring a centralized logging system based on multiple AWS Elasticsearch clusters for efficient audit log management and analysis.
- Implementing Wazuh and Nessus Pro for runtime vulnerability scanning of dynamic auto-scaling environments (EKS/ECS), ensuring proactive identification and mitigation of potential risks.
- Establishing static code analysis in GitHub and dependency scanning with GitHub Dependabot for continuous security assessment of code and dependencies across nearly 200 repositories.
- Orchestrating weekly continuous penetration testing using GitHub Actions to validate the resilience of the infrastructure and applications against cyber attacks.
- Consulting Sparta Science on the preparation for a successful SOC 2 Type 2 audit, ensuring adherence to industry standards and regulatory requirements, earning auditor commendation for exemplary implementation.
Self-employed
As a DevSecOps Consultant, I focused on implementing robust security controls, compliance standards, and automated vulnerability management. My key accomplishments include:
- Enforced FIPS-140 cryptographic standard across all applications, containers, and AMIs.
- Containerized Wazuh 3.x and automated the deployment and configuration of the Wazuh server and agents (Linux/Windows) with PEM-based authentication.
- Implemented an automated virus scanning system for S3 uploads using AWS Lambda and ClamAV.
- Tailored custom SELinux policies for applications and Docker containers, configured SELinux for ECS/EKS, and created hardened AMIs.
- Configured automated SBOM manifest generation across clients GitHub repositories.
- Built an automated system for upgrading and patching vulnerabilities in service containers shipped with Helm charts.
- Assisted companies in preparing for FedRAMP audits.
Fasten, Inc.
Fasten was one of the world's largest taxi services, renowned for its brands "RuTaxi", "Vezyot", "Saturn", "RedTaxi," and "Leader". As a Lead DevOps Engineer, my primary focus was on standardizing various project components to ensure that test environments were relevant to the business workflow. Under my leadership, the following DevOps initiatives were implemented:
- Managed a team of 5 DevOps engineers, delivering all projects on time and within budget.
- Designed and executed CI/CD pipelines for over 80 microservices in AWS, and migrated these services to Kubernetes.
- Transitioned infrastructure to Infrastructure-as-Code (IaC) using Terraform and AWS CloudFormation.
- Established traceable environments coupled with a reporting system for enhanced monitoring in AWS.
- Fostered knowledge sharing across a 50-person development team, promoting AWS best practices.
- Introduced code review processes and automated code quality analysis using AWS CodeStar and other tools.
- Additionally, I contributed to the architectural design of a new ride-sharing platform intended to replace the existing one, leveraging AWS services for scalability and performance.
Successful Development, Inc.
As a contractor at Successful Development, Inc. (Sfdev), I worked with multiple high-profile clients including SilverTreeSystems, Inc., Joyent, and Adobe, Inc. My main responsibilities involved designing infrastructure, integrating software APIs, and working with various PaaS platforms. Here are some key projects and contributions for each client:
Adobe, Inc.
- Participated in the development of Adobe Creative Cloud, Adobe Marketing Cloud, and Adobe Document Cloud services, which runs on Amazon AWS.
- Designed, prototyped, and implemented key platform components, such as live data encryption system, backup and restore system for clustered environments, sophisticated space management system, and multiregional data migration system, supporting hundreds of thousands of active users and petabytes of data.
- Employed tools and technologies such as chef, bash, mysql, perl, ruby, java, lvm, dm-crypt, AWS, and RHEL.
Joyent
- Participated in the development of Joyent SmartDataCenter platform.
- Developed Docker support integration, Windows images build system, and Linux images build system.
- Utilized technologies such as pxe, windows aik, nodejs, mongodb, docker, linux, smartos and solaris.
SilverTreeSystems, Inc.
- Designed infrastructure and provided integration between multiple different software APIs and PaaS platforms, such as Salesforce and Heroku.
- Developed B2B services, including a cloud-based virtual call center for SoVox company (10k+ employees worldwide), a subscription management system called Avalon (used by IBM, Dell, and Google), and a data analysis and report generation system.
HQHost
As a part of a team ensuring 24/7/365 service availability, I provided third-tier support to a LAMP stack shared hosting platform with over 500 physical nodes. My key responsibilities included:
- Designing, planning, installing, configuring, administering, and tuning applications, database, and web servers across hundreds of nodes.
- Developing monitoring and alerting systems to proactively manage infrastructure health and stability, maintaining 99.9% uptime.
- Creating a management and deployment system for 30+ KVM/Xen hypervisors, along with an internal control panel.
- Developing the dedicated server management panel,dedikit.net, to enhance user experience and functionality.
- Participating in 3 major migrations between data centers and implementing solutions to mitigate DDoS attacks and security breaches.
- Collaborating closely with upstream providers and data center staff through tickets and abuse boards, keeping abuse processing time at a consistently low level.
- Remotely configuring active L2/L3 network equipment, including Cisco 29xx/35xx switches and routers.
- Assisting thousands of customers through email, ICQ, Jabber, and control panel ticketing systems, providing support and guidance.
- Mentored junior administrators, managing their onboarding process and conducting technical training sessions.
Linux Distros:
Amazon Linux 2023, Debian, Ubuntu
Programming Languages:
python, golang
Scripting:
bash, powershell
Editors:
neovim, vscode, jq, sed, awk
Software Development:
kanban, github, cursor, antigravity
Databases:
mysql, postgresql
Caching engines:
redis, memcached
Code Quality:
sonarcube
DevOps Patterns:
Immutable Infrastructure, Infrastructure as Code, Infrastructure as a Service, Continuous Integration, Continuous Deployment
Continuous Integration:
gitlab, jenkins, github actions
Infrastructure Automation:
ansible, terraform, helm
Containers:
kubernetes, docker, containerd
AWS:
Amazon Web Services, GuardDuty, SecurityHub, EC2, CloudFormation, Route53, S3, VPC
Compliance & Standards:
CIS Benchmarks, DISA STIGs
Security Operations:
SIEM (Wazuh), Incident Response, Patch Management
Infrastructure Security:
SELinux, Image Hardening, Data Encryption, PKI
Evaluated by Morningside Evaluations, Kelly J. Fadel, 2023