Profile
Engineer with over fourteen years of experience, relentless in solving complex problems across the Stack.
Conditioned to work in a space between development and operations with an eye on security and risks.
Keen to learn and apply new technologies and methodologies in the world of cloud, devops and web scale services.
Qualifications
AWS Certified Solutions Architect - Associate, AWS-ASA-20744, September 2016
- validation number: V3QSBR1KGN14QVK7
- validation site: https://aws.amazon.com/verification
- digital badge: https://www.certmetrics.com/amazon/public/badge.aspx?t=c&d=2016-09-09&i=1&ci=AWS00976473
AWS Certified Developer - Associate, AWS-ADEV-4494, August 2016
- validation number: 4ZZFRHWCMEBQ1JG2
- validation site: https://aws.amazon.com/verification
- digital badge: https://www.certmetrics.com/amazon/public/badge.aspx?t=c&d=2016-08-22&i=2&ci=AWS00976473
Graduate Certificate of Engineering, University of Technology, Sydney, December 2005
Bachelor of Electrical Engineering, University of New South Wales, December 2001
Experiences
Senior Technical Lead, Middleware Services - Westpac, January 2018 - present
Management of IBM WebSphere Application Server as a service for the enterprise.
- Create secrets management solution using Chef Vault and Jenkins to enable secure delegation of secrets injection into the WebSphere deployment, eliminating manual handling of secrets
- Develop Ansible modules to automate the last steps in the WebSphere framework deployment including certificates management
- Implement testing automation using Python Behave, Ansible modules and Jenkins
- Develop Splunk App and dashboards for Windows and IIS performance and event monitoring
Splunk Engineer, Digital - Medibank, March 2017 – December 2017
Design and build a Splunk Enterprise cluster with release automation.
- Develop CloudFormation templates to build out the AWS environment including VPC, EC2, IAM, Cloudwatch, Lambda, S3, Route53
- Use CloudFormation templates and Puppet to build Splunk Enterprise cluster
- Work with network architects to setup AWS Connect Direct virtual interfaces to enable connectivity with corporate workstations and Medibank data centres
- Develop Cloudformation templates for building Puppet 4.10 infrastructure
- Adhere to Puppet best practices using R10K, hiera-eyaml-kms, roles and profiles pattern for managing Puppet configurations, code and secrets
- Using a mix of community and custom developed Puppet modules, including creating custom Ruby facts, for configuration management of OS, Splunk Enterprise and Universal Forwarders
- Use Splunk Base Apps and custom developed apps to index AWS and application events and metrics
- Optimise Splunk indexing and disk performance
- Deploy Rundeck 2.8 to automate housekeeping and enable self-service for Splunk users
- Integrate Splunk and Rundeck to automate recovery actions when alerts are triggered
- Write technical documentation for handover to Medibank operations
- Troubleshooting issues related to AWS, Splunk, and Puppet during build and post handover
- Create CI/CD pipeline using Atlassian Bamboo, Bash scripts, Atlassian Stash, Artifactory
- Data protection using LVM/EBS snapshots to backup hot/warm/cold buckets, push frozen buckets to S3
Technical Lead, Cloud Services - Westpac, September 2014 – February 2017
Build and support cloud solutions for internal customers.
- Use CloudFormation templates to deploy Splunk Enterprise into VPC EC2 reserved instances
- Participate in deploying AWS CloudHSM and assist information security officers with partition configuration and key management
- Assist developers in integrating the client API into their applications
- Deploy ADFS to allow SAML based identity federation to AWS services
- Centralise Red Hat account management on Active Directory using realmd
- Develop CloudFormation templates to build VPC network services and peering, Active Directory, Remote Desktop Services, Puppet Master, GitLab, Go-CD
- End to end automation of AWS Services, Active Directory, Remote Desktop Services, Go-CD, GitLab, Puppet, Trend Micro Deep Security using CloudFormation, PowerShell, Bash and Python
- Integrate NAXSI, OSSEC, W3AF and Splunk for security event and vulnerability management
- Integrate Let’s Encrypt for public certificate automation and FreeIPA for internal certificate management
- Integrate AWS Route 53 for public and private DNS management
- Conduct research and PoCs for various components and tooling, including threat management, automation/CD, identity, event and log management
Systems Engineer, Midrange Hosting - Westpac, September 2011 – August 2014
Manage a fleet of Red Hat and Windows servers providing web hosting platform services on vCloud Director
- Integrate Go-CD, GitLab, Puppet, Powershell DSC, Bash/Python scripts for infrastructure automation
- Integrate Puppet and Rundeck for private certificate management and automation of renewals and deployments, using Hiera-EYAML for securing private keys and passwords in Puppet
- Integrate CloudFlare for public DNS management and AD DNS for private DNS management
- Deploy Openshift 3 for Docker based application deployments
- Deploy Rundeck for delegation and self-servicing of routine tasks
- Deploy DR solutions for critical applications
- Deploy Pingdom, Zabbix and Splunk for performance and event management
- Work with developers to build, deploy, troubleshoot, and performance tune applications including Django, Wordpress, Symfony, Concrete5, Umbraco, Kentico, RSA Archer GRC, as well as custom developed ASP.NET, Ruby on Rails and PHP frameworks
- Maintain application and database backups, security updates, vulnerability management strategies
- Design and deploy Duo Security multi-factor authentication to administrative interfaces
- Design and deploy high availability solutions using F5 LTM and GTM for local and global load balancing
- Migrate SSL VPN function from Juniper SA2500 to Fortigate 100D
- Work with data center engineers to migrate all virtual machines from vSphere 5 to vCloud Director
Skills
- AWS Cloud - VPC + Endpoints, EC2, Lambda, S3, ELB, SNS, SQS, IAM, Route53, Cloudwatch, RDS, KMS, Cognito, IOT Core, Greengrass
- Splunk: Splunk Enterprise, Indexer and Search Head clustering, Universal Forwarder, App development
- Operating Systems: Red Hat 6/7, Ubuntu 14, Windows 2012/2008
- CI/CD: Ansible, Chef, GIT, Puppet, Jenkins, Go-CD, Rundeck, Bamboo, Artifactory
- Databases: MS SQL SeZrver (2003, 2005, 2008), MySQL, PostgreSQL
- Application Servers: IBM WebSphere Application Server, NGINX, Apache, IIS, JBoss
- Event Monitoring/Log Management: Splunk, Zabbix, GrayLog, CloudWatch, CloudTrail,
- Identity Management: Active Directory, AWS IAM, LDAP, DuoSecurity, OneLogin, SAML, FreeIPA
- Programming: Python, BASH, PowerShell, JavaScript, JSON, Java, YAML
- Threat Management: W3AF, OSSEC, McAfee ePO Server Security, Trend Micro Deep Security, Sophos Server Protection
Recognitions
Recognised twice for the Westpac SuperTech Award for going above and beyond and being a game changer.
Received the Westpac Technology “Spark” Award for efforts and contributions to a successful platform migration
Received the Westpac CIO 2007 Award for efforts and contributions to the EIG project under extreme circumstances.
Received the Westpac CIO 2004 Award for efforts and contributions to reducing Internet Banking fraud.