DevSecOps Engineer
Cloud Security & Infrastructure Architect
Specializing in secure cloud architecture, container security, and DevSecOps practices. Building resilient, compliant, and secure infrastructure at scale.
About Me
My journey in DevSecOps and cloud security
Xin chao, I'm
I'm a DevSecOps engineer with deep expertise in building secure, scalable cloud infrastructure. Over the years, I've evolved from systems engineering to specializing in the intersection of development, security, and operations—helping organizations implement secure by default practices.
My focus is on designing and implementing cloud-native security architectures, hardening Kubernetes clusters, establishing secure CI/CD pipelines, and ensuring compliance with industry standards. I believe security should be embedded in every layer of the infrastructure, not bolted on as an afterthought.
I'm passionate about infrastructure as code, automation, and reducing security risks through proactive threat modeling and continuous security scanning. When not securing infrastructure, you'll find me contributing to security-focused open source projects or speaking about DevSecOps best practices.
Areas of Expertise
What I specialize in
Cloud Security
Secure AWS, Azure, and GCP deployments with IAM, encryption, and compliance frameworks.
Kubernetes & Container
Hardening Kubernetes clusters, Red Hat OpenShift, container security, pod security policies, and RBAC.
Infrastructure as Code
Terraform, Ansible, CloudFormation, Helm, and GitOps for secure, repeatable deployments.
CI/CD Security
Secure pipelines with Jenkins, GitHub Actions, GitLab CI with Vault secrets management.
Database Security
SQL/NoSQL hardening, encryption at rest/transit, backup strategies, and disaster recovery.
Compliance & Auditing
OWASP, CIS benchmarks, HIPAA, PCI-DSS, SOC2, and automated security scanning.
Technical Skills & Tools
Cloud Platforms
- AWS (EC2, ECS, EKS, Lambda, RDS)
- Azure (AKS, App Service)
- GCP (GKE, Cloud Run)
- OpenStack (On-Premise Cloud)
Container & Orchestration
- Red Hat OpenShift + Plus
- Rancher RKE2/K3s
- Kubernetes
- Docker Compose
Infrastructure as Code
- Terraform
- Ansible
- CloudFormation
- Config as Code
CI/CD & Automation
- Jenkins (Groovy)
- GitLab CI
- GitHub Actions
- ArgoCD
- Tekton
Security & Secrets
- HashiCorp Vault
- Kyverno
- Red Hat ACM & ACS
- SAST/DAST
Monitoring & Logging
- Grafana Stack
- Prometheus
- ELK Stack
- Datadog
- Kafka
- CloudWatch
Languages & Scripting
- Bash
- Python
- Go
- TypeScript
- Groovy
- Solidity
Enterprise Tools
- IBM API Connect
- Sonatype products
- SonarQube
- Black Duck - Coverity
- Gitlab Enterprise/Ultimate
Professional Experience
Building secure infrastructure at scale
DevOps Engineer
April 2024 - PresentVSI JSC
Architecting and deploying enterprise CI/CD platforms with Jenkins, GitLab CI, Vault, and comprehensive security tooling on Kubernetes and OpenShift.
Head of Web R&D Department
June 2022 - March 2024Aimesoft
Led web development team, managed project activities, and maintained high-quality software delivery standards.
DevOps Engineer
October 2021 - October 2023Aimesoft
Designed highly available infrastructure on AWS and GCP, implemented CI/CD pipelines with GitLab CI and GitHub Actions.
Internship in DevOps & Cloud Engineering
August 2019 - March 2020OSAM.IO
Learned and implemented AWS and GCP cloud solutions, OpenStack, Docker, Kubernetes, and CI/CD practices.
Certifications
Professional credentials and achievements
Ready to Secure Your Infrastructure?
Let's discuss your cloud security and DevSecOps needs
Whether you need a security audit, help implementing DevSecOps practices, or building a secure cloud infrastructure from scratch, I'm here to help.