Aleksey Smirnov
DevOps Engineer • Cybersecurity Specialist
Building secure, scalable cloud infrastructure and automating deployment pipelines with expertise in Kubernetes, Cloud Platforms, CI/CD, and modern DevOps practices
About Me
my journey in tech
DevOps Engineer & Cybersecurity Specialist
I'm a SecOps Engineer with over 4 years of experience bridging security and operations, specializing in infrastructure hardening, compliance frameworks (ISO 27001, CISA Zero Trust), and securing cloud-native environments across AWS, GCP, and on-premises infrastructure.
Currently at SportSpired, I architect secure CI/CD pipelines, manage enterprise IAM with Active Directory and SSO integration, and deploy HashiCorp Vault for secrets management. My work spans Kubernetes security, infrastructure-as-code automation with Ansible and Terraform, and implementing defense-in-depth strategies across containerized and bare-metal workloads.
My approach combines DevSecOps automation with security controls, ensuring every infrastructure component is not only efficient and scalable, but also compliant, auditable, and resilient against evolving threats.
Infrastructure Automation
Building secure infrastructure-as-code with Ansible and Terraform, automating compliance enforcement and configuration management across hybrid environments.
Security & Compliance
Implementing CIS Benchmarks, ISO 27001, and CISA Zero Trust frameworks. Managing secrets with HashiCorp Vault and enforcing defense-in-depth strategies.
Enterprise Identity & Access
Managing Active Directory environments, domain controllers, and implementing secure authentication patterns with AppRole and SSO integration.
Technical Skills
Technologies and tools I work with
Container Orchestration
Cloud Platforms
CI/CD & Automation
Security & Compliance
Monitoring & Logging
Infrastructure as Code
Work Experience
My professional journey
SecOps Engineer
Secures and hardens enterprise infrastructure across on-premises datacenters and multi-cloud environments (AWS, GCP) while leading compliance and DevSecOps initiatives.
Key Achievements:
- •Implemented defense-in-depth strategies across bare-metal, VMs, and containerized workloads
- •Architected SSO infrastructure integrating Active Directory with Google Workspace
- •Deployed HashiCorp Vault for centralized secrets management across all environments
- •Embedded security controls into GitLab CI/CD pipelines with automated scanning and artifact verification
- •Developed security roadmaps aligned with ISO 27001 and CISA Zero Trust Maturity Model
- •Secured Kubernetes clusters through network policies, pod security standards, and runtime monitoring
Technologies Used:
DevOps Engineer
Designed and maintained CI/CD pipelines and Kubernetes infrastructure, implementing GitOps workflows and managing container orchestration at scale.
Key Achievements:
- •Implemented GitOps workflows with FluxCD for efficient Kubernetes deployments
- •Leveraged werf for building container images and managing Helm charts
- •Deployed Talos OS for minimal, secure, and immutable Kubernetes nodes on bare metal and VMs
- •Integrated Nexus artifact repository for secure package versioning and traceability
- •Developed Ansible playbooks for infrastructure automation, significantly reducing manual work
- •Optimized resource utilization and implemented autoscaling strategies for microservices
Technologies Used:
Chief Cybersecurity Engineer | DevSecOps
Led migration to containerization, implemented comprehensive security monitoring, and created SOC from scratch while ensuring compliance with international standards.
Key Achievements:
- •Led migration to Docker and Kubernetes with automated infrastructure provisioning via Ansible
- •Created and maintained SOC from scratch, implementing ISO 27001-2 and NIST 800-53/30 compliance
- •Deployed SIEM platforms (MaxPatrol SIEM, ELK Stack) for security event correlation and analysis
- •Implemented monitoring with Zabbix, Prometheus, and Grafana ensuring system availability
- •Configured NGFW and DLP solutions to prevent unauthorized access and data disclosure
- •Designed corporate-wide network architecture ensuring minimal failures and maximum efficiency
Technologies Used:
Chief System Engineer
Managed database systems, developed monitoring strategies, and led a team of technical professionals while ensuring system reliability and security.
Key Achievements:
- •Managed MSSQL, MySQL, and PostgreSQL database systems ensuring performance and availability
- •Built and managed team of 7 technical professionals
- •Developed and implemented robust monitoring and maintenance strategies to minimize downtime
- •Implemented industry best practices for system reliability, scalability, and security
- •Proactively addressed technical risks with innovative solutions for operational efficiency
Technologies Used:
System Administrator
Managed server infrastructure and networking equipment, implementing monitoring systems and maintaining optimal performance across Linux and Windows environments.
Key Achievements:
- •Maintained server infrastructure across Linux and Windows operating systems
- •Implemented Zabbix and Grafana monitoring to proactively identify and resolve issues
- •Configured and maintained networking equipment including routers, switches, firewalls, and load balancers
- •Performed routine maintenance including firmware updates and security patching
- •Troubleshot and resolved complex hardware and software network problems
Technologies Used:
Network Engineer
Designed and maintained network architecture, scaling infrastructure from a single 20-person office to multi-regional operations supporting 500+ users while ensuring high availability, security, and compliance.
Key Achievements:
- •Architected and scaled network infrastructure from 20-person office to distributed multi-regional network supporting 500+ users
- •Designed secure and scalable LAN, WAN, and VPN implementations across multiple office locations
- •Selected and implemented enterprise-grade hardware and software for geographically distributed network infrastructure
- •Ensured high availability and performance through redundant network design and strategic segmentation
- •Planned network infrastructures based on business requirements, regional compliance needs, and aggressive growth projections
Technologies Used:
Featured Projects
Some of my notable work and contributions
Cloud Resume Challenge
Created a dynamic and innovative Cloud Resume using Amazon Web Services (AWS). Leveraged AWS services like S3, CloudFront, DynamoDB, Lambda, Route53, and GitHub Actions to develop a serverless web application portfolio that showcases skills and achievements.
- ✓Serverless architecture with AWS services
- ✓Dynamic visitor counter using Lambda and DynamoDB
- ✓CI/CD pipeline with GitHub Actions
- ✓Global content delivery with CloudFront
AWS Cloud Project Bootcamp
Comprehensive AWS Cloud Project Bootcamp covering more than 20 AWS services and practical skills. Built and deployed a full-stack web application (Cruddur) on AWS Cloud, demonstrating end-to-end cloud development and deployment expertise.
- ✓Developed full-stack serverless application
- ✓Implemented 20+ AWS services in production
- ✓Containerized application with Docker and ECS
- ✓User authentication with Amazon Cognito
Terraform Cloud Bootcamp
Terraform bootcamp project equipping essential knowledge to implement Terraform in infrastructure. Developed skills for utilizing infrastructure as code, implementing best practices for cloud resource management and automation.
- ✓Infrastructure as Code implementation
- ✓Terraform Cloud integration
- ✓Automated infrastructure provisioning
- ✓Best practices for IaC workflows
Security Automation Pipeline
Built automated security scanning pipeline integrating SAST, DAST, and container scanning tools into CI/CD workflow for continuous security assessment and compliance.
- ✓Automated vulnerability scanning
- ✓Security gates in CI/CD
- ✓Secrets management with Vault
- ✓Compliance reporting automation
Kubernetes Multi-Cluster Setup
Designed and deployed production-grade Kubernetes clusters with high availability, monitoring, and security hardening. Implemented GitOps workflows and comprehensive observability.
- ✓Production-grade Kubernetes deployment
- ✓GitOps with FluxCD
- ✓Comprehensive monitoring stack
- ✓Security hardening with CIS benchmarks
Infrastructure Monitoring Stack
Deployed comprehensive monitoring and logging solution using Prometheus, Grafana, and ELK stack for infrastructure and application observability across multiple environments.
- ✓Real-time metrics visualization
- ✓Centralized logging solution
- ✓Custom alerting rules
- ✓Multi-environment monitoring
Certifications
Industry-recognized credentials and achievements
Certified Kubernetes Administrator (CKA)
The Linux Foundation
Demonstrated expertise in Kubernetes cluster administration, troubleshooting, and management.
AWS Knowledge: Architecting
Amazon Web Services
Validated knowledge of AWS architectural best practices and design principles.
MaxPatrol SIEM Certified Specialist
Positive Technologies
Certified specialist in MaxPatrol SIEM for security information and event management.
AWS Cloud Project Bootcamp Certificate (Gold Squad)
ExamPro
Completed a 5-month long project bootcamp building a serverless application on AWS using S3, CloudFront, API Gateway, Lambda, DynamoDB and more.
Check Point Certified Maestro Expert (CCME)
Check Point
Expert-level certification in Check Point Maestro hyperscale network security orchestration.
Check Point Certified Security Expert (CCSE)
Check Point
Expert-level certification in Check Point security solutions administration and management.
Cisco Certified Network Associate (CCNA)
Cisco
Foundation-level certification in Cisco network routing and switching (expired).
Infowatch DLP Certified Specialist
Infowatch
Certified in Infowatch Data Loss Prevention solutions implementation and management.
VMware Certified Professional - Data Center Virtualization
VMware
Certified professional in VMware vSphere 7 installation, configuration, and management.
Get In Touch
Let's discuss your next project or opportunity
Contact Information
I'm always open to discussing new projects, creative ideas, or opportunities to be part of your visions. Feel free to reach out through any of the channels below.