Senior DevSecOps Engineer profile
Professional Profile

Senior DevSecOps Engineer

12+ years experience6 roles19 certifications

This is a public version of my CV. For the latest role-tailored résumé, get in touch

About Me

Senior Platform/Cloud Engineer (DevOps/SRE) and Senior Software Engineer with 12+ years of experience designing and operating secure, scalable cloud-native platforms and distributed systems. I bridge software engineering (Python, Go, JavaScript/TypeScript, React, Next.js) with platform engineering and infrastructure automation (Kubernetes, Terraform, CI/CD). My focus is security-first architecture (IAM), performance, reliability and observability (SLI/SLO), and developer productivity.

I have designed and operated multi-region and multi-cloud environments (GCP, AWS, Azure), built reusable delivery foundations (IaC modules and standardized deployment patterns), and implemented disaster recovery and observability stacks (Prometheus, Grafana, ELK) to improve operational stability and troubleshooting efficiency. I document architecture decisions (ADRs, design docs) and create runbooks to reduce key-person risk and support sustainable engineering velocity.

I value clean architecture, strong engineering culture, and pragmatic enablement practices.

Google Cloud (5× Professional Certified): Professional Cloud Architect, Professional Cloud Network Engineer, Professional Security Operations Engineer, Professional Cloud DevOps Engineer, Professional Data Engineer.

Complementing my cloud background, I hold Cloud Security Alliance certifications (CCSK, CCZT), reinforcing my expertise in secure cloud architecture and modern security practices. As a published Technical Author, I regularly share hands-on engineering insights on Medium and in professional publications, focusing on real-world DevOps, cloud security, software engineering, and architecture.

Contact

Email
LinkedIn profile linkLinkedIn
GitHub profile linkGitHub

Skills

Cloud & Platform
Service Mesh (Istio / Linkerd)
KEDA
Threat Modeling
Kubernetes
Docker
AWS / GCP / Azure
OpenStack
Security & Zero Trust
API Security
OAuth 2.0 / OIDC
Zero Trust
SLSA Framework
Provenance / Attestations
EU Cyber Resilience Act (CRA)
AI Governance (EU AI Act, NIST AI RMF)
ISO/IEC 27001
SAST (SonarQube, Semgrep)
DAST (OWASP ZAP)
SCA & Container Scanning (Trivy)
SBOM (Syft/CycloneDX)
Signing (Sigstore Cosign)
Secrets (Vault, SOPS, KMS)
Policy-as-Code (OPA/Gatekeeper, Kyverno)
K8s Security (NetworkPolicies, Pod Security, mTLS)
NGINX / HAProxy (WAF/TLS)
Compliance (CIS Benchmarks, GDPR basics)
Delivery & IaC
Terraform
Pulumi
GitLab CI
GitHub Actions
Jenkins
Argo CD (GitOps)
Ansible
Reliability & Observability
OpenTelemetry (OTel)
SRE (SLI/SLO)
Prometheus / Grafana
Languages & Foundations
OpenAPI
Event-Driven Architecture
Python
Go (Golang)
Node.js / TypeScript
Bash
Additional Expertise
eBPF
Cilium
Calico
Hubble (Cilium)
Datadog
ELK / OpenSearch, Jaeger
RESTful APIs
Incident Response & Hardening

Experience

Senior DevOps Engineer | Cloud Infrastructure (GCP Focus)

T-Digital by Deutsche Telekom · Full-time

Sep 2024 - Present · 1 yr 11 mos

Thessaloniki, Central Macedonia, Greece · Hybrid

  • Built and operated a multi-region / multi-cluster GKE platform with internal/external HTTPS load balancing (L7) and cross-region routing.
  • Implemented GitOps at scale (multi-cluster), standardized delivery workflows and environment promotion; maintained runbooks and internal operating guides.
  • Designed secure access patterns: OIDC/SSO integrations, developer groups, controlled jump-host access and validation; documented IAM/access procedures.
  • Delivered security controls: WAF protection and tuning, policy-as-code / admission controls, workload hardening and secure-by-default baselines.
  • Implemented secrets management & encryption: cloud KMS and secrets manager, external secrets integration, TLS certificate lifecycle automation.
  • Established security visibility: centralized logging/monitoring, metrics and tracing; integrated security event forwarding to SIEM and produced incident/debug guides.
  • Introduced vulnerability management: container/dependency scanning, CVE triage workflow, remediation coordination and tracking.
  • Improved resilience: backup/restore practices for clusters and stateful services, plus recovery verification steps (RPO/RTO awareness).

Selected Projects

  • AI Prompt Security

    A Chrome & Safari extension that keeps secrets out of AI prompts — it scans messages before they reach ChatGPT, Claude or Gemini using 110+ regex patterns plus Shannon-entropy analysis, then redacts or blocks API keys, tokens and PII. 100% local, zero telemetry.

    JavaScript · Chrome Extension · Safari Extension · Security · Privacy

    Chrome Web Store
  • Developer Tooling

    A VS Code extension that kills "works on my machine" — one-click snapshot of runtimes, Docker, ports, env vars and git state, diffed against a teammate's and turned into a Markdown fix report with ready-to-run commands. 100% local, no telemetry.

    TypeScript · VS Code Extension · DevOps · Git · Docker

    View on Marketplace

Licenses & Certifications

Google8×

Google Cloud Certified Professional Cloud Architect

Issued by Google · Issued May 2025

Credential ID: 8a9ddfba001e4a55bf42667a6b62da9b

Skills: Cloud Solution Architecture, Security and Compliance, Cloud Networking, +6 more

Show credential

Google Cloud Certified Professional Network Engineer

Issued by Google · Issued Jul 2025

Credential ID: eb748cbd0c904f8389d3f755f3a32584

Skills: Cloud Networking, Hybrid Connectivity, Network Security, +6 more

Show credential

Courses

20265

NIS-2 Deep Dive

K&P Computer / BLUE Consult

Completion certificate for the NIS-2 Deep Dive web training (28 May 2026) covering real attack scenarios (identity theft, compromised backups, user account breaches), NIS-2 requirements including risk management, reporting obligations, and supply chain security, governance structures, security roles, policies, incident response processes, vulnerability management and cyber resilience with IBM solutions, network and firewall security, SOC/SIEM/endpoint protection, and identity/access/communication protection.

IBM DevOps and Software Engineering (Professional Certificate)

Coursera

ACE ID IBM-0032 (v1), 14 weeks (~200 hours), minimum passing score 70. ACE: 18 SH (6 x 3) across Web Development (HTML/CSS/JavaScript), Python for Data Science, Advanced Application Security, Intro to Cloud Computing, Intro to Python, and Microservices.

Education

  • Recognized in Germany · Bachelor level

    Military Academy of the Strategic Missile Forces Academy named after Peter the GreatEngineer's Degree, Automation Management Systems

    2007 - 2012

    Engineer's Degree, Automation Management Systems

    Engineer's Degree, Translation

    Recognized by the KMK Central Office for Foreign Education (ZAB) as equivalent to a German Bachelor's degree

    Time Management · Self-discipline · Communication and Collaboration

  • Humanitarian, Economic and Information Institute of TechnologyBachelor's Degree, Law

    2012 - 2016

    Bachelor's Degree, Law

    Data Privacy and Security · Compliance and Regulations · Communication and Collaboration · Technical Analysis

Publications

8articles published onDataDrivenInvestor · Level Up Coding

Latest

DataDrivenInvestorMar 17, 2026

Docker Hardening in 2026: What I Always Change Before Production

A production hardening checklist for Docker: non-root users, minimal and distroless base images, read-only filesystems, dropped capabilities, and image scanning to shrink the attack surface.

Show publication
  1. Argo CD + Vault in 2025: How to Stop Templates from Breaking Secrets

    Sep 3, 2025

    Level Up Coding

    Integrating HashiCorp Vault with Argo CD GitOps: injecting secrets safely, avoiding template rendering pitfalls, and keeping secrets out of Git while preserving declarative delivery.

Honors and Awards

6distinctionsselected by Google & the developer community

  1. Issued by Google CloudJun 2026

    One of only a handful of engineers Google names Ambassador for Infrastructure — a recognition it reserves for the very top tier of its global Cloud community. Awarded for sustained, hands-on mastery of Google Cloud infrastructure, proven in the console rather than on paper.

  2. Issued by Google CloudMay 2026

    Recognised by Google as a Security Champion — a distinction given to practitioners who consistently demonstrate deep, applied expertise in securing Google Cloud environments and raising the security bar across the community.

    © 2026 Aleksei AleinikovSenior DevSecOps Engineeralekseialeinikov.com