Maxim Onyx

Summary

I am an end-to-end engineer with six years of experience, a knack for identifying and solving problems others often overlook, and a deep passion for automation and practical solutions. I leverage AI-assisted coding to extend my expertise beyond SRE and platform engineering, contrary to arrogantly staying away with “I can do everything on my own” mindset. In addition to staying up to date with technology, I prioritize self-development - gym, 5am club, books (engineering, business, philosophy ), private art classes, writing medium articles. My most recent live talk at CNCF Vancouver - link

Certifications

Credly link

• AWS Certified Solutions Architect – Professional - Issued Dec 2022
• AWS Certified DevOps Engineer – Professional - Issued Nov 2022
• AWS Certified Advanced Networking – Specialty - Issued Nov 2024
• CKA: Certified Kubernetes Administrator - The Linux Foundation - Issued Nov 2020 (renewed)
• CKS: Certified Kubernetes Security Specialist - The Linux Foundation - Issued Feb 2022
• Terraform Associate - Hashicorp - Issued Dec 2021 (renewed)
• CCNA - Cisco - Issued Sep 2020
• AWS Certified SysOps Administrator – Associate - Issued Feb 2022
• AWS Certified Solutions Architect – Associate - Issued Oct 2021 - Expires Oct 2024
• Microsoft Certified: Azure Fundamentals - Microsoft - Issued Oct 2023
• JavaScript Advanced - IT Education Academy (ITEA) - Issued Aug 2019
• Python Django dev - IT Education Academy (ITEA) - Issued Mar 2019
• Certified Calico Operator: Level 1 - Tigera - Issued Nov 2022

Experience

Senior DevOps Engineer (embedded)

Mimecast

Security SaaS with various products for Enterprises

Feb 2024 - Present

• It was a green field project after our startup was acquired.
• On-calls, deployment support, driving operational excellence for a team of 10 developers.
• Mentoring and guiding developers team members to enable self-devops and efficiency.
• Ownership over AWS infrastructure (as a code), CI/CD, Kubernetes (Helm).
• Configured a simple (without frameworks), maintainable, scalable Terraform structure. More about this in my Medium article.
• Configured a secure, simple to maintain Jenkins projects structure.
• Created a reusable helm-generic-chart.
• Introduced devcontainers - Improved onboarding time and dev environment stability.

DevOps Engineer (single)

Elevate Security (acquired by Mimecast)

Employee-risk management startup

Nov 2022 - Dec 2023 (1 year 2 months)

• Owned Terragrunt/Terraform code, AWS infra, CI/CD (GitHub, CircleCI, ArgoCD, Helm, EKS), Monitoring (Datadog), DevEx.
• On-calls, deployment support, SOC compliance (Snyk, Vanta), onboarding.
• Quickly picked up an inherited tangled codebase - owners left long before me. Re-wired infra and other code to a multi-region setup within 2 months.
• Initiated adoption of on-demand development environments (GitHub Codespaces) by overcoming initial resistance from developers, who ultimately embraced the proposal for its efficiency and convenience in dev environment management.
• Built an internal UI tool from scratch for synchronizing infrastructure, using Flask and React. This is frontend for Terragrunt significantly reduced weeks of work previously spent on - managing infrastructure code. Stack: Flask, React, Redux.
• Implemented Semantic Versioning and artifact promotion practices, resulting in faster deployments.
• Improved observability (Datadog) - logs quality, removed alerting blind spots, instrumented a business-critical service with APM.
• Wrote a unified CI/CD pipeline for 20+ services in CircleCI.
• Managed Kubernetes operators such as Traefik, Keda, Cert-manager, Secret-manager, and External- dns, optimizing cluster operations and services.
• Worked with a range of AWS services, including RDS, DynamoDB, S3, SSM, EC2, EKS, IAM, SQS, SNS, Lambda, Route53, VPC, KMS, and Cognito, to build and maintain cloud-native solutions.

DevOps Engineer

SHALB

DevOps-as-a-Service company

Dec 2021 - Jul 2022 (8 months) At SHALB, embraced a dynamic role with a new challenge and skillset every 3 months, delivering tailored DevOps services to partners with diverse toolsets.

• Managed infrastructures across multiple clients, including AWS cloud and on-premise RHEL environments, blue and brown field projects
• Extensively used Kubernetes, Terraform and common AWS-managed services, like EC2, VPC, EKS, Route53, CloudFront, API Gateway, Lambda, S3, KMS, SSM, SNS, SQS, IAM, RDS, DynamoDB, ElastiCache, ECS, and ECR.
• Quickly self-onboarded to new and existing clients.
• Working wide variety of tools horned my ability to identify the right tools and determine when and how to use them effectively… ArgoCD, helmfile, Datadog, Prometheus, Grafana, ceph-rook, Loki, Velero, kubespray, Terraspace, Checkov, OpsGenie, Packer, CircleCI, Jenkins, TravisCI, and GitLabCI, MiniIO and probably more…
• Learned from great engineers.

Senior Automation Engineer

Illumin (AcuityAds Inc.)

AdTech

Nov 2020 - Mar 2022 (1 year 5 months)

• Remote Operations over 400 bare metal and virtual hosts in on-premise private cloud (VMware) across 3 regions. Prepared hard drives for HDFS, configured LVM, IP addresses, network interface teaming, firewall, NTP, and DNS . Manually and with Ansible.
• Reinstalling OS on physical hosts using BMC interface. Initially manually, later via automatically via PXE protocol with Cobbler and Ubuntu MaaS.
• Provisioned VMs in VMware vSphere manually and later with Terraform.
• Configured VM images with Packer.
• Witnessed a DevOps transformation and hugely contributed to it with my automation efforts.
• Migrated fronted and backend workloads from Docker-compose to Kubernetes, and wrote Helm charts.
• Automated Kubernetes cluster installation with Ansible. Calico CNI, MetalLB, Rook Ceph.
• Fully automated an on-demand env bootstrap process by chaining these things into OctopusDeploy pipeline: Packer, Terraform, Windows DNS, Ansible, Kubernetes, Haproxy, reducing the provisioning time for a new QA environment from 3 months to just 1 day.
• Built an up-to-date hosts inventory with bash, nmap, ipmitool.
• Participated in implementing a complex Hadoop-in-Kubernetes setup via Ansible.
• Also administrated Windows AD, DHCP, DNS servers, NFS, Nexus, Haproxy, AzureAD, and Okta.
• PoC HashiCorp Boundary for human-to-machine authentication, that involved installing Vault and Consul for secrets management and service discovery. I used Terraform for that.
• Introduced Kubernetes SSO authentication, Rook CEPH storage for Kubernetes volumes
• Migrated deployments from Atlassian Bamboo to Octopus Deploy.

Ops/DevOps Engineer

Ministry of Finance of Ukraine

A fraud detection platform

Mar 2020 - Nov 2020 (9 months)

• Administered over 100 CentOS virtual hosts in a highly secure private network.
• Gained network experience by bypassing network constraints using SSH tunnels and HTTP proxies for effective remote access.
• Created the first up-to-date inventory using Ansible.
• Developed the ability to troubleshoot and solve problems independently when no help was available. Worked with technologies including Apache Mesos, Marathon, Docker, Zookeeper, Kafka, Nifi, Nginx, SAP databases, MongoDB, relational databases, Harbor, Nexus, Prometheus, Grafana, Zabbix, and GitLab Enterprise.
• Maintained a large-scale, in-house data analytics platform with significant technical debt and outdated documentation.
• Re-installed Zabbix monitoring, configured alerts, dynamic host discovery, wrote a custom Nginx monitoring script in Python.
• Re-installed ELK stack as a HA installation, configured a comprehensive logs collection from Apache Mesos, standardized logs format, created custom dashboards.
• Installed Gitlab CI agent, configured a CI/CD pipeline.

Monitoring and Support

AM-BITS LLC

IT Solutions company - Big Data, AI, ML і IoT on premises

Oct 2019 - Feb 2020 (5 months)

• Provided L1-L3 technical support on an on-call basis, ensuring timely resolution of complex technical issues.
• Gained initial exposure to Big Data, Apache Hadoop components, Cloudera, AWS, VMware vSphere, and Ansible, expanding my skill set in data management and cloud computing.

Projects

🚧

DevMode 2025

A command-line interface (CLI) tool that lessens the dependence on a local dev environment - quicker onboarding, less dev toil. It compliments VS Code Kubernetes extension. It enabled developer to create a copy of existing pod in an existing command, but it also automatically attaches a PV, Ingress, elevates privileges and other. A new pod is called “workspace”. Developing directly in EKS cluster provides a greater parity with production compared to any local alternatives like devcontainers, docker-compose or Minikube etc. As a result - less debugging, absolutely no time wasted on a local development setup toil.

Stack: Python (Fire, Kubernetes client)

Status: in production use

devmode

a month ago

🌔

Terragrunt Dashboard 2023

An internal tool UI+API that facilitates tracking Terragrunt stacks statuses preventing infrastructure drift.

Stack: Python (Flask), JS (React, Redux), boto3 (S3, DynamoDB).

Status: In production use

terragrunt-sync

10 months ago

💼

Job Parser 2020

It helps one be the first applicant for new job openings.

It is a background job which parses job aggregator websites every 15 mins, updates the databases with new openings, notifies in Telegram.

Stack: Python (Selenium, beautifulsoup4, telegram-bot), Postgres, ElasticBeanstalk

job_parser

2 months ago

Status: outdated

Education

Kyiv National Economics University (Ukraine)

Bachelor's degree - Human Resources Management, Personnel Administration

2011 - 2016