Andrzej Komarnicki
Services provided: Kubernetes , Google Cloud Platform , Amazon S3 , Amazon EC2 , Windows Server , Redis , AWS Lambda , Elasticsearch , AWS Solutions Architects , Powershell , MySQL , AWS Kinesis , CI/CD Engineers , Python , GitHub , Nginx , Express.js , AWS IAM , Apache Kafka , Amazon RDS , Terraform , Gitlab , AWS Fargate , Node.js , Amazon Aurora , Amazon Web Services , AWS Cognito , Ansible , AWS DevOps Engineers , Docker , CodeDeploy , Git , PostgreSQL , AWS Operations Engineers , Linux , Jenkins , Typescript , NestJs , MongoDB , Amazon API , Amazon Redshift , AWS CLI , Active Directory , Serverless , AWS Developer , Opensearch , Amazon DynamoDB , HaProxy , AWS CloudWatch , Bash
About Andrzej Komarnicki:
I have 18 years of combined tech industry experience in Manager/Lead, Architect and Engineer roles.
Expertise in Infrastructure-as-Code, Cloud Security and DevSecOps, Cloud Networking, Cloud Databases, Containers and K8s, Serverless, CI/CD and Monitoring/Logging.
Experience
Bishop Fox – Tempe, AZ
05/2023-present
Senior DevOps Consultant
(remote contract)
DevOps Engineering and Platform Development for Cosmos Continuous Penetration Testing Platform. Platform is hosted on AWS and pulls data from customer environments (AWS, GCP, Azure and Cloudflare) using Cloud Provider APIs and domains/subdomains.
Acting as the DevOps and Cloud SME embedded within the Discovery development team, working with backend developers, cloud engineering, operations and customer teams to design, test, develop, deploy and support new platform features and capabilities.
Work on developing and deploying Cloud Connectors for Cosmos Platform which are running on Amazon EKS (Kubernetes) with container workflows orchestrated by Argo Workflows and written in Python and Bash (AWS, GCP, Azure cli commands)
Cloud Connector API and Hawkeye DB processor/formatter developed and supported using Go
Ironman internal operations platform runs on Amazon ECS using Node.js (Express.js) and React
Troubleshoot IAM/security/network integration issues between our AWS production environment and customer cloud environments/accounts
Designed and implemented customer solution for AWS multi-cloud integration with GCP and Azure using Workload Identity Federation
CI/CD and declarative infrastructure using GitHub Actions and Helm. GitOps implementation with Argo CD.
Develop automation for platform customers using AWS CloudFormation Stacks, StackSets and Terraform templates/modules
Utilize Terraform Workspaces for AWS, Google Cloud and Azure environment orchestration
Postgres databases hosted and managed on Amazon Aurora
Using both Amazon API Gateway and Kong API Gateway hosted on EKS, with authentication handled by Auth0
Manage Golang, Python and Node.js platform service operations running on Kubernetes (EKS), Amazon ECS and AWS Lambda
Monitoring and Logging using Prometheus, Grafana, Amazon CloudWatch and Amazon OpenSearch
S3 Data Lake with Athena queries, DynamoDB database leveraged for developing new services
Utilize RabbitMQ for message brokering/queuing and Kafka for event streaming
Wellington-Altus – Toronto, ON
07/2022-02/2023
Senior AWS Cloud Engineer
(remote contract)
Greenfield Cloud-Native Data Platforms project entailed AWS Landing Zone creation, development of Serverless functions and APIs, Batch & Real-Time Data Ingestion architecture, Glue ETL, Redshift Data Warehousing and Gitlab CI/CD design and build-out on AWS with Azure integration for Power BI end-users.
Multi-account architecture provisioned using AWS Control Tower, Organizations and SSO – using Shared Services VPC reference architecture.
Gitlab CI deployment to EC2 RHEL 8, RDS Postgres and ElastiCache Redis with Terraform and Ansible. GitLab Runners hosted on Amazon EKS (Kubernetes).
Provisioning, optimization and development of AWS Lambda functions, API Gateway resources and Cognito User/Identity Pools using AWS CDK (TypeScript)
Deployed and managed ECS Fargate cluster, ALB, S3 Static Site and CloudFront CDN for React Mobile Web app. AWS PrivateLink integration to private APIs hosted on Amazon API Gateway across AWS account.
AWS private network integration with Azure over AWS Transit Gateway and Cisco Cloud Services Router (third-party transit point)
Azure AD SAML integration with AWS IAM Identity Center and Cognito for SSO and API Authentication
Developed Lambda Authorizer for use with Cognito and Amazon API Gateway using Node.js.
Redshift cluster deployment through Terraform module with Enhanced VPC Routing, Automatic Recovery and authentication profiles
AWS Transit Gateway deployment, secured by AWS Network Firewall for East-West traffic
SFTP deployment with AWS Transfer Family, secured by AWS Network Firewall for North-South traffic
AWS Transfer Family custom file-processing workflows for uncompressing and decrypting files in S3 enabled with Terraform, AWS CDK, and AWS Lambda (Python openpgp library)
Provisioning of Kinesis Data Streams and Kinesis Firehose cloud resources to handle Avro payloads
Amazon MSK (Kafka) cluster buildouts and integration with AWS Lambda ESM (Event Source Mappings)
AWS Glue Job, schema and crawler provisioning and VPC connectivity/interfaces
Defined EventBridge (CloudWatch Events) rules to trigger AWS Lambda based upon Glue Job state changes, event data sent to Kafka
Deployed Amazon OpenSearch cluster for Application and Infrastructure dashboards and logs
AWS Client VPN deployment into Shared Services VPC, with connectivity through to other accounts over Transit GW, Authentication backed by AWS Directory Service – Active Directory
Amazon Workspaces secured by AWS Network Firewall filtering of internet traffic
Deployment of Windows Server 2022 EC2 instances using Terraform and configuration management with Powershell
Rocket Financial Inc. – Toronto, ON/Aventura, FL
02/2020-05/2022
Head of DevOps & SRE
(permanent)
Fintech SaaS startup offering distributed Spring Boot Microservices-based API and Web solutions for B2B and B2C.
As the first DevOps Engineer in the company, I handled the entire Cloud Architecture and DevSecOps solutioning end-to-end, designing and implementing everything from scratch (greenfield) according to PCI DSS 3.2.1 Level 1 compliance requirements.
I hired, coached and managed a team of 6-8 Senior DevOps Engineers, Site Reliability Engineers (SREs) and Database Engineers in delivering robust and secure DevSecOps solutions on AWS for brands/products under Rocket Financial. I worked closely with the backend, frontend, data engineering, BI (business intelligence), QA and product teams on a regular on-going basis.
Solutioned and implemented greenfield Dev/QA/Sandbox/Production environment buildouts using Terraform, Bash and AWS CDK on AWS. Passed external/internal penetration testing and achieved externally audited PCI DSS 3.2.1 Level 1 compliant Cloud Architecture.
Leveraged AWS Control Tower, Organizations, Security Hub, Amazon Detective, CloudTrail, Amazon GuardDuty and Amazon Inspector for end-to-end cloud security, compliance and governance
Secure Amazon EKS cluster deployments using Terraform module, Ambassador Edge Stack deployed as cluster ingress controller and fronted by Amazon API Gateway private integration (VPC Link) via NLB
Architected Kubernetes (Amazon EKS) pod and control plane logging/alerting solution for non-prod environments using EFK stack – Elasticsearch, Fluent Bit, and Kibana
Amazon RDS Postgres multi-AZ databases, extensions, roles etc. managed by Terraform Provider for PostgreSQL
Eventually expanded to multi-region architecture with Amazon EKS and migration from RDS to Amazon Aurora PostgreSQL
Amazon MSK deployments for Kafka clusters with microservice Kafka event producers running in Kubernetes, broker connectivity secured in-transit with SSL/TLS, encryption used for data at rest
Amazon Redshift, Amazon Elasticsearch/OpenSearch Service and ElastiCache Redis cluster deployments, scaling, security and cost optimization
Integrated DataDog for production monitoring, logging and alerting of Amazon API Gateway, AWS WAF, CloudFront, EC2, NLB, EKS, MSK (Kafka), Flink, Istio, Ambassador, Neo4j and RDS Postgres
Custom metrics, security monitoring and alerting solutions deployed in Dev/QA/Prod environments entail use of CloudWatch, EventBridge, Prometheus, Grafana, AWS Lambda (Node.js and Python) and AWS CDK (TypeScript)
Supporting Business Intelligence Dashboard and SQL warehouse on Google Compute Engine, GKE, Google Cloud SQL, Cloud Storage, BigQuery, Dataproc and Node.js Cloud Functions.
Amazon Kinesis Data Streams, Kinesis Data Firehose and AWS Glue job provisioning and orchestration. Oversaw development of custom BI CI/CD solution for AWS Glue ETL and Apache Flink data jobs.
Designed Cloud-Native CI/CD solution for Spring Boot microservices from scratch using AWS CodeBuild, Bash, Terraform, Spinnaker, Nexus, Maven and Jib
Angular frontend CI/CD done fully with AWS CodeBuild, Bash, Terraform, npm, S3, and hosted statically on S3/CloudFront
Deployed AWS Network Firewall with Suricata rules and AWS WAF with AWS Managed Rules for protecting North-South traffic and APIs
Istio service mesh deployed in all K8s clusters for observability of workload telemetry/topology using Kiali, distributed tracing with Jaeger and integration with Ambassador for ingress
Planning and design of migration from Spinnaker Continuous Delivery to Argo CD with GitOps for EKS multi-cluster management and deployments
Keycloak clusters deployed on EKS for application API authentication and authorization with HA and Auto Scaling support
Highly Available Neo4j graph DB Causal Cluster built-outs using vendor AMIs with encryption and FIM (File Integrity Monitoring)
Apache Flink cluster buildouts on Ubuntu EC2 instances and scaled with ASG (Auto Scaling Group).
Deloitte Canada – Toronto, ON
01/2019-10/2019
Lead DevOps Developer
(contract)
Achievements:
• Introduced and implemented DevOps and DevSecOps best practices using Amazon CloudWatch Events, Logs & Alarms, CloudTrail, Terraform-based IaC (Infrastructure-as-Code), and AMI/Docker CIS compliance/security hardening for InsurCloud platform instances and containers
• Solutioned and deployed Docker Swarm clusters for Spring microservices exposed through HAProxy and AWS NLB
• Designed, built, and deployed a robust SRE architecture for container and application metrics monitoring using Docker Swarm stacks, cAdvsior, Micrometer (Spring metrics), Prometheus, and Grafana
• Designed and implemented Transit Gateway (TGW) with Hub and Spoke VPC architecture for attaching multiple VPCs and VPNs, both intra-organization and cross-organization, for East-West and North-South use cases with Palo Alto VM-Series and Aviatrix Orchestrators
• Successful InsurCloud platform production go-live for Commonwell Mutual Insurance Group
Responsibilities:
• Lead DevOps resource on AWS-based Deloitte InsurCloud Platform project for insurance industry incorporating Guidewire containers and custom Spring microservices, as well as tight integration with customer AWS accounts and Hybrid Cloud use cases
• Role entails AWS-based DevOps, Hybrid Cloud Networking and Cloud Engineering responsibilities
• DevOps and IaC (Infrastructure as Code) tooling includes AWS Systems Manager, Terraform, Packer, Consul, CloudFormation, Ansible, Jenkins, Nexus, Docker, Docker Swarm, Powershell, Bash, and BitBucket
• Container builds/deployments using Multi-Stage Dockerfiles, Docker Compose and Docker Swarm stacks
• Configuration and management of Jenkins build and deploy CI/CD pipelines for Docker containers using OpenJDK, Spring Boot, Maven and Gradle
• Utilized git forking workflow with feature branches and pull requests for Terraform. Terraform plan/apply jobs run within Jenkins pipelines for pre-prod and production AWS environments.
• Cloud development and automation using AWS Lambda, Node.js, AWS CDK (TypeScript), Python Boto3, Amazon API Gateway, DynamoDB, CloudFront, SQS, SNS, and Kinesis
• Implemented centralized container logging and monitoring using CloudWatch, Prometheus, and Grafana
• Exposed Spring Boot microservices metrics to Prometheus via Micrometer and Spring Actuator
• Deployment, configuration and management of AWS Systems Manager Agent and CloudWatch Agent
• CIS-compliant AMI builds and deployments for Amazon Linux, Ubuntu, RHEL and Windows Server using HashiCorp Packer and Terraform
• Database management and administration using Amazon RDS PostgreSQL, Amazon DynamoDB and MSSQL on Docker and Windows Server clusters
• AWS network engineering including VPC Peering, Transit Gateways, AWS Site-to-Site VPN, Transit VPCs, Hub VPCs, Palo Alto VM-Series, HAProxy, Aviatrix Controller & Gateway, ELBs, NAT Gateways, Internet Gateways, OpenVPN and VPC endpoints/gateways/interfaces
• Managed AWS Directory Service for Microsoft Active Directory
• Secrets Management and storage using AWS Secrets Manager, Systems Manager Parameter Store and HashiCorp Vault
• TLS/SSL Certificates and Encryption using AWS Certificate Manager, AWS KMS (Key Management Service), and HashiCorp Vault
• Cloud security and threat management utilizing IAM, AWS GuardDuty, AWS Config, AWS WAF, AWS Security Hub, and AWS Organizations
Pythian Group – Ottawa, ON
10/2017-10/2018
DevOps Architect
(permanent)
Achievements:
• All milestones achieved for Persado multi-region HA expansion using inter-region VPC Peering on AWS
• Solutioned and deployed Amazon EKS (Elastic Kubernetes Service) for containerized workloads at Swift Medical according to HIPAA standards
• Designed and built multiple AWS and GCP environments from scratch with end-to-end CI/CD pipelines and IaC
• Developed and implemented Express.js REST API with authentication and authorization for Astound Group’s event platform
Responsibilities:
• Design, code, build, deploy and manage secure and compliant Cloud-Native solutions end-to-end in the area of instances, CI/CD, containers, clusters, databases, configuration management, orchestration, serverless and APIs
• Foundational infrastructure and application design using AWS Well-Architected Framework
• AWS EC2/VPC/IAM/Route53/S3/RDS environment setup, automation, orchestration using Terraform, CloudFormation, Ansible, and Bash
• Setup of CI/CD pipeline components for Jenkins, Spinnaker, Nexus, Concourse CI, GitLab CI, AWS CodePipeline, AWS CodeBuild, AWS CodeDeploy, Amazon ECR, Google Cloud Build, Google Container Registry and Kubernetes manifests/helm charts
• Design, build, secure and manage clusters/workloads running on self-managed Kubernetes (Kops), Amazon EKS (Amazon Kubernetes Service), and Amazon ECS
• Google Cloud Platform (GCP) VPC, IAM, Compute Engine and GKE environment setup, automation, and orchestration using Terraform
• AWS network engineering including VPC Peering, Site-to-Site VPN, Transit VPCs, ELBs, NAT Gateways, Internet Gateways, Client Access VPN, VPC endpoints, and bastion hosts
• Utilize AWS Systems Manager for instance inventory, compliance, automation, patching and remote execution
• Deploy, configure and optimize Amazon Elasticsearch Service with Kibana and Logstash
• Solution, migrate and support SQL and NoSQL databases/caches in the cloud - including MongoDB, PostgreSQL, Redis, MySQL, Amazon RDS, and Amazon DynamoDB
• Serverless development using Node.js on AWS Lambda with API Gateway, SQS, SNS, SES, and DynamoDB
• Solution and implement object storage using AWS S3, CloudFront, Akamai, and Cloudflare
• Secrets management using Hashicorp Vault, AWS Secrets Manager, Parameter Store with AWS KMS
• Design and implement network and load balancing solutions using NGINX, HAProxy, AWS Elastic Load Balancers (ALB/NLB), AWS WAF, Google Load Balancing
• Monitoring, compliance (SOC I/II, CIS, PCI, ISO, HIPAA) and security on AWS using Security Hub, Config, CloudTrail, CloudWatch, and GuardDuty
• Big data, streaming, interactive data querying and analytics using Amazon Kinesis, Athena, EMR, and Redshift, Google BigQuery
BlazeClan Technologies – Toronto, ON
12/2016-09/2017
DevOps Systems Architect
(contract)
Achievements:
• Successfully completed discovery and migration of Pizza Hut International Online Ordering platform to AWS, running mostly on Windows Server and .NET
• Migrated Atrium’s Linux-based infrastructure to AWS and their PostgreSQL databases to Amazon RDS
• Successfully migrated St. Joseph Communications to AWS Elastic Beanstalk for majority of their client web portfolio
Responsibilities:
• Performed data center discovery and scoping of project requirements/phases on-site or remotely, most work done remote
• Designed/implemented greenfield solutions and planned migrations to AWS using services such as AWS Database Migration Service, RDS, EC2, Elastic Beanstalk, ECS, ECR, Elasticache, S3, Route53, Cloudfront, IAM, AWS WAF, CloudFormation, SES and
• Deployed and administered self-managed Kubernetes clusters on EC2 using Kops and Terraform
• Architected and implemented multi-VPC AWS solution including a Security VPC that served as the point-of-entry via a secure Server 2012 RD Gateway/Farm. Utilized VPC Peering, S3/SSM Endpoints and Ingress/Egress data controls – including AWS WAF for inbound and Squid Proxy for outbound web filtering
• Implemented majority of AWS configuration management and orchestration via Terraform, CloudFormation and Ansible
• Utilized git repos such as BitBucket, GitHub, GitLab, and AWS CodeCommit
• Worked with client-side Infrastructure resources to create .NET IIS and PHP Web Server Golden AMI Images deployed via EC2 Auto Scaling Groups with Launch Configurations
• Leveraged AWS Database Migration Service when migrating on-prem MySQL clusters to Amazon RDS MySQL, utilized AWS Elasticache as destination for migrating on-prem Redis
• Solutioned, deployed and configured Amazon Elasticsearch Service with integrated Logstash and Kibana functionality
• Utilized AWS Systems Manager and CloudWatch Logs for managing, monitoring, alerting and VPC flow log analysis
Symcor Inc., Mississauga, ON
05/2011-05/2016
Technical Systems Lead
(permanent)
Achievements:
• Provided end-to-end design, implementation and support services as sole Windows SME for a 3 year-long $6 million cost project affecting RBC, BMO, TD, and BNS
• Drove Data Center migration project for Cisco UCS and Hypervisor/VM assets moving from downtown Toronto to Mississauga location, along with certain assets being moved to Azure
• Successfully devised POC and implemented solution for allowing legacy IBM OS/2 systems to securely access file/print resources on member servers within a Server 2012-based AD resource forest via a down-level external NTLM trust
• Successfully implemented upgrade of Server 2003 AD infrastructure to Server 2012 R2 AD DS across multiple forests, sites and domains
Responsibilities:
• Act as a Windows SME and project lead for investment projects throughout entire project lifecycle. Design, deploy and monitor Microsoft infrastructure components in Dev, QA, and Production environments by working closely with Dev/QA/Operations teams and the Solutions Architect
• Gather, document, and articulate business and systems requirements into requirements specifications, including BCP/DR/HA provisions
• Create security documentation and work with InfoSec on penetration testing for each application or system platform
• Engage in capacity planning, workload monitoring, optimization analytics and right-sizing of Microsoft on-Hyper-V, Azure and VMWare virtual infrastructure using CiRBA and System Center Capacity Planner
• Deploy, configure and expand Hypervisor clusters running Hyper-V 2008/2012 R2 and VMware vSphere/ESXi
• Utilize Virtual Machine Manager 2012 R2 to provision and manage hypervisors, VMs, logical networks, SDN, virtual Fiber Channel (FC) and fabric resources.
• Design and implement Exchange 2013 & Office 365 high availability and recovery infrastructure, message transport, archiving, client access, and legal compliance/eDiscovery. Define DLP Policy templates.
• Provision on-premises, DR, and Azure-based VMs. Perform cross-site, local and cloud-destined P2V and V2V migrations.
• Manage AD DS and Azure AD, DNS and DHCP services in a multi-forest, network segmented environment. Support Kerberos/LDAP authentication with in-house applications and troubleshoot authentication issues.
• Use of Cisco UCS (Unified Computing System) as the central data center server platform and Hitachi VSP (Virtual Storage Platform) as the core enterprise storage system for hosting Hyper-V/VMWare based virtual infrastructure
• Configure and troubleshoot Cisco Fabric interconnect, Nexus switch and IronPort configurations and states
• Leverage PowerShell (v2-v4) for automating deployments, streamlining migrations, as well as managing hypervisors, clusters, Exchange/AD and Azure tenancy
• Administer IIS 6-10 - manage application pools, sites and authentication, configure website security and SSL, FTP, setup Web Farm using NLB and ARR, monitor performance
• Design and build-out core Windows solutions including Failover Clusters, Classic and Scale-Out File Servers (SMB 3.0), DFS, NLB, RDS, HA Printing, and load-balanced DHCP for critical application, user and database services
• Deploy packages and updates using Shavlik and System Center Configuration Manager (SCCM)
• Support .NET, Java, Microsoft SQL Server and DB2 database server/cluster environments
Education
AWS Certified Advanced Networking – Specialty
AWS Certified Security – Specialty
AWS Certified Database – Specialty
AWS Certified Developer – Associate
Google Cloud Certified – Associate Cloud Engineer
Professionals who compete with Andrzej
Professionals offering similar services to those of Andrzej Komarnicki
Professionals in the same Technology / Internet sector as Andrzej Komarnicki
Professionales offering Kubernetes services
Professionales offering Google Cloud Platform services
Professionales offering Amazon S3 services
Professionales offering Amazon EC2 services
Professionales offering Windows Server services
Professionales offering Redis services
Professionales offering AWS Lambda services
Professionales offering AWS Solutions Architects services
Professionales offering Powershell services
Professionales offering MySQL services
Professionales offering CI/CD Engineers services
Professionales offering Python services
Professionales offering GitHub services
Professionales offering Nginx services
Professionales offering Express.js services
Professionales offering AWS IAM services
Professionales offering Apache Kafka services
Professionales offering Terraform services
Professionales offering Gitlab services
Professionales offering Node.js services
Professionales offering Amazon Web Services services
Professionales offering Ansible services
Professionales offering AWS DevOps Engineers services
Professionales offering Docker services
Professionales offering Git services
Professionales offering PostgreSQL services
Professionales offering AWS Operations Engineers services
Professionales offering Linux services
Professionales offering Jenkins services
Professionales offering Typescript services
Professionales offering NestJs services
Professionales offering MongoDB services
Professionales offering AWS CLI services
Professionales offering Active Directory services
Professionales offering Serverless services
Professionales offering AWS Developer services
Professionales offering Amazon DynamoDB services
Professionales offering AWS CloudWatch services
Professionales offering Bash services
Jobs near Toronto, Ontario
-
sous-chef
Found in: Talent CA 2 C2 - 3 days ago
Paradise Grapevine Toronto, CanadaEducation: Secondary (high) school graduation certificate · Experience: 2 years to less than 3 years · Work site environment · Hot · Work setting · Restaurant · Urban area · Tasks · Supervise activities of specialist chefs, chefs, cooks and other kitchen workers · Create new reci ...
-
Illustrator and Designer
Found in: beBee Professionals CA - 6 days ago
Direct apply
BeBee Professionals is looking for an experienced Illustrator and Designer to join our team in Mississauga. The ideal candidate should have a minimum of 3 years of experience in the field, a strong portfolio of work, and a passion for creating high-quality visuals. · The successf ...
-
butcher, retail
Found in: Talent CA 2 C2 - 10 hours ago
2213256 Ontario Ltd Halton Hills, CanadaEducation: · Expérience: · Education · No degree, certificate or diploma · Work site environment · Odours · Work setting · Butcher shop · Wholesalers · Tasks · Clean meats to prepare for processing or cutting · Cut, trim and prepare standard cuts of meat · Wrap and package prep ...