CV Virtual Desktop Infrastructure : Trouvez votre intervenant indépendant

Exemple d'expériences d'Ali,
freelance VIRTUAL DESKTOP INFRASTRUCTURE résidant dans Paris (75)

PROFESSIONAL EXPERIENCE

MAJOR PROJECTS
Cloud Infrastructure Team at Allianz Trade - Allianz Technology (since 05/2023)
• Project: AWS Cloud Governance and Infrastructure Modernization
• Technical Environment: AWS Infrastructure, IAM Identity Center, SCP, RCP, RDS, Vault, Terraform, CloudWatch, Lambda, Splunk, AlertManager,
PagerDuty, GitLab, GitLab CI, ECS, Network Firewall, Firewall Manager, WAF, Shield Advanced, Transit Gateway, S3, CloudTrail, Config, Trusted Advisor,
SNS, SES, SQS, Jira, Confluence, SAFe, Scrum.
• Context:
• Allianz Technology's Cloud Team ensures the scalability, security, and resilience of new multi-account AWS environments.
• Implements cloud governance and security standards and guidelines across global accounts.
• Defines best practices in Infrastructure as Code (IaC), Privileged Access Management, and compliance automation.
• Oversees 24/7 cloud operations and supports cross-domain cloud initiatives.
• Main Tasks:
• Redesigned the Landing Zone and migrated workloads to a MultiAccount architect, to a segmented VPC architecture (routable and non-routable).
• Defined privileged access strategies using IAM Identity Center, IAM Roles Anywhere, and SCP, including least privilege access.
• Enhanced and maintained a secure PAM system for RDS using Vault, improving access control with real-time alerting and integrated observability
dashboards.
• Maintained centralized monitoring stack (CloudWatch Exporter, AlertManager, PagerDuty).
• Implemented centralized breakout/breakin services with Network Firewall, Firewall Manager, and WAF.
• Migrated old WAF policies to Firewall Manager across environments.
• Transitioned inter-VPC connectivity to AWS Transit Gateway with environment-specific routing tables.
• Migrated all on-premise and cloud logs from Splunk-to-Splunk Cloud, containerizing Heavy Forwarders and Intermediate Forwarders.
• As a Security champion, Led and supported security audits and penetration tests, ensuring remediation of vulnerabilities based on audit reports and
infrastructure assessments.
• Implemented DORA regulatory compliance in a cloud environment, ensuring strong alignment with security best practices.
• Managed KMS BYOK key rotation for critical workloads and delivered comprehensive, user-friendly documentation to support operational teams.
• Migrated petabytes of on-premise data to an immutable cloud backup through AWS Direct Connect using Storage Gateway (Tape Gateway),
DataSync. S3 Glacier and IAM roles Anywhere.
• Replaced S3 proxies with S3 PrivateLink and centralized backups for VEEAM, IBM TSM Tivoli Storage, and Oracle databases.
• Defined internal cloud engineering standards via regular internal meetups and documentation.
• Participated in on-call rotation and 24/7 operations support.

MAJOR PROJECTS
CaaS Architect at Chanel (01/2023 - 05/2023)
• Project: Chanel Containers as a Service (CaaS) Platform
• Technical Environment: Azure Cloud, Azure Kubernetes Service (AKS), Amazon EKS, Kubernetes (v1.19.11 upgraded to v1.22.4), Helm charts, Docker,
Azure Container Registry, Azure DevOps, Terraform, Azure Active Directory (AAD) integration, Role-Based Access Control (RBAC), Azure Key Vault,
Azure Traffic Manager, Nginx Ingress Controller, Internal-Nginx Ingress, APIM Ingress, Cert-Manager, Datadog, Network Policies, Azure Policies
ServiceNow, Kubernetes labels conventions for governance.
• Context:
- My mission was part of the Chanel Software Factory Next-Gen initiative, tasked with designing, building, operating, and maintaining a scalable, secure,
and automated CaaS platform deployed across multiple Azure cloud regions (West Europe, West US, East Asia). The platform enables Chanel
development teams to deploy containerized microservices with high availability, scalability, strong security, and governance while minimizing
operational overhead through automation.
• Main Tasks:
- Managed AKS and EKS Kubernetes clusters including patching, version upgrades (K8s v1.19.11 to v1.22.4), and node pool configuration to ensure
platform stability and compliance.
- Developed and maintained Helm chart templates for streamlined, repeatable application deployments across environments.
- Automated infrastructure and project delivery leveraging Azure DevOps pipelines and Terraform, enabling consistent and rapid continuous
integration/continuous delivery (CI/CD).
- Integrated Azure Active Directory for authentication and implemented RBAC policies to enforce fine-grained access controls at cluster and namespace
levels.
- Configured internal and external ingress routes for applications and APIs using Nginx (public/internal) and APIM ingress controllers, including DNS
management and certificate provisioning via Cert-Manager and Chanel PKI.
- Coordinated with security, compliance, and operations teams to embed security best practices such as secrets management with Azure Key Vault,
network isolation through Kubernetes Network Policies, and cluster governance with Azure Policies.
- Implemented centralized monitoring and observability frameworks using Datadog and Azure Application Insights to ensure application reliability and
performance.
- Contributed to service governance by defining naming conventions, Kubernetes labels, and role binding standards to maintain consistent cluster
hygiene across projects.

MAJOR PROJECTS
Cloud Center of Excellence Team at PMU France (08/2021 - 01/2023)
• Project: PMU Cloud Center of Excellence.
• Technical Environment: AWS, EKS, Kubernetes, ArgoCD, Helm, Docker, ECR, MSK, Logstash, Grafana, Centreon, AlertLogic, Direct Connect, Transit
Gateway, Route53, SFTP, Cognito, Terraform, Gitlab CI, Packer, Scripting Shell et Python, Nexus, Squid, Redhat, CentOs, Jira, Confluence, ********,
Scrum.
• Context:
• The Cloud of Excellence Centre is a cross-functional team of 5 people.
• Manage Cloud governance and promote DevOps culture and best practices.
• Support domains in migrating and implementing PMU applications in the cloud.
• Support domains in choosing AWS services
• Check compliance, tagging and cloud security
• Monitoring costs and implementing FinOps aspects
• Shared services management: Proxy, log collection, supervision and performance tests on all environments.
• L3 support for Cloud and DevOps teams at PMU France.
• Main Tasks:
• Definition and implementation of the AWS Landing Zone.
• Organization of AWS accounts.
• Migration of cross-functional applications and tools from Frankfurt to Paris.
• Implementation of front and backend websites in Production following TMA application deliveries.
• Management of network infrastructure and interconnection to datacenter.
• Management of security platform: Roles and permissions, integration with SOC, implementation of WAF whitelist and Ips blacklist.
• Implementation of backups, restorations and DRP procedures.
• Management of patch management, updating of base AMIs and common modules.
• Study and definition of the logical and technical architecture of EKS.
• Containerization of 3 applications and migration to the EKS Cluster.
• Implementation of a data transfer solution, a portal for PMU partners based on SFTP Web Client.
• Implementation and evolution of PMU transversal Terraform modules to enable domains to deploy their solutions while respecting compliance and
security rules.

MAJOR PROJECTS
Cloud & DevOps Engineer at Dalkia - EDF (07/2020 - 08/2021)
• Project: DICI team.
• Technical Environment: AWS (+30 services), Direct Connect, Transit Gateway, Route53, Cognito, Terraform, Gitlab CI, Jenkins, Ansible, Docker, Nexus,
Squid, Nginx, Trend Anti Malware, Active Directory, Windows, Redhat, CentOs, VMware, Jira, Confluence.
• Context:
• Participate in defining infrastructure architectures for non-production and production environments.
• Guarantee the availability, compliance and security of resources hosted in the AWS public cloud.
• Advise and train IT staff on AWS Cloud best practices.
• Deploy infrastructures and applications automatically via Terraform and Ansible, in compliance with DALKIA standards and DevOps best practices.
• Design and implement technical solutions and implement operating solutions.
• Guarantee the security, scalability and performance of the AWS infrastructure.
• Through a technology watch activity, propose new solutions to improve the existing infrastructure.
• Optimize infrastructure and operating costs (FinOps).
• Main Tasks:
• Implementation of target architectures, applying automation and DevOps best practices:
• Migration of existing Cisco routers to the Transit Gateway.
• Migration of AWS peering connections, VPN links and Direct Connect to the TGW.
• Implementation of AWS federation and SSO + MFA with the Production ADFS Trust for all Dalkia DSIN players
• Deployment of the RBAC model and IAM policies with Terraform
• Deployment of the MYAWS system for access to shared accounts, to limit team access to their application scope.
• Creation and delivery of AWS accounts for new projects in compliance with DALKIA standards.
• Support for migration projects through to production launch.
• Design DNS infrastructure architectures, log collection, routing and security
• Set up Proxy and Reverse Proxy on all environments
• Implementation of the Inwebo MFA solution.
• Building software infrastructures (Production, Pilot & Off-Prod):
• Development and maintenance of Infrastructure as Code Terraform scripts.
• Patch management with WSUS - Implementation of AWS infrastructure monitoring with Cloudwatch metrics and Grafana dashboard.
• Define architecture and operating documents and consolidate them regularly, following the continuous improvement process.
• Support development teams during migration phases.
• Securing the Non-Production, Pilot and Production information system:
• Monitor IAM rights and SCP policies to ensure the security of the AWS cloud.
• Raise security ...