Senior Cloud Platform Engineer with 12+ years of engineering experience and deep specialisation in Google Cloud Platform. I design, build, and operate production-grade GCP infrastructure: multi-region GKE fleets, Shared VPC architectures, Cloud Armor WAF, IAM/Org Policy governance, and cloud-native security controls. My strength is translating complex platform requirements into reliable, secure, and cost-efficient GCP deployments backed by Terraform and GitOps. At T-Digital / Deutsche Telekom I owned the GKE platform used by multiple product teams - multi-cluster, multi-region, with HTTPS L7 load balancing, Workload Identity, Binary Authorization, and full observability via Cloud Monitoring, Cloud Logging, and OpenTelemetry. I scaled CI/CD foundations with Argo CD and standardised IaC modules across dozens of services to reduce drift and accelerate team delivery. I am deeply hands-on in cloud networking, including Shared VPC, Private Service Connect, and all major cloud load-balancer patterns (global/regional, external/internal, HTTP(S), TCP/UDP, proxy and passthrough), plus advanced Cloud Armor policy design and tuning. Google Cloud (5x Professional Certified): Professional Cloud Architect, Professional Cloud DevOps Engineer, Professional Cloud Network Engineer, Professional Security Operations Engineer, Professional Data Engineer. I complement platform work with Cloud Security Alliance certifications (CCSK, CCZT) and regularly publish hands-on GCP architecture and engineering articles on Medium. I also bring strong practical experience with multi-region Cloud Spanner design and operations, and with building cost-effective platform architectures (FinOps-aware sizing, lifecycle policies, and reliability/cost trade-off decisions).
T-Digital by Deutsche Telekom · Full-time
Sep 2024 - Present · 1 yr 9 mos
Thessaloniki, Central Macedonia, Greece · Hybrid
- Owned and evolved a production multi-region, multi-cluster GKE platform serving multiple product teams: provisioned with Terraform (google/google-beta provider), managed via Argo CD GitOps across Standard and Autopilot cluster modes.
- Designed and operated GCP networking: Shared VPC topology, Private Service Connect, VPC peering, private GKE clusters with authorised control-plane access, Cloud DNS private/public zone management.
- Implemented HTTPS L7 ingress with Google-managed certificates, multi-backend routing via Cloud Load Balancing, and Cloud Armor WAF rules (rate limiting, geo-restriction, custom OWASP rule sets).
- Hardened GCP IAM: Workload Identity Federation for keyless CI/CD authentication, least-privilege service account design, Org Policy constraints, Binary Authorization policy enforcement.
- Operated GCP secrets and key management: Cloud KMS (CMEK), Secret Manager with rotation triggers, External Secrets Operator integration for seamless pod secret injection.
- Built full-stack observability on GCP: Cloud Monitoring dashboards and SLO-based alerting, Cloud Logging with log-based metrics and Log Analytics, Cloud Trace integrated via OpenTelemetry collector.
- Managed vulnerability pipeline: Artifact Registry container scanning, Trivy in CI, CVE triage process, Binary Authorization attestation gates to block unsigned images in production.
- Improved platform resilience: cluster etcd backup to Cloud Storage, PVC snapshots, cross-region failover validation, RPO/RTO documentation aligned with SLO targets.
T-Digital by Deutsche Telekom · Full-time
Jun 2022 - Sep 2024 · 2 yrs 4 mos
Thessaloniki, Central Macedonia, Greece · Hybrid
- Migrated multi-workload platform from OpenStack/AWS to GCP: designed VPC topology (Shared VPC, subnets, firewall rules, Cloud NAT), provisioned GKE clusters with Terraform, and established GitOps delivery via Argo CD.
- Built and standardised CI/CD foundations on GCP (Cloud Build + GitLab CI) for 50+ microservices, enforcing immutable image builds via Artifact Registry and deployment promotion workflows (dev → staging → prod).
- Implemented Terraform IaC modules for GCP resources: GKE, VPC, Cloud Armor, KMS, Secret Manager, Cloud Monitoring alert policies — peer-reviewed, versioned, and reused across teams (~40% faster environment provisioning).
- Hardened GCP IAM: OS Login, service account impersonation limits, Org Policy deny-lists for public IPs and legacy APIs, automated IAM audit reporting.
- Deployed L4/L7 traffic management: internal/external TCP/UDP load balancers, HTTPS frontend with SSL policy enforcement, backend health-check tuning for GKE workloads.
- Established Cloud Monitoring alert policies tied to SLI/SLO targets, integrated with PagerDuty; built Cloud Logging dashboards and log sinks to BigQuery for compliance export and cost analysis.
- Automated GCP resource lifecycle workflows (VNF scaling, node pool autoscaling policies, Cloud Scheduler + Cloud Functions), achieving ~20% infra cost reduction.
Integrated Google Cloud Armor with external load balancer to protect Kubernetes applications from malicious traffic. Requests are analyzed against custom security rules (WAF, IP allow/deny lists, geo-based policies). Suspicious requests are blocked with 403 responses before reaching the cluster, while legitimate clients maintain seamless access. Hardened the ingress layer for App 1 and App 2 in Kubernetes.
Multi-regional Kubernetes deployment across West 3 and West 4 regions with GitLab Config Sync and Google Fleet. Ensures high availability by spreading workloads (App A, App B, App C) across zones (a, b, c). Unified GitOps delivery pipelines, consistent security policies, and cross-cluster management with Fleet.
Credential ID: 8a9ddfba001e4a55bf42667a6b62da9b
Skills: Cloud Solution Architecture, Security and Compliance, Cloud Networking, +6 more
Show credentialCredential ID: eb748cbd0c904f8389d3f755f3a32584
Skills: Cloud Networking, Hybrid Connectivity, Network Security, +6 more
Show credential
Cloud Assess Academy
2025
Digital badge and certificate issued by Cloud Assess Academy for completing the Advanced GDPR course, providing advanced understanding of GDPR compliance, data protection principles, and organizational obligations.
Alison Online Learning
2025
Certificate of Completion for successfully completing the ISO/IEC 27701 Data Protection and Privacy Information Management course, covering the extension of ISO/IEC 27001 for privacy management, GDPR-related practices, and implementation of a Privacy Information Management System (PIMS).
British Standards Institution (BSI)
2025
Awareness eLearning Certificate of Completion covering ISO/IEC 23894:2023 Guidance on AI Risk Management: principles, context, identification, assessment, and mitigation of risks in AI systems for trustworthy and responsible AI.
Bachelor's Degree, Law
Engineer's Degree, Automation Management Systems
Step-by-step guide to reading Linux top: load averages, memory usage, CPU breakdown, and process states. Includes real-world scenarios for diagnosing compute, I/O, and VM bottlenecks — with clear habits to turn raw numbers into actionable insights.
Show publicationIntroduces a micro-kernel architecture in Go where the core handles only lifecycle, routing and synchronization, while all business logic runs as pluggable modules. Demonstrates hot-swappable plugins for metrics, caching, and email — enabling granular scaling, non-blocking pub/sub, and clean code evolution.
Show publication
Google Cloud Gen AI Technical Expert Badge Challenge - Early Adopter EditionIssued by Google Cloud - Aug 2025
Certification / Award
Recognized as one of the first 1,100 professionals worldwide to complete the Gen AI Technical Expert Badge Challenge (Early Adopter Edition). This advanced challenge required earning multiple high-level Google Cloud Technical Expert credentials, including 'Build with Vertex', 'Intelligent Search', and 'Customer Engagement Suite with Google AI'. The achievement demonstrates proficiency in applying Generative AI for enterprise use cases, from building with Vertex AI, through creating intelligent retrieval and search solutions, to designing conversational AI for customer engagement. Award included a digital badge, exclusive Google swag, and global community recognition. Valid until Aug 2026.
Google Cloud Arcade - Champions MilestoneIssued by Google Cloud - Jun 2024
Award
Recognized as one of the select professionals worldwide to achieve the Champions Milestone in Google Cloud Arcade, earning a total of 78 points. This rare accomplishment reflects over six months of consistent learning and hands-on practice, during which more than 300–400 individual labs were completed across diverse Google Cloud technologies. It highlights outstanding dedication to continuous upskilling in cloud technologies, persistence in real-world lab work, and a strong commitment to professional growth. Award eligibility included exclusive prizes and global community recognition.
3rd RIL AI HackathonIssued by Research Innovation Lab - Jun 2024
Hackathon
Won 1st place at the 3rd RIL AI Hackathon, hosted by the Research Innovation Lab and associated with T-Digital (Deutsche Telekom). Our team built a production-ready data uploader tailored for RAG-based chatbots. It supports PDF document ingestion, offers multiple adaptive chunking strategies, works autonomously with uploaded corpora, and automatically selects the best strategy using LLM-driven evaluation. We also instrumented RAGAS for response-quality measurement. The solution improves efficiency, reduces redundancies, and raises the overall quality of chatbot answers.
2nd RIL AI HackathonIssued by Research Innovation Lab - Dec 2023
Hackathon
Won 1st place at the 2nd RIL AI Hackathon, hosted by Research Innovation Lab and associated with T-Digital (Deutsche Telekom). Developed an AI solution that analyzes user stories and test cases, providing insights to improve quality and efficiency in software development.
