Andrzej Komarnicki

I have 18 years of combined tech industry experience in Manager/Lead, Architect and Engineer roles. 

Expertise in Infrastructure-as-Code, Cloud Security and DevSecOps, Cloud Networking, Cloud Databases, Containers and K8s, Serverless, CI/CD and Monitoring/Logging.

Bishop Fox – Tempe, AZ 

05/2023-present 

Senior DevOps Consultant 

(remote contract) 

DevOps Engineering and Platform Development for Cosmos Continuous Penetration Testing Platform. Platform is hosted on AWS and pulls data from customer environments (AWS, GCP, Azure and Cloudflare) using Cloud Provider APIs and domains/subdomains.  

Acting as the DevOps and Cloud SME embedded within the Discovery development team, working with backend developers, cloud engineering, operations and customer teams to design, test, develop, deploy and support new platform features and capabilities.  

Work on developing and deploying Cloud Connectors for Cosmos Platform which are running on Amazon EKS (Kubernetes) with container workflows orchestrated by Argo Workflows and written in Python and Bash (AWS, GCP, Azure cli commands)  

Cloud Connector API and Hawkeye DB processor/formatter developed and supported using Go 

Ironman internal operations platform runs on Amazon ECS using Node.js (Express.js) and React 

Troubleshoot IAM/security/network integration issues between our AWS production environment and customer cloud environments/accounts 

Designed and implemented customer solution for AWS multi-cloud integration with GCP and Azure using Workload Identity Federation  

CI/CD and declarative infrastructure using GitHub Actions and Helm. GitOps implementation with Argo CD. 

Develop automation for platform customers using AWS CloudFormation Stacks, StackSets and Terraform templates/modules 

Utilize Terraform Workspaces for AWS, Google Cloud and Azure environment orchestration 

Postgres databases hosted and managed on Amazon Aurora 

Using both Amazon API Gateway and Kong API Gateway hosted on EKS, with authentication handled by Auth0 

Manage Golang, Python and Node.js platform service operations running on Kubernetes (EKS), Amazon ECS and AWS Lambda 

Monitoring and Logging using Prometheus, Grafana, Amazon CloudWatch and Amazon OpenSearch 

S3 Data Lake with Athena queries, DynamoDB database leveraged for developing new services  

Utilize RabbitMQ for message brokering/queuing and Kafka for event streaming 

Wellington-Altus – Toronto, ON 

07/2022-02/2023 

Senior AWS Cloud Engineer 

(remote contract) 

Greenfield Cloud-Native Data Platforms project entailed AWS Landing Zone creation, development of Serverless functions and APIs, Batch & Real-Time Data Ingestion architecture, Glue ETL, Redshift Data Warehousing and Gitlab CI/CD design and build-out on AWS with Azure integration for Power BI end-users.  

Multi-account architecture provisioned using AWS Control Tower, Organizations and SSO – using Shared Services VPC reference architecture.  

Gitlab CI deployment to EC2 RHEL 8, RDS Postgres and ElastiCache Redis with Terraform and Ansible. GitLab Runners hosted on Amazon EKS (Kubernetes). 

Provisioning, optimization and development of AWS Lambda functions, API Gateway resources and Cognito User/Identity Pools using AWS CDK (TypeScript) 

Deployed and managed ECS Fargate cluster, ALB, S3 Static Site and CloudFront CDN for React Mobile Web app. AWS PrivateLink integration to private APIs hosted on Amazon API Gateway across AWS account.  

AWS private network integration with Azure over AWS Transit Gateway and Cisco Cloud Services Router (third-party transit point) 

Azure AD SAML integration with AWS IAM Identity Center and Cognito for SSO and API Authentication 

Developed Lambda Authorizer for use with Cognito and Amazon API Gateway using Node.js.  

Redshift cluster deployment through Terraform module with Enhanced VPC Routing, Automatic Recovery and authentication profiles 

AWS Transit Gateway deployment, secured by AWS Network Firewall for East-West traffic 

SFTP deployment with AWS Transfer Family, secured by AWS Network Firewall for North-South traffic 

AWS Transfer Family custom file-processing workflows for uncompressing and decrypting files in S3 enabled with Terraform, AWS CDK, and AWS Lambda (Python openpgp library) 

Provisioning of Kinesis Data Streams and Kinesis Firehose cloud resources to handle Avro payloads  

Amazon MSK (Kafka) cluster buildouts and integration with AWS Lambda ESM (Event Source Mappings) 

AWS Glue Job, schema and crawler provisioning and VPC connectivity/interfaces 

Defined EventBridge (CloudWatch Events) rules to trigger AWS Lambda based upon Glue Job state changes, event data sent to Kafka 

Deployed Amazon OpenSearch cluster for Application and Infrastructure dashboards and logs  

AWS Client VPN deployment into Shared Services VPC, with connectivity through to other accounts over Transit GW, Authentication backed by AWS Directory Service – Active Directory 

Amazon Workspaces secured by AWS Network Firewall filtering of internet traffic 

Deployment of Windows Server 2022 EC2 instances using Terraform and configuration management with Powershell 

Rocket Financial Inc. – Toronto, ON/Aventura, FL 

02/2020-05/2022 

Head of DevOps & SRE 

(permanent) 

Fintech SaaS startup offering distributed Spring Boot Microservices-based API and Web solutions for B2B and B2C.  

As the first DevOps Engineer in the company, I handled the entire Cloud Architecture and DevSecOps solutioning end-to-end, designing and implementing everything from scratch (greenfield) according to PCI DSS 3.2.1 Level 1 compliance requirements.  

I hired, coached and managed a team of 6-8 Senior DevOps Engineers, Site Reliability Engineers (SREs) and Database Engineers in delivering robust and secure DevSecOps solutions on AWS for brands/products under Rocket Financial. I worked closely with the backend, frontend, data engineering, BI (business intelligence), QA and product teams on a regular on-going basis.  

Solutioned and implemented greenfield Dev/QA/Sandbox/Production environment buildouts using Terraform, Bash and AWS CDK on AWS. Passed external/internal penetration testing and achieved externally audited PCI DSS 3.2.1 Level 1 compliant Cloud Architecture. 

Leveraged AWS Control Tower, Organizations, Security Hub, Amazon Detective, CloudTrail, Amazon GuardDuty and Amazon Inspector for end-to-end cloud security, compliance and governance 

Secure Amazon EKS cluster deployments using Terraform module, Ambassador Edge Stack deployed as cluster ingress controller and fronted by Amazon API Gateway private integration (VPC Link) via NLB 

Architected Kubernetes (Amazon EKS) pod and control plane logging/alerting solution for non-prod environments using EFK stack – Elasticsearch, Fluent Bit, and Kibana 

Amazon RDS Postgres multi-AZ databases, extensions, roles etc. managed by Terraform Provider for PostgreSQL  

Eventually expanded to multi-region architecture with Amazon EKS and migration from RDS to Amazon Aurora PostgreSQL 

Amazon MSK deployments for Kafka clusters with microservice Kafka event producers running in Kubernetes, broker connectivity secured in-transit with SSL/TLS, encryption used for data at rest 

Amazon Redshift, Amazon Elasticsearch/OpenSearch Service and ElastiCache Redis cluster deployments, scaling, security and cost optimization 

Integrated DataDog for production monitoring, logging and alerting of Amazon API Gateway, AWS WAF, CloudFront, EC2, NLB, EKS, MSK (Kafka), Flink, Istio, Ambassador, Neo4j and RDS Postgres 

Custom metrics, security monitoring and alerting solutions deployed in Dev/QA/Prod environments entail use of CloudWatch, EventBridge, Prometheus, Grafana, AWS Lambda (Node.js and Python) and AWS CDK (TypeScript) 

Supporting Business Intelligence Dashboard and SQL warehouse on Google Compute Engine, GKE, Google Cloud SQL, Cloud Storage, BigQuery, Dataproc and Node.js Cloud Functions. 

Amazon Kinesis Data Streams, Kinesis Data Firehose and AWS Glue job provisioning and orchestration. Oversaw development of custom BI CI/CD solution for AWS Glue ETL and Apache Flink data jobs. 

Designed Cloud-Native CI/CD solution for Spring Boot microservices from scratch using AWS CodeBuild, Bash, Terraform, Spinnaker, Nexus, Maven and Jib 

Angular frontend CI/CD done fully with AWS CodeBuild, Bash, Terraform, npm, S3, and hosted statically on S3/CloudFront 

Deployed AWS Network Firewall with Suricata rules and AWS WAF with AWS Managed Rules for protecting North-South traffic and APIs 

Istio service mesh deployed in all K8s clusters for observability of workload telemetry/topology using Kiali, distributed tracing with Jaeger and integration with Ambassador for ingress 

Planning and design of migration from Spinnaker Continuous Delivery to Argo CD with GitOps for EKS multi-cluster management and deployments 

Keycloak clusters deployed on EKS for application API authentication and authorization with HA and Auto Scaling support 

Highly Available Neo4j graph DB Causal Cluster built-outs using vendor AMIs with encryption and FIM (File Integrity Monitoring)   

Apache Flink cluster buildouts on Ubuntu EC2 instances and scaled with ASG (Auto Scaling Group). 

Deloitte Canada – Toronto, ON 

01/2019-10/2019 

Lead DevOps Developer  

(contract) 

Achievements: 

             • Introduced and implemented DevOps and DevSecOps best practices using Amazon CloudWatch Events, Logs & Alarms, CloudTrail, Terraform-based IaC (Infrastructure-as-Code), and AMI/Docker CIS compliance/security hardening for InsurCloud platform instances and containers 

             • Solutioned and deployed Docker Swarm clusters for Spring microservices exposed through HAProxy and AWS NLB 

             • Designed, built, and deployed a robust SRE architecture for container and application metrics monitoring using Docker Swarm stacks, cAdvsior, Micrometer (Spring metrics), Prometheus, and Grafana 

             • Designed and implemented Transit Gateway (TGW) with Hub and Spoke VPC architecture for attaching multiple VPCs and VPNs, both intra-organization and cross-organization, for East-West and North-South use cases with Palo Alto VM-Series and Aviatrix Orchestrators 

        • Successful InsurCloud platform production go-live for Commonwell Mutual Insurance Group

Responsibilities: 

• Lead DevOps resource on AWS-based Deloitte InsurCloud Platform project for insurance industry incorporating Guidewire containers and custom Spring microservices, as well as tight integration with customer AWS accounts and Hybrid Cloud use cases 

• Role entails AWS-based DevOps, Hybrid Cloud Networking and Cloud Engineering responsibilities  

• DevOps and IaC (Infrastructure as Code) tooling includes AWS Systems Manager, Terraform, Packer, Consul, CloudFormation, Ansible, Jenkins, Nexus, Docker, Docker Swarm, Powershell, Bash, and BitBucket 

• Container builds/deployments using Multi-Stage Dockerfiles, Docker Compose and Docker Swarm stacks 

• Configuration and management of Jenkins build and deploy CI/CD pipelines for Docker containers using OpenJDK, Spring Boot, Maven and Gradle 

• Utilized git forking workflow with feature branches and pull requests for Terraform. Terraform plan/apply jobs run within Jenkins pipelines for pre-prod and production AWS environments. 

              • Cloud development and automation using AWS Lambda, Node.js, AWS CDK (TypeScript), Python Boto3, Amazon API Gateway, DynamoDB, CloudFront, SQS, SNS, and Kinesis 

• Implemented centralized container logging and monitoring using CloudWatch, Prometheus, and Grafana 

• Exposed Spring Boot microservices metrics to Prometheus via Micrometer and Spring Actuator 

• Deployment, configuration and management of AWS Systems Manager Agent and CloudWatch Agent  

• CIS-compliant AMI builds and deployments for Amazon Linux, Ubuntu, RHEL and Windows Server using HashiCorp Packer and Terraform 

• Database management and administration using Amazon RDS PostgreSQL, Amazon DynamoDB and MSSQL on Docker and Windows Server clusters 

• AWS network engineering including VPC Peering, Transit Gateways, AWS Site-to-Site VPN, Transit VPCs, Hub VPCs, Palo Alto VM-Series, HAProxy, Aviatrix Controller & Gateway, ELBs, NAT Gateways, Internet Gateways, OpenVPN and VPC endpoints/gateways/interfaces 

• Managed AWS Directory Service for Microsoft Active Directory 

• Secrets Management and storage using AWS Secrets Manager, Systems Manager Parameter Store and HashiCorp Vault 

• TLS/SSL Certificates and Encryption using AWS Certificate Manager, AWS KMS (Key Management Service), and HashiCorp Vault  

• Cloud security and threat management utilizing IAM, AWS GuardDuty, AWS Config, AWS WAF, AWS Security Hub, and AWS Organizations 

Pythian Group – Ottawa, ON  

10/2017-10/2018 

DevOps Architect  

(permanent) 

Achievements: 

              • All milestones achieved for Persado multi-region HA expansion using inter-region VPC Peering on AWS 

              • Solutioned and deployed Amazon EKS (Elastic Kubernetes Service) for containerized workloads at Swift Medical according to HIPAA standards 

              • Designed and built multiple AWS and GCP environments from scratch with end-to-end CI/CD pipelines and IaC 

              • Developed and implemented Express.js REST API with authentication and authorization for Astound Group’s event platform 

Responsibilities: 

• Design, code, build, deploy and manage secure and compliant Cloud-Native solutions end-to-end in the area of instances, CI/CD, containers, clusters, databases, configuration management, orchestration, serverless and APIs 

• Foundational infrastructure and application design using AWS Well-Architected Framework  

• AWS EC2/VPC/IAM/Route53/S3/RDS environment setup, automation, orchestration using Terraform, CloudFormation, Ansible, and Bash 

• Setup of CI/CD pipeline components for Jenkins, Spinnaker, Nexus, Concourse CI, GitLab CI, AWS CodePipeline, AWS CodeBuild, AWS CodeDeploy, Amazon ECR, Google Cloud Build, Google Container Registry and Kubernetes manifests/helm charts 

• Design, build, secure and manage clusters/workloads running on self-managed Kubernetes (Kops), Amazon EKS (Amazon Kubernetes Service), and Amazon ECS 

• Google Cloud Platform (GCP) VPC, IAM, Compute Engine and GKE environment setup, automation, and orchestration using Terraform 

• AWS network engineering including VPC Peering, Site-to-Site VPN, Transit VPCs, ELBs, NAT Gateways, Internet Gateways, Client Access VPN, VPC endpoints, and bastion hosts 

        • Utilize AWS Systems Manager for instance inventory, compliance, automation, patching and remote execution 

• Deploy, configure and optimize Amazon Elasticsearch Service with Kibana and Logstash 

• Solution, migrate and support SQL and NoSQL databases/caches in the cloud - including MongoDB, PostgreSQL, Redis, MySQL, Amazon RDS, and Amazon DynamoDB 

         • Serverless development using Node.js on AWS Lambda with API Gateway, SQS, SNS, SES, and DynamoDB 

• Solution and implement object storage using AWS S3, CloudFront, Akamai, and Cloudflare 

• Secrets management using Hashicorp Vault, AWS Secrets Manager, Parameter Store with AWS KMS 

              • Design and implement network and load balancing solutions using NGINX, HAProxy, AWS Elastic Load Balancers (ALB/NLB), AWS WAF, Google Load Balancing 

• Monitoring, compliance (SOC I/II, CIS, PCI, ISO, HIPAA) and security on AWS using Security Hub, Config, CloudTrail, CloudWatch, and GuardDuty 

              • Big data, streaming, interactive data querying and analytics using Amazon Kinesis, Athena, EMR, and Redshift, Google BigQuery 

BlazeClan Technologies – Toronto, ON 

12/2016-09/2017 

DevOps Systems Architect  

(contract) 

Achievements: 

            • Successfully completed discovery and migration of Pizza Hut International Online Ordering platform to AWS, running mostly on Windows Server and .NET 

       • Migrated Atrium’s Linux-based infrastructure to AWS and their PostgreSQL databases to Amazon RDS 

       • Successfully migrated St. Joseph Communications to AWS Elastic Beanstalk for majority of their client web portfolio 

Responsibilities: 

• Performed data center discovery and scoping of project requirements/phases on-site or remotely, most work done remote 

              • Designed/implemented greenfield solutions and planned migrations to AWS using services such as AWS Database Migration Service, RDS, EC2, Elastic Beanstalk, ECS, ECR, Elasticache, S3, Route53, Cloudfront, IAM, AWS WAF, CloudFormation, SES and  

         • Deployed and administered self-managed Kubernetes clusters on EC2 using Kops and Terraform 

         • Architected and implemented multi-VPC AWS solution including a Security VPC that served as the point-of-entry via a secure Server 2012 RD Gateway/Farm. Utilized VPC Peering, S3/SSM Endpoints and Ingress/Egress data controls – including AWS WAF for inbound and Squid Proxy for outbound web filtering 

• Implemented majority of AWS configuration management and orchestration via Terraform, CloudFormation and Ansible 

              • Utilized git repos such as BitBucket, GitHub, GitLab, and AWS CodeCommit 

• Worked with client-side Infrastructure resources to create .NET IIS and PHP Web Server Golden AMI Images deployed via EC2 Auto Scaling Groups with Launch Configurations 

• Leveraged AWS Database Migration Service when migrating on-prem MySQL clusters to Amazon RDS MySQL, utilized AWS Elasticache as destination for migrating on-prem Redis 

• Solutioned, deployed and configured Amazon Elasticsearch Service with integrated Logstash and Kibana functionality 

• Utilized AWS Systems Manager and CloudWatch Logs for managing, monitoring, alerting and VPC flow log analysis 

Symcor Inc., Mississauga, ON 

05/2011-05/2016 

Technical Systems Lead  

(permanent) 

Achievements: 

• Provided end-to-end design, implementation and support services as sole Windows SME for a 3 year-long $6 million cost project affecting RBC, BMO, TD, and BNS 

• Drove Data Center migration project for Cisco UCS and Hypervisor/VM assets moving from downtown Toronto to Mississauga location, along with certain assets being moved to Azure 

• Successfully devised POC and implemented solution for allowing legacy IBM OS/2 systems to securely access file/print resources on member servers within a Server 2012-based AD resource forest via a down-level external NTLM trust 

• Successfully implemented upgrade of Server 2003 AD infrastructure to Server 2012 R2 AD DS across multiple forests, sites and domains 

Responsibilities: 

• Act as a Windows SME and project lead for investment projects throughout entire project lifecycle. Design, deploy and monitor Microsoft infrastructure components in Dev, QA, and Production environments by working closely with Dev/QA/Operations teams and the Solutions Architect 

• Gather, document, and articulate business and systems requirements into requirements specifications, including BCP/DR/HA provisions 

• Create security documentation and work with InfoSec on penetration testing for each application or system platform 

• Engage in capacity planning, workload monitoring, optimization analytics and right-sizing of Microsoft on-Hyper-V, Azure and VMWare virtual infrastructure using CiRBA and System Center Capacity Planner 

• Deploy, configure and expand Hypervisor clusters running Hyper-V 2008/2012 R2 and VMware vSphere/ESXi 

• Utilize Virtual Machine Manager 2012 R2 to provision and manage hypervisors, VMs, logical networks, SDN, virtual Fiber Channel (FC) and fabric resources.  

• Design and implement Exchange 2013 & Office 365 high availability and recovery infrastructure, message transport, archiving, client access, and legal compliance/eDiscovery. Define DLP Policy templates. 

• Provision on-premises, DR, and Azure-based VMs. Perform cross-site, local and cloud-destined P2V and V2V migrations. 

• Manage AD DS and Azure AD, DNS and DHCP services in a multi-forest, network segmented environment. Support Kerberos/LDAP authentication with in-house applications and troubleshoot authentication issues.  

• Use of Cisco UCS (Unified Computing System) as the central data center server platform and Hitachi VSP (Virtual Storage Platform) as the core enterprise storage system for hosting Hyper-V/VMWare based virtual infrastructure 

• Configure and troubleshoot Cisco Fabric interconnect, Nexus switch and IronPort configurations and states 

• Leverage PowerShell (v2-v4) for automating deployments, streamlining migrations, as well as managing hypervisors, clusters, Exchange/AD and Azure tenancy 

• Administer IIS 6-10 - manage application pools, sites and authentication, configure website security and SSL, FTP, setup Web Farm using NLB and ARR, monitor performance 

• Design and build-out core Windows solutions including Failover Clusters, Classic and Scale-Out File Servers (SMB 3.0), DFS, NLB, RDS, HA Printing, and load-balanced DHCP for critical application, user and database services 

• Deploy packages and updates using Shavlik and System Center Configuration Manager (SCCM) 

• Support .NET, Java, Microsoft SQL Server and DB2 database server/cluster environments 

AWS Certified Advanced Networking – Specialty 

AWS Certified Security – Specialty 

AWS Certified Database – Specialty 

AWS Certified Developer – Associate 

Google Cloud Certified – Associate Cloud Engineer