Infrastructure Engineer Cloud Automation
Resume:
Donald P. Davis
San Jose, CA ****0
**********@*****.***
Summary:
Experience:
Proficient DevSecOps Engineer with over 5 years of experience in vulnerability assessment and CI/CD pipeline integration. Expertise in HashiCorp Vault, Kubernetes, and cloud architecture, achieved significant process improvements like enhanced security observability at Dell Technologies. Developed automation solutions that minimized operational risks and operational costs. Committed to driving secure software delivery and fostering DevSecOps practices to meet the evolving needs of the organization.
Dell Technologies February 2022 -October 2024 (converted from contractor to FTE) Advisor, Vulnerability Assessment/DevSecOps Engineer
• Onboarded the team to HashiCorp Vault and integrated Vault into our CI/CD pipeline to eliminate secret sprawl and ensure secure storage.
• Maintained configurations for multiple PCF environments authentication with Vault.
• Implemented Pivotal Cloud Foundry (PCF) into our CI/CD pipeline as the target location for running code, enabling automation of application deployments and freeing up resources for development on laptops.
• Developed a python application to extract Vulnerabilities from Nexpose Rapid 7 and Tenable.io API's, filtered relevant fields for all of Dell's assets globally and reported results to MSSQL.
• Created modules for database and Hashicorp Vault interaction to accelerate the development process and reduce code redundancy.
• Directed team in onboarding applications to Splunk for security and observability.
• Educated team members on incident triage and resolution, leading to identification and rectification of issues during the triage process before escalation.
• Assisted team in transitioning from PCF to Kubernetes on bare metal, including the setup of the Vault Agent Sidecar Injector.
• Managed password rotation in accordance with Dell's standard operating procedures
(SOP) and reconfigured pipelines as necessary.
• Championing standards and processes mitigated the risk of significant issues.
• Utilized Postman to test API endpoints during troubleshooting.
• Synchronized password rotation between CyberArk and Hashicorp Vault. APN Software Solutions contractor for Nutanix, April 2020 – November 2020 DevOps Engineer
• Migrated the ticketing system from Favrio to Jira, enhancing task tracking for engineers.
• Implemented hibernation and waking functionality for GCP clusters hosting Nutanix software achieving significant cost reductions.
• Resolved logging issues across Kubernetes, Docker and compute engine clusters/pods for GCP cloud logging.
• Restructured development life cycle to prevent code from being pushed to production before thorough testing, minimizing downtime and reducing production bugs.
• Refactored code for improved object orientation and readability.
• Created Data Dog dashboards for our demo clusters to enhance observability into cluster status.
MW Partners contractor for Adobe, San Jose CA, September 2019 – February 2020 Security Engineer 4
• Wrote Bash regex scripts to scan codebase for secrets and transferred them to Vault.
• Established and configured polices for Vault namespace, approle, KV1 and KV2 mount points for Adobe 3d-imersive products.
• Integrated Ansible playbooks with Vault Approle and KV to retrieve and populate secrets needed for the CI/CD pipeline.
• Authored playbooks for Ansible to rotate the majority of secrets with Vault KV2 to maintain 90 day key rotation standards.
• Implemented backup and recovery policies in compliance with Adobe standard.
• Collaborated with IT to forward logs from Jenkins to Splunk, enabling notifications based on severity of issues.
• Coordinated with IT to setup Pingdom for uptime monitoring of web resources, ensuring timely notifications when any resources experienced downtime.
• Created Wiki pages to document operations, procedures, infrastructure and emergency protocol.
Akraya contractor for Fluidigm, South San Fransisco CA, May 2019 – August 2019 DevSecOps Engineer/Wordpress Admin
• Set up Infrastructure for Wordpress Intranet site including:
Implemented DNS load balancing.
Configured Unison for file replication between front end servers and implemented primary/replica databases to ensure redundancy and preventing data loss.
• Transitioned from MySQL to MariaDB enabling SSL communication between servers to enhance security.
• Migrated Wordpress intranet site to new infrastructure on VMware.
• Recovered lost information on Wordpress plugins and meticulously documented procedures for future reference.
• Utilized Ansible to ensure servers and Wordpress secure and up to date through playbooks and cron jobs.
• Instituted and configured Vault for secure storage of secrets (e.g., passwords, security tokens, and keys).
• Implemented and configured Kubernetes to run containerized EFK stack to enable rapid scaling to meet company needs.
• Deployed EFK stack for simplified monitoring of security and error logs. Taos, San Jose, CA Oct 2018 – Apr 2019
DevOps Consultant/Python Programmer
• Engineered a microservices website with Flask and Docker on GCP.
• Developed a RESTful API with Python 3.7, Boto3 and AWS CLI to audit AWS resources for optimal security practices.
• Authored extensive test cases with Pytest's mock, patch and monkeypatch to test functionalities to validate logic and API calls.
• Worked towards AWS Professional Solutions Architect certification.
• Achieved GCP Professional Architecture certification Projects:
Education:
Skills:
Drishticon, Fremont, CA May 2016 – May 2017, May 2017 – Dec 2024 System Administrator/DevOps Engineer
• Set up Production Environment on AWS including EC2, RDS, VPC, Elastic IP, IAM, and SES.
• Set up Apache as a reverse proxy to Tomcat for e-commerce web server.
• Installed SSL certificate and configured the site to enforce HTTPS.
• Developed a web application in Django/Python to track new candidates for company.
• Maintained VM environment, successfully upgrading ESXI from 5.0 to 5.5.
• Crafted a Python script to deploy finalized code to AWS and archive previous versions.
• Implemented Chef to automate IT administrative tasks, and operations.
• Troubleshot and resolved failed Active Directory Database.
• Configured IAM (Identity and access management) for users, implementing the policy of least privilege per NIST/ISO/SOC 2/HIPPA standards.
• Investigated a security breach caused by ransomware, identifying the breach source and recovering 95% of the affected data.
3 Snaps Productions website Jul 2018 - May 2020
• Set up Wordpress on GCP Compute Engine and Docker Compose.
• Moved domain, email and hosting from Yahoo to Google Cloud.
• Wrote Python scripts to automate renewal of SSL certificate and pass them as secrets to Docker.
• Set up server to send automatic emails, on form submission confirmation.
• Wrote YAML script to configure Apache and Docker container upon deployment. Code For San Jose Login
• Working with Django for web server and back end of web stack to create login for members.
• Set up SQLite database to work with Django models.
• Used HTML 5 and Sass/Compass to create templates and style sheets for website.
• Set up work environment for other members of development team using Dropbox. IOT Doorbell
• Built an IOT doorbell that works with AWS Lambda that sends a message to my phone when someone rings the doorbell.
San Jose State University Computer Science (2007-2012), GCP Professional Architect (2018-2020) Programming Languages: Java, Python/Django/Flask, Javascript/jQuery, PHP, JUnit Markup Languages: HTML5, XML, CSS/Sass, YAML
Operating Systems: Windows 7, 10, Server 2008-2016, Ubuntu, CentOS Applications & services: Vmware vCenter, vSphere, ESXi and PCF, Git, AWS, GCP, Ansible, Apache, Tomcat, Docker, Wordpress, Hashicorp Vault, EFK Stack, Kubernets, Chef, Rapid 7, MSSQL, Postman, CyberArk, Tenable.io
Contact this candidate