Andrew Osipov
Verified Expert in Engineering
Software Developer
Andrew是一个非常积极、多才多艺、熟练的DevOps和DevSecOps. 他使用经济高效的方法交付了许多大型基础设施实现. Andrew excels in high load, availability, and security using AWS, Kubernetes (EKS), and Terraform, 实现基础设施即代码和配置即代码的方法. Andrew is also brilliant at managing compliance, security, 以及全公司的健康和支付数据文档(HIPAA和PCI DSS).
Portfolio
Experience
Availability
Preferred Environment
Amazon Web Services (AWS), IT Security, CI/CD Pipelines, Linux, HIPAA Compliance, PCI DSS, DevSecOps, DevOps, Terraform, Kubernetes
The most amazing...
...我所做的项目是帮助MDDX被Bioclinica收购的项目, after hard work and successful HIPAA and FDA audits.
Work Experience
DevOps and DevSecOps Engineer
Softpay
- 使用Terraform执行PCI-DSS兼容的AWS基础设施即代码, packer, Elasticsearch, Cognito, Inspector, Guardduty, Fluentd, OSSEC, Wazuh, Nginx, many others of the AWS services.
- 将容器基础设施作为代码实现,并与Kubernetes (EKS)一起工作, Fluentd, Fluent Bit, Istio, and Docker.
- Accomplished numerous security reviews and hardenings. 使用Terraform(符合PCI-DSS)部署的代码实现安全VPN, multi-node cluster, and integrated Google MFA).
DevOps and DevSecOps Engineer
Orthodox Union
- 开发现代系统架构,实现Amazon Web Services和EKS基础设施.
- 处理AWS上大多数服务(Terraform和CloudFormation)的云安全和合规配置.
- Implemented EKS (local environment with minikube, development, staging, 以及生产集群),包括性能监控和事件管理实现.
- 执行Kubernetes安全加固、基于角色的访问控制(RBAC)和秘密管理.
- 使用CircleCI实现无停机和用户中断的CI/CD.
- Reviewed compliance requirements and mapped them to the current security state; handled PCI, DSS, SAQ, D, and security.
- Implemented missing security controls, such as vulnerability assessments, VPN, WAF, SSO, secure SDLC, event management, proper roles, access matrix, and others.
DevOps and DevSecOps Engineer
MDDX Research and Informatics (acquired by Bioclinica)
- 领导和管理两名承包商,负责以下职责:系统运营, 24-hour support, monitoring, HIPAA compliance documentation, and execution of different check-ups.
- 实现Amazon Web Services云基础设施,包括集成基础设施即代码方法,实现云安全性和HIPAA合规性(HITECH和FDA 21 CFR PART 11).
- 执行初始Kubernetes设置可持续的非常高的峰值. 配置Kubernetes事件管理,监控,多环境,额外的安全性.
- Integrated vulnerability assessments and fixes, system security hardenings, CIS compliance, security policies, FW, WAF, IPS, HIDS, VPN, integrity controls, file encryptions, security and event management, secure SDLC, and network security.
- Developed backup plans, business continuity & 灾难恢复计划,致力于性能修复并实现了显著的成本优化.
- Implemented numerous custom solutions using Shell and Python scripting; extensively used regular expressions.
Tech and Security Lead
ОАО «Электронная Москва
- Led and managed a small engineering team (2-3 persons); organized the work with more than ten contractors which included assignment tracking, standups, report reviews, action plans, and results tracking.
- 为不同的企业级项目设计体系结构并实现复杂的子系统. (设备机架120余架,裸金属服务器500余台).
- Implemented various systems including firewalls and VPNs, intrusion prevention, vulnerability assessment, security, information, event management, IAM, and WAF.
- 执行漏洞扫描并创建业务连续性、灾难恢复和备份计划.
Lead Information Security Specialist
CJSC Svyaznoy Bank
- Implemented and maintained complex IT systems and applications; organized and managed work with about ten contractors.
- Worked on the bank's compliance; did penetration testings, log analysis, forensic investigations, and reporting. 这项工作为新的安全基础设施提供了基础.
- Implemented various subsystems including firewalls and VPNs, content filtering, proxy, anti-spam, anti-virus, data and access protection systems, and the implementation and integration of security policies.
Lead Information Security Engineer
CJSC Verysell
- 定义IT和信息安全项目的技术和组织需求.
- Designed the architecture for complex information systems.
- Implemented various setups including firewalls, different Linux environments, different Windows Server setups, HSM, AV protections, Cisco projects, and intrusion detection systems.
System Administrator
IBS Datafort
- Implemented various Linux and Windows Server setups.
- 维护系统,执行监控和事件管理.
- 实现Jira任务管理,包括记录保存和解决紧急事件.
Experience
OpenVPN Setup with MFA (Terraform, Ansible, and Packer)
http://github.com/accesskeeper/openvpn-pcidss-terraformSteps:
1. Created an AWS AMI image using Packer.
2. Generated offline CA, server, and client keys.
3. Deployed the infrastructure using Terraform, which creates S3 buckets, instances, IAM, security groups, 并在实例上运行AWS系统管理器(Ansible Playbook).
By default, it creates one master and one slave node. 可以稍微调整代码以创建一个主服务器和多个从服务器.
Camping Site That Can Handle High-load Spikes
http://campdror.comTerraform, Elasticsearch和Cognito项目与mfa兼容的PCI-DSS和HIPAA
http://github.com/accesskeeper/pcidss-elasticsearch-vpc-cognito为管理员和开发人员部署了两个角色,以访问各种日志流. It is possible to add more users for example security staff. It has 2-factor authentication configured with phone SMS. 所以当你创建一个隐姓埋名的新用户时,你需要提供你的号码.
此设置可用于支付和健康数据、安全性和应用程序数据日志.
Education
Master's Degree in Information Security
MEPhI |莫斯科工程与物理研究所-莫斯科,俄罗斯
Skills
Libraries/APIs
Node.js
Tools
Terraform, Packer, Fluentd, OSSEC, Amazon EKS, VPN, OpenVPN, CircleCI, Nessus, Ansible, Shell, Helm, Grafana, NGINX, PHP-FPM, Docker Compose, Splunk, Git, Amazon Cognito, AWS CloudFormation, AWS Systems Manager, GitLab CI/CD, Hyper-V, VMware
Languages
Bash Script, Bash, PHP, SQL, Python
Platforms
Kubernetes, Docker, Linux, Windows Server, Windows, Amazon Web Services (AWS), AWS Lambda, Amazon EC2, Unix, Burp Suite, Azure, DigitalOcean
Paradigms
DevOps, DevSecOps, HIPAA Compliance, Penetration Testing, Continuous Delivery (CD), Continuous Integration (CI), Management
Industry Expertise
Cybersecurity
Storage
MySQL, Amazon S3 (AWS S3), Amazon DynamoDB, Elasticsearch, MongoDB, MSSQLCE, PostgreSQL
Frameworks
Windows PowerShell
Other
Information Security, IT Systems Architecture, System Administration, Network Administration, IT Security, PCI DSS, Web Application Firewall (WAF), Vulnerability Assessment, IT Infrastructure, Shell Scripting, Vendor Management, Business Continuity & Disaster Recovery (BCDR), SIEM, Firewalls, Security Policies & Procedures, Data Protection, Intrusion Detection Systems (IDS), Prometheus, Host-based Intrusion Prevention, HAProxy, Vulnerability Management, AWS Cloud Architecture, Architecture, AWS DevOps, Linux Server Administration, Amazon Cognito User Pools, Linux Administration, Infrastructure, Security, Networking, Scripting, TCP/IP, Okta, Software Development Lifecycle (SDLC), CI/CD Pipelines, OWASP Top 10, Site Reliability Engineering (SRE), Performance Testing, Leadership, Amazon Kinesis
How to Work with Toptal
在数小时内,而不是数周或数月,我们的网络将为您直接匹配全球行业专家.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring