freiberufler DevSecOps - / Kubernetes Security Engineer auf freelance.de

DevSecOps - / Kubernetes Security Engineer

offline
  • 105€/Stunde
  • 14712 Rathenow
  • Europa
  • de  |  en  |  no
  • 24.08.2024

Kurzvorstellung

DevSecOps und Open-Source Kultur lebender IT Experte mit Akademischem Background.

Qualifikationen

  • Administration von Datenbanken7 J.
  • Amazon Web Services (AWS)3 J.
  • Cloud (allg.)
  • Container Management
  • Cyber Security4 J.
  • DevOps (allg.)2 J.
  • Google Cloud
  • Infrastrukturarchitektur1 J.
  • Kubernetes4 J.
  • Server Administration3 J.

Projekt‐ & Berufserfahrung

Senior Solution Architect
Audi AG, Remote
10/2022 – 12/2022 (3 Monate)
Automobilindustrie
Tätigkeitszeitraum

10/2022 – 12/2022

Tätigkeitsbeschreibung

Design of target infrastructure and strategy to migrate a Kafka cluster running
on EC2 instances in AWS to EKS including Apache Kafka, Apache Zookeeper,
Kafka Schema Registry and Kafka Connect. Conceptional design of Kafka broker exposing to different networks using HAProxy Ingress Controller, AWS LoadBalancer Controller and externalDNS. Evaluating of Cruise-Control to support a zero downtime stretching migration strategy. Using Helm charts and Terraform. Integrate GitOps methodology to deploy the full kafka stack using ArgoCD

Eingesetzte Qualifikationen

Amazon Web Services (AWS), Git, Apache Kafka, Kubernetes

Senior DevOps Engineer
Porsche AG, Remote
1/2022 – offen (3 Jahre)
Automobilindustrie
Tätigkeitszeitraum

1/2022 – offen

Tätigkeitsbeschreibung

Design and Implement AWS Cloud infrastructure with Terraform for multiple
Cloud-City migration projects. Using Gitlab for versioning and CI/CD as well
as Gitlab Agent to deploy separate additional small and simple inhouse devel-
oped applications through polling to EKS. Using Lambda functions triggered by
CLoudwatch log events from ECS Fargatte and EC2 deployed container to scale
up and down rendering cluster for Autodesk VRED. Integrate EFS and EBS
Volumes for statefull applications inside ECS and EKS. Provide SPA frontend
application through Cloudfront using S3 and OCA. Always fully encrypted in
transit and at rest using CMKs as well as access restricting PoLP conform IAM
policies and roles. Bringing BMC Helix ITSM up and running inside EKS.

Eingesetzte Qualifikationen

Amazon Web Services (AWS), Kubernetes

Kubernetes Security Engineer
Personal Project, Home Office
11/2021 – offen (3 Jahre, 2 Monate)
IT & Entwicklung
Tätigkeitszeitraum

11/2021 – offen

Tätigkeitsbeschreibung

Working on my personal project to implement a Security Integration Platform
with Kubernetes and Flux using intensively Cilium and eBPF features like Falco.
Uing the GitOps approach with fluxCD as well as multi cluster technologies
like submariner or Cilium Cluster-Mesh. Conceptional work with Linkerd as ser-
vicemesh through multiple cluster. All over 4C security especially for Cluster,
Container and Supply-Chain security using Aqua security tools like Kube-bench, trivy, kube-hunter as well as Security Profiles Operator to generate security profiles for container workload and also TFSec and Checkov for Terraform analysis. Integrating centralized policy provider with Gatekeeper. Utilize Webhook configurations and Operators to provide cross cluster support for shared services. Using Prometheus/Grafana or Elasticsearch/Kibana for Monitoring and Logging as well as Redis(-Graph) for real-time data processing and analysing. The overall goal of my Project is to detect and prevent threats especially APTs alongside OWASP (Kubernetes) Top 10 and the ATT&CK Framework in a fully integrative way for Kubernetes Native Environments.

Eingesetzte Qualifikationen

Kubernetes

Senior DevOps Engineer
Nearform Limited, Remote
4/2021 – 10/2021 (7 Monate)
IT & Entwicklung
Tätigkeitszeitraum

4/2021 – 10/2021

Tätigkeitsbeschreibung

Implement Cloud Infrastructures with Terraform and automate tasks with Github actions for multiple client projects based on open-source software solutions. Implement Go and Ansible based operators for Kubernetes. Preparing AWS based infrastructures for the department of health Ireland to host and run the official covid-pass and travel-registration app based on ECS and Lambda functions. Using Cloudwatch for logging and monitoring including dashboards and alarms. Heavy usage of SES and SNS for messaging and mailing. Writing blog posts about custom concepts for Kubernetes.

Eingesetzte Qualifikationen

Amazon Web Services (AWS)

DevSecOps Engineer
Eurofins Information Systems GmbH, Remote
7/2020 – 5/2021 (11 Monate)
IT & Entwicklung
Tätigkeitszeitraum

7/2020 – 5/2021

Tätigkeitsbeschreibung

Redesign and implementing the Kubernetes based Infrastructure from Scratch
for On-Prem as well as AWS cloud environments. Define and Implement best
practice conform Branching strategies and CI/CD pipelines in Azure DevOps in-
cluding Devspace, Gloo API-Gateway and Kubernetes/Docker. using Ansible to
automate all Build and Deployments. Define and implement logging and mon-
itoring strategies based on Elastic-Cloud and Kibana. Dive Deep into Security
Tooling and implementing Security-Policies at all layers like Calico for global
network policies, DEX IdP, OAuth2.0 and OIDC or Conventions for code quality
and security

Eingesetzte Qualifikationen

Kubernetes

IT Infrastructure Consultant - DevOps and Cloud
Scheidt und Bachmann GmbH, Moenchengladbach
4/2019 – 6/2020 (1 Jahr, 3 Monate)
Maschinen-, Geräte- und Komponentenbau
Tätigkeitszeitraum

4/2019 – 6/2020

Tätigkeitsbeschreibung

Design and realize a new IT-Infrastructure based on Kubernetes, using Ansible
and AWS and GCP to implement a Gitflow based Branching Model with Git-
lab CI/CD. Discover security needs and strategies to migrate from a complex
classic infrastructure to a cloud environment (GCP). Work on concepts for over-
all monitoring and logging with Elastic-Cloud including application performancemonitoring. Conceptional work on how to connect a IoT-devices to the cloud and monitor them as well as running commands remotely

Eingesetzte Qualifikationen

Cloud Computing, Continuous Delivery, Cyber Security, Elasticsearch, Git, Infrastrukturarchitektur, Continuous Integration

Big Data Engineer (Festanstellung)
BSI, Bonn
4/2017 – 3/2019 (2 Jahre)
Innere und Äußere Sicherheit
Tätigkeitszeitraum

4/2017 – 3/2019

Tätigkeitsbeschreibung

Designed and implemented a fully On-Premise solution to process hundreds of
thousands of events per second to detect cyber attacks. Build a big-data cluster based on Docker-Swarm and Elastic-Stack with Ansible on bare-metal server in a fully Air Gap and top secret environment from scratch including hardware and software installations in a federal data center. Fully automated with Ansible and Kickstart to create a one-boot cluster deployment. to provide logging-as-a-service and detection-as-a-service to all federal offices in the federal data center

Eingesetzte Qualifikationen

Cyber Security, Administration von Datenbanken, DevOps (allg.), Server Administration

Ruby on Rails Developer (Festanstellung)
i22 Internetagentur, Bonn
11/2015 – 4/2017 (1 Jahr, 6 Monate)
Medienbranche
Tätigkeitszeitraum

11/2015 – 4/2017

Tätigkeitsbeschreibung

Ruby on Rails developer and project member for integrating
Software analysing and modeling. Lead developer for a distributed
and RESTfull Environment.

Eingesetzte Qualifikationen

Administration von Datenbanken, Datenbankentwicklung, Ruby on Rails

IT-Infrastructure Consultant (Festanstellung)
Credative UK, Rugby
5/2015 – 10/2015 (6 Monate)
Dienstleistungsbranche
Tätigkeitszeitraum

5/2015 – 10/2015

Tätigkeitsbeschreibung

Improving the internal IT-Infrastructure for security by
integrating Log and Netfow Analyser. Evaluate Open-Source
Groupware software systems. Build a business concept for pentest
services to support based on pentest-stanbard.org including tools
evaluation like Kali, nmap and more.

Eingesetzte Qualifikationen

Cyber Security, Server Administration

JavaEE Devloper and IT-Security Infrastructure Engineer (Festanstellung)
ISDSG, Dortmund
1/2013 – 1/2014 (1 Jahr, 1 Monat)
Dienstleistungsbranche
Tätigkeitszeitraum

1/2013 – 1/2014

Tätigkeitsbeschreibung

Software-Engineering with JavaEE (full stack) and Python Dijango
Linux/Unix System-Administration
IT-Security with FreeRADIUS, AD, Kerberos, Switch-Mgm. (HP
Pro Curve, Cisco IOS). Develop a JavaEE application for labs and
medical ofces to place orders for blood examinations, show the
results and manage billings, parameters and profles

Eingesetzte Qualifikationen

Java Database Connectivity, Cyber Security, Server Administration, Enterprise Javabeans, Hibernate (Java), J2EE, Javaserver Faces

Ruby on Rails Developer (Festanstellung)
Telefaks Services GmbH, Home Office
1/2010 – 2/2014 (4 Jahre, 2 Monate)
Telekommunikation
Tätigkeitszeitraum

1/2010 – 2/2014

Tätigkeitsbeschreibung

VoIP-System development with Ruby on Rails and
FreeSWITCH, Linux/Unix System Administration
Develop an VoIP application server for handle complex call
scenarios like conferences, call center processes, supplementary
services, telephone systems and smart services combined with
freeSWITCH as an soft switch or rather PBX.

Eingesetzte Qualifikationen

Administration von Datenbanken, Datenbankentwicklung, VoIP, Ruby on Rails

Ausbildung

Informatik
Master of Science
2014
Dortmund
Informatik
Bachelor of Science
2011
Dortmund

Über mich

Folgt

Weitere Kenntnisse


Folgt

Persönliche Daten

Sprache
  • Deutsch (Muttersprache)
  • Englisch (Fließend)
  • Norwegisch (Grundkenntnisse)
Reisebereitschaft
Europa
Arbeitserlaubnis
  • Europäische Union
Home-Office
bevorzugt
Profilaufrufe
3488
Alter
42
Berufserfahrung
17 Jahre und 7 Monate (seit 05/2007)
Projektleitung
2 Jahre

Kontaktdaten

Nur registrierte PREMIUM-Mitglieder von freelance.de können Kontaktdaten einsehen.

Jetzt Mitglied werden