TECHNICAL SKILLS

Languages: Python, Shell Scripting. Some Perl, SQL, XML, JSON

Platforms: Linux (RHEL/Debian/Ubuntu), OS X, VirtualBox, Vmware, Libvirt/KVM, OpenStack

SysAdmin: Bind, PowerDNS, Apache, Nginx, Postfix, Gluster, Ceph, NFS, Samba, Iscsi, Mysql (cluster and innodb), Tomcat, Nagios, Iptables, IPMI, Rabbitmq, LDAP, SNMP, NTP, Cobbler+PXE+Dhcpd, Postfix+Amavis, Prometheus, Grafana, OpenVPN, IPSEC

Networking Hardware: F5 BigIP, OpenWRT, HAproxy, HP Procurve, Cumulus

Configuration and Container Management: Ansible, Puppet, Docker, Some Terraform

CI/CD: Rundeck, Gitlab

Public Crowd related: Some AWS (Ec2/Route53/S3), Some Azure (VMs, VPN)

Elastico Suite: Elasticsearch, Filebeat, Logstash, Kibana

PROFESSIONAL EXPERIENCE

Confidential

Devops Engineer

Responsibilities:

• Provided cheap virtualization platform to medical researchers and developers by deploying and maintaining openstack newton using openstackansible and ceph. Images maintained by packer.
• Wrote Authoritive DNS Server for auto provisioning A + CNAME lookups for Openstack VMs.
• Implemented automatic reverse dns zone composition
• Wrote dns load balancer using python
• Implemented TSIG auth for AXFR, DNSSEC, Automatic key signing and rotation of keys.
• DNS Deployment (and zone updates) using Gitlab (for CI), Rundeck (for CD) and Ansible
• Deployed and maintained object store infrastructure using ceph
• Extensive network auditing tools using nmap/openvas/greenbone deployed via mesos and docker
• Deployed inventory related tools using netbox api, json, python+requests
• Wrote inventory to cobbler bridge using python
• Deployed baremetal service mesh providing LDAPS, encrypted ntp using static keys, log aggregation using filebeat via git/ansible. Used openldap/syncrepl for multimaster replication.
• Provisioned baremetal services for data centers, including ntp/bind/ldap
• Extensive ansible playbook and role composition. All services are deployed using ansible
• Network deployment and troubleshooting on cumulus os equipped quanta switches.
• Stress testing and performance evaluation of new hardware.
• Terraform/Packer employed on Azure for vm and vpn orchestration
• Route53 and EC2 administration.
• Ansible management of public TLS certificates leveraging certbot+nginx or certbot+route53

Confidential

Devops Engineer

Responsibilities:

• Reimplemented PowerDNS infrastructure. Consolidated recursive and authorative servers for both
• Devops external and internal lookups. Replaced storage backend and reimplemented synchronization using mysql replication
• Wrote/maintained puppet modules .
• Authorship of ansible roles including but not limited to mysql, zabbix, freeipa, powerdns, ntp.
• Implemented high availability mysql solutions. Use of mastermaster replication on mysql/percona 5.6, then use of haproxy and keepalived to do hot failover. Implemented replication from master pair to readonly slaves in various data centers.
• Assisted in ongoing effort to bring ITIL workflow to the Confidential organization. Maintain services and service contracts, as well as onboarding of users via administrating iTOP.
• Ongoing assisance with the security team to maintain PCI compliance. Efforts include but are not limited to patch management, public key encryption maintenance, log collections and audits.

Confidential

Enterprise Systems Administrator

Responsibilities:

• Administrated Openstack Installations, including Swift (S3) Storage.
• Upgraded Openstack Clouds, per Openstack Release Schedule, to Icehouse release.
• Implemented replication and hot fail over strategies for openstack webservices, rabbitmq, nfs, mysql (mastermaster replication) and other pieces of middleware used by openstack.
• Employed ElasticSearch capabilities for report generation.
• Use of scripting, python/fabric, then ansible to manage configurations.
• Performance tuning of all storage and computation nodes in both cloud instances.
• Implemented MITRE recommended security plan after DARPA audits, including pam rulesfirewall rules, password guidelines as well as ksplice for kernel upgrades.

Confidential

Systems Administrator

Responsibilities:

• Standardized configuration files for servers between SLES 11.x and RHEL 5.x for: SNMP/NRPE/OMSA (Dell Open Manage)/Vintella (AD Auth)/ntp
• Used Fabric/Paramiko (python frameworks) extensively for implementing a 'push like' architecture for systems administration, including creation of users, standarding passwords, updating /etc/sudoers, installing/upgrading packages.
• Wrote Python scripts to standardize configuration on Dell ILO firmware, including creation of users, alert generation and email delivery and ipmi over lan settings. Employed python for Nagios plugins.

Confidential

Systems Administrator

Responsibilities:

• Maintained and updated Apache/ModPerl web environment for projects.
• Implemented Ldap authentication and replication for many services, including subversion, apache and expression engine. Wrote management tools for porting ldap credentials to WebSVN formated text files for our legacy systems using Python.
• Implemented call queues and menus for third tier technical support team via Asterisk.
• Provisioned VOIP polycom phones using dhcp, bootp, tftp.
• Provisioned new servers using Centos 5.7 and 6.0. Extensive use of end to end encryption, from client to web services to database servers using ssl and disk encryption using dmcrypt/truecrypt.
• Day to day running of machines, including dumping and restoring databases, setup of accounts, troubleshooting issues
• Wrote nagios plugins using Python. Maintained Perl plugins for nagios and munin.

Confidential

Network Administrator and Developer

Responsibilities:

• Maintained legacy Perl/Ruby content processing scripts that pushed images, crossword, sudoku and puzzle games to various clients, including USAToday and LaTimes.
• Wrote new processing software for to pull content from various syndicators, resizing and recoloring using ImageMagick and Ruby.
• Conversion of databases for Gocomics.com for site rewrite, including refactoring of tables.
• Conversion of Comics.com user and subscription database to Confidential 's user and Developer registration system and Gocomics.com's email subscription service.
• Implemented enterprise monitoring for networking and server equipment using Opsview/Nagios.
• Maintained RHEL Xen installation for ModPerl and Ruby on Rails servers. Migrated RoR servers from Mongrel containers to Passenger.
• Configured and managed backup servers using Symantec Backup exec 2010 for incremental and full backups of servers
• Modified perl scripts for Mysql management and backups.
• Migrated properties that were written in RoR to SuSE SLES running on HyperV clusters. Used pam/winbind/samba to add SuSE SLES servers to Active Directory authentication.
• Managed Proxy servers using Apache ModProxy and F5 BigIP dedicated hardware.
• Ported certain legacy platforms from Xen to VMWare ESXi and Microsoft HyperV.