Technical Skills

Automation & DevOps

• Scripting (Python, Bash, PowerShell)
• Software Development (Python, Go)
• Infrastructure as Code (Terraform, Ansible)
• APIs (REST, JSON, authentication)
• Git (branch/merge strategies, submodules)
• CI/CD (Drone, GitHub Actions, CircleCI)
• GitOps (flux, argocd)

Infrastructure Engineering

• Application Metrics (Prometheus, Datadog)
• Kubernetes (Tanzu, EKS, Rancher)
• Active Directory, LDAP, Kerberos
• VMware (vCenter, ESXi, Tanzu, vCloud Director)
• GCP (IAM, WIF, Cloud Storage, Cloud Functions)
• AWS (S3, EKS, RDS, IAM)
• Certificates & PKI (ADCS, OpenSSL, ACME)
• Containerization (Docker, Dockerfiles)

Networking & Operating Systems

• Linux (Ubuntu, RHEL)
• Windows (Server Core)
• Juniper (JunOS)
• VPNs (IPSec, SSL, WireGuard, OpenVPN)
• IPv6 (DHCPv6, RA, SLAAC)
• Routing (BGP, OSPF, Quagga)

Project Experience

CircleCI Deployment Pipeline Security

March 2024

Lead a months-long project to upgrade the deployment pipelines and artifact registry to satisfy regulatory and audit requirements before set deadlines. Drafted and implemented a proposal for a deployment process that guaranteed two-person approval of all code in production via GitHub rulesets, CircleCI context restrictions, and mandatory image promotion from lower-environments. Implemented unattended rotation and revocation of artifact registry API keys to ensure compliance.

Custom Alerting Kubernetes Operator

July 2023

Worked on a team to develop a Kubernetes operator in Go using Operator Framework to deploy necessary configurations to route alerts from applications to PagerDuty. Integrated with the DataDog API to create integration keys and create the appropriate configurations for Prometheus AlertManager, Humio, and Datadog. This enabled developers to control and define alert routing logic inside of application helm charts directly using familiar workflows.

Ansible Git Repo Standardization

March 2023

Developed Ansible roles, playbooks, and necessary infrastructure to create and manage standardized GitHub repositories and their configurations. Created a pipeline that posts dry-run output to PR comments to allow for easy review of changes and verification of functionality. Wrote a custom inventory script using Python to interact with the GitHub API to gather repository info dynamically. This system allows engineers and developers to rapidly create repositories in a secure manner using our standards without requiring potentially dangerous permissions for end users.

GitOps Helm Deployment Redesign

August 2022

Assessed requirements and authored a CircleCI orb to manage the packaging and release of Helm charts to Kubernetes via Flux. Migrated legacy branch-per-environment git workflow to a trunk-based model allowing for automated testing of PRs in lower environments and control over production promotions. Implemented verification of deployments by querying the Kubernetes API for status, running integration tests in the cluster, and providing feedback to the pipeline. This enabled rapid deployment of internal services while ensuring a high degree of trust that the deployed changes will succeed in production.

Terraform Bootstrapping

March 2022

Provided leadership on a small team of engineers to develop a fully automated process to generate ready-to-use Terraform code repositories. Integrated with GitHub Actions to automatically provision GCP Service Accounts configured to use Workload Identity Federation for maximum security. Used templating to allow for one-step provisioning of Terraform repositories for onboarding customers.

Internal Hosting Stack

November 2020

Worked with the development team to plan and build a new internal hosting platform utilizing Docker Swarm. Developed Ansible playbooks to orchestrate deployment of the platform virtual servers (Docker, Logstash, MySQL, HAProxy) as well as orchestrate the CI/CD process for deploying new application code to test and eventually to production.

Staff Cross-training

May 2020

Designed and implemented a training program to prevent single sources of knowledge and siloing of information within the team. Worked with subject matter experts to foster a culture of cross-training and knowledge sharing among team members.

Ansible Network Configuration Automation

Feb 2020

Worked with network engineers to develop an automated process via Ansible for configuring customer network interfaces and security filters. Created Jinja templates for JunOS network device configuration and a playbook to control workflow for simultaneous deployment to dozens of network devices.

Ansible Monitoring Platform Automation

Sep 2019

Developed Ansible modules using Python to interface with a vendor’s proprietary REST API and configure SaaS-based monitoring of hundreds of internal servers and deploy managed single-tenant monitoring for dozens of customers. Verified logic to ensure idempotence for Ansible playbook runs.

Management Network Refactor

Feb 2018

Compiled a plan for secure multi-tenant management network including naming standards, multi-site firewall policies, and credentials storage. Used custom scripting to migrate hundreds of legacy systems to new standards with minimal downtime and without affecting in-progress projects and orders.

Helpdesk Process Automation

Feb 2017

Authored a custom PowerShell module to interface with helpdesk software REST API and deployed using Git version control. Wrote scripts utilizing the module to implement helpdesk business logic on incoming requests and generate custom reporting for executive dashboards.

Citrix/Wyse Migration

Jun 2016

Migrated two legacy XenApp 6/6.5 farms consisting of 30+ virtual machines hosting 20+ applications to a new XenApp 7.6 farm. Deployed a new Wyse Device Manager server to support the upgrade and/or replacement of 60+ Wyse terminals running user applications.

SAN Migration

Jun 2013

Evaluated vendor offerings for a new SAN and successfully migrated virtual infrastructure consisting of over 30 virtual machines to the new storage with minimal downtime, increasing redundancy and reliability.

T1 PRI to VoIP PBX Migration

Feb 2013

Migrated 60 user phone system to a new VoIP PBX and transferred existing telephone service from a T1 PRI to VoIP. Designed and implemented network for VoIP traffic, including QoS.

Office Network Redesign & Migration

Mar 2012

Migrated over 100 devices from a flat network to 802.1Q VLANs for security segmentation and logical separation. Implemented 802.1x certificate-based authentication and the necessary public key infrastructure for end-points to increase network security and prevent unauthorized access.

vCenter Implementation and P2V of existing servers

Nov 2011

Implemented vCenter with shared storage and high availability. Migrated several critical services to the new virtual infrastructure, including MSSQL, Active Directory, and Exchange.

Work History

A FinTech Company, Chicago, IL

Senior Site Reliabilty Engineer II

Apr 2022 - Present

Worked on a small team to maintain AWS EKS Kubernetes clusters, Helm chart templates, deployment pipelines, and monitoring and metrics. Produced Terraform modules for developer use in deploying AWS infrastructure such as S3 buckets, RDS databases, IAM configurations, and VPC configuration.

Maven Wave, Chicago, IL

Cloud Reliability Engineer

Nov 2021 - Apr 2022

Designed management and technical processes for a new business unit focused on delivering managed service offerings rapidly at scale. Led team projects and provide guidance to junior staff to assist with delivering on department goals.

Deft, Chicago, IL

Lead Platform Architect

March 2020 – Nov 2021

Designed internal, managed single-tenant, and shared multi-tenant services with a focus on automation, scale, and manageability. Trained and managed a diverse team of 7 platform engineers to support best practices and forward-thinking design principles such as automated tests, IaC, and CI/CD.

Systems Engineer II

April 2017 – March 2020

Responded to service requests and monitored system performance for a variety of managed infrastructure services for dozens of diverse customers. Deployed and documented networking, firewalls, load balancers, virtualization, and storage for new customer orders.

Ferrara Candy Company, Oakbrook Terrace, IL

Systems Engineer

July 2015 – March 2017

Worked on a small team of systems administrators to manage internal systems that support hundreds of business and manufacturing users across several sites in multiple countries. Managed dozens of Windows and RedHat Enterprise Linux servers including mission-critical self-hosted SAP ERP systems.

Professional Convention Management Association, Chicago, IL

Network Administrator

September 2011 – July 2015

Was solely responsible for the daily operation and maintenance of dozens of virtual and physical servers and client workstations. Planned and deployed infrastructure to suit business goals. Evaluated new vendors and worked with management to develop short term and long term plans for the department.

Education

University of Illinois at Chicago, Chicago, IL

Master of Science, Management Information Systems

Graduated May 2013
GPA: 3.72

Bachelor of Science, Accounting

Graduated May 2011
GPA: 3.55
Cum Laude, University Honors and College Distinction

Certifications

Please note some certificates were issued under my former name, Scott Evtuch.

Amazon Web Services

• AWS SysOps Administrator - Associate (SOA-C02) February 2022

Red Hat

• Red Hat Certified System Administrator (RHCSA) March 2017

VMWare

• Certified Professional – Data Center Virtualization (VCP6.5-DCV) December 2017

Microsoft

• Certified Specialist – Server Virtualization with Hyper-V (MCS) January 2014
• Certified Solutions Associate – Windows Server 2012 R2 (MCSA) May 2014