DevOps Engineer
2023 — Present
Keel Digital · HIPAA-regulated telehealth SaaS
-
Led a 14-server migration from DigitalOcean droplets to
OVHcloud bare-metal (Proxmox VE) — vendor analysis, Debian selected for a
minimal OS footprint, full disk images transferred over SSH, Ansible to
remediate networking post-migration. Designed a NAT gateway topology that
removed public interfaces from every dev VM, cutting attack surface and
saving ~$18,000 CAD annually.
-
Built an OpenSearch SIEM from the ground up: Fluentbit log
ingestion with PII/PHI filtering, Lambda-based automated alerting, and custom
Sigma rules targeting authentication and authorization threats.
-
Maintain Terraform IaC across multiple AWS accounts and 26 modules
(ECS, S3, IAM, KMS, RDS, VPC, SageMaker); built a new AWS Comprehend module
from scratch integrating S3, KMS and IAM.
-
Extended GitHub Actions CI/CD across multiple repos — Trivy scanning as
a build gate, parallel multi-service builds, multi-brand matrix builds
producing per-brand images; deploys to ECS via automated task definition
updates and to dev via SSH through a bastion host.
-
Administer a self-hosted OAuth/SSO platform serving thousands of users
across US/CA production — client and scope management, auth flows, delegated
admin groups, Zabbix alerting on auth failures. Manage least-privilege IAM
across 16 environments.
-
Rapid Response Team — 10+ production incidents; traced one
degradation to database connection-pool exhaustion via Elastic log analysis
and coordinated remediation.
-
Deployment Team — release cycles for 40+ containerized services
across US and Canadian production, biweekly, with out-of-band releases for
vulnerability fixes.
-
Contributed to the FedRAMP Moderate authorization effort —
implemented controls spanning S3 encryption at rest, audit logging, network
segmentation, access control and CI/CD hardening.