Emmanuel Chebukati, Developer in Nairobi, Nairobi County, Kenya
Emmanuel is available for hire
Hire Emmanuel

Emmanuel Chebukati

Verified Expert  in Engineering

DevSecOps Engineer and Developer

Location
Nairobi, Nairobi County, Kenya
Toptal Member Since
September 27, 2021

Emmanuel is a cloud security engineer with experience in systems auditing, application security, and secure cloud deployment. 他在东非地区和全球公共和私营部门交付了敏感技术项目. Emmanuel's experience is backed by three Microsoft Azure and two AWS certifications. He is a Certified Ethical Hacker (CEH). Emmanuel holds an MSc in Information Technology from Carnegie Mellon and a BSc from USIU Africa.

Application SecurityCloudInformation SecurityStorageSecurityAzure Virtual MachinesIdentity & Access Management (IAM)Security Policies & ProceduresSystem AdministrationSecurity ArchitectureData Loss Prevention (DLP)Azure Virtual NetworksCloud SecurityCloud ArchitectureDevOps EngineerAWS CloudCybersecurityHybrid CloudMulti-CloudReverse EngineeringVirtualboxContinuous Data Protection (CDP)Cloud Cost ReductionAzure Synapse

Portfolio

Knowcrunch Inc.
PHP, System Administration, Web Hosting, LiteSpeed for SQL Server, MySQL...
Hepta Analytics
PHP, Apache2, Linux, Azure, Amazon Virtual Private Cloud (VPC), Amazon EC2...
Wagner Technical Services
Azure, Office 365, IT Security, Azure SQL, Azure Active Directory, Deployment...

Experience

PHP - 10 yearsInformation Security - 10 yearsOffice 365 - 8 yearsIdentity & Access Management (IAM) - 8 yearsCloud Security - 7 yearsAzure - 7 yearsHybrid Cloud Infrastructure - 7 yearsPython - 3 years

Availability

Part-time

Preferred Environment

Amazon Web Services (AWS), Azure, Cisco, Office 365, GitLab, NGINX, Kubernetes, Relational Database Services (RDS), Networks, Cloud Security

The most amazing...

...我所做的就是将金融科技公司瓶颈的物理IT基础设施转变为现代的混合云, secure, and easy to administer.

Work Experience

PHP SysAdmin | DevOps Engineer

2024 - PRESENT
Knowcrunch Inc.
  • 使用GitHub Actions上的GitHub流为应用引入了持续集成和持续部署(CI/CD)管道. PRs to "master" resulted in a deployment to the dev environment, and deployments to production were manually triggered.
  • 与Jelastic Cloud(现在的Virtuozzo Application Platform)集成,用于部署带有预部署和后部署钩子的存档解决方案,以实现最小停机时间的部署.
  • Troubleshot a problem with supervisors on the production server, resulting in more reliable Laravel queued jobs.
Technologies: PHP, System Administration, Web Hosting, LiteSpeed for SQL Server, MySQL, GitHub Actions, Laravel, Supervisor, Supervisord, Jelastic, Virtuozzo, Scaleforce

Cloud Security Engineer

2018 - PRESENT
Hepta Analytics
  • Co-founded the company, served as a director, led the IT infrastructure team of three, and led client engagements to define and deliver solutions.
  • Conducted an AWS Well-Architected Framework audit for a financial services firm. The audit identified 46 issues: 11 were categorized as high impact, and their potential remediations were shared with the client for action.
  • 为客户端迁移和重建了24个生产VMware虚拟机应用程序,并在混合云设置中设置了Kubernetes集群,用户停机时间最少. Set up secure remote access and connectivity between sites.
  • 从本地VM迁移和维护Microsoft堆栈(IIS连接到带有多个子域的SQL Server 2008)到Azure(带有托管数据库的应用程序服务). Set up a DevSecOps pipeline for the client with GitHub and swaps.
  • Investigated and responded to a downtime incident at a client's colocation facility. 将工作负载迁移到云端以减轻影响,并编写并提交事件报告, which led to the awarding of damages to my client.
  • Set up private email hosting on the client domain for over two dozen mailboxes. Migrated existing Office 365 user email addresses to the new email hosting set up. Designed an email security gateway solution to support multiple cloud solutions.
  • Identified potential risks to the continued operations of processes at a client's site. The risk assessment phase involved identifying risks and mitigation controls, following an identification exercise at the manufacturing plant outlets.
  • 开发了一个坚固的Android应用程序,可以处理复杂的互联网连接环境来接收音频报告. Deployed a secure dashboard to view, organize, manage, and process case reports.
  • 为客户集思广益,提出潜在的金融科技解决方案,并就潜在的挑战和变通方法提出建议. Developed and deployed an Android mockup code to demonstrate an initially intended functionality.
Technologies: PHP, Apache2, Linux, Azure, Amazon Virtual Private Cloud (VPC), Amazon EC2, VirtualBox, Kubernetes, OpenVPN, Networking, Office 365, Mail Servers, Python, Classic ASP, Apache, Information Security, Cloud Security, VPN, Cloud Architecture, AWS Cloud Architecture, Role-based Access Control (RBAC), Azure Active Directory, Azure Key Vault, Azure Resource Manager (ARM), Amazon Web Services (AWS), DevOps Engineer, DevSecOps, Networks, DevOps, Azure DevOps, Docker, Ansible, IT Security, Security, Hybrid Cloud Infrastructure, Deployment, Security Policies & Procedures, IT Operations Management (ITOM), On-premise, Architecture, System Administration, Security Design, Code Auditing, AWS DevOps, Disaster Recovery Plans (DRP), Cybersecurity, MySQL/MariaDB, Postman, Kubernetes HPA, AWS VPN, AWS Secrets Manager, AWS Auto Scaling, Ubuntu, IT Infrastructure, Proxies, AWS IAM, WordPress, Asana, High-Availability Linux, Amazon EKS, Security Management, Controls, Security Architecture, Debian, Relational Database Services (RDS), Continuous Delivery (CD), Continuous Integration (CI), CI/CD Pipelines, Azure SQL, PostgreSQL, Grafana, Prometheus, Bash, Amazon API Gateway, Sentry, Amazon RDS, Amazon S3 (AWS S3), Fintech, Azure Synapse Analytics, Azure SQL Databases, Azure Container Registry, Azure Container Instances, Azure Files, Azure Kubernetes Service (AKS), Azure Synapse, Azure Functions, MariaDB, Data Centers, Business Continuity, Business Continuity Planning (BCP), Team Leadership, Leadership, Web App Design, Twitter API, IT Audits, IP Networks, Java, AWS Cloud Computing Services, Virtualization, Cloud Storage, Cloud Services, Azure Virtual Networks, Multi-factor Authentication (MFA), Azure Virtual Machines, Azure Storage, Load Balancers, Azure App Service, Azure Administrator, Network Security, Data Security, Cloud, Data Protection, Reverse Engineering, Cloud Computing, NGINX, Data Loss Prevention (DLP), Istio, AWS Lambda

Azure Platform Engineer

2022 - 2023
Wagner Technical Services
  • Prepared, documented, 并实施了从裸机本地Windows服务器迁移到微软Azure云生态系统的计划.
  • 使用密码散列同步方法和无缝单点登录从本地Active Directory到Azure Active Directory的联合用户身份.
  • 通过Azure文件同步将多个本地SMB文件共享同步到Azure文件,在单个存储帐户的一对一共享映射下.
Technologies: Azure, Office 365, IT Security, Azure SQL, Azure Active Directory, Deployment, Security Policies & Procedures, IT Operations Management (ITOM), Infrastructure as Code (IaC), IT Infrastructure, Controls, Azure SQL Databases, Azure Files, Azure DevOps, DevOps Engineer, Business Continuity, Business Continuity Planning (BCP), Role-based Access Control (RBAC), IP Networks, Networks, VPN, Azure Key Vault, Virtualization, Cloud Storage, Cloud Services, Cloud Security, Azure Virtual Networks, Multi-factor Authentication (MFA), Azure Virtual Machines, Azure Storage, Load Balancers, Azure App Service, Azure Administrator, Network Security, Data Security, Cloud, Data Protection, Hybrid Cloud Infrastructure, Cloud Computing, Information Security, Data Loss Prevention (DLP)

Senior DevOps Engineer

2022 - 2023
Rollee
  • 在GitLab中为10多个应用程序实现持续集成和持续部署和交付(CI/CD). 该管道以最小的停机部署完成,以确保客户请求在生产部署期间不受影响.
  • 使用Kubernetes Executor在Kubernetes上设置Airflow,并使用SequentialExecutor将其从VM迁移. Migrated the database to managed database, installed dependencies in the container, and set up CI/CD and git-sync for DAGs.
  • Installed Prometheus for infrastructure and database metrics collection to aid business needs. Installed and secured Grafana to visualize the metrics collected, set up alerts, and created incident runbooks.
  • Migrated a monolith Go application to work and run on Kubernetes. Set up the service, deployment, PVC, ConfigMaps, secrets, and Ingress appropriately. 在块存储之上为readwritmany访问设置一个托管数据库和NFS提供程序.
  • Researched, recommended, and documented an appropriate Git workflow strategy for the company between Gitflow, GitHub flow, and GitLab flow. The recommendation was presented, discussed, and adopted without impacting operations. Implemented GitOps.
  • Implemented Grafana Loki and Promtail as an infrastructure and application logging solution. This enabled the collection of logs and seamless analysis of application and infrastructure logs.
  • 为React和React Native SDK创建了一个CI/CD管道,用于构建和发布到npm组织帐户. Also implemented CI/CD for a Python application project with rollback support in GitLab.
  • Implemented CI/CD with rollback support in GitLab for a monorepo with three applications. The pipeline only ran when changes were reflected in the specific codebase folder.
  • 调查并确定了PostgreSQL上的共享锁问题,导致服务无法重新启动. The problem was a long-running query that was not properly closed, which was placed down to the line of code for a swift resolution.
  • 通过实施建议,领导公司技术部门成功通过ISO 27001审核, documenting decisions, and defending the company's position.
Technologies: DevOps, Bash, IP Networks, Ubuntu, Python, Linux, IT Infrastructure, Proxies, Prometheus, Grafana, PostgreSQL, GitLab, GitFlow, CI/CD Pipelines, Continuous Integration (CI), Continuous Delivery (CD), Shell Scripting, Deployment, Security Policies & Procedures, IT Operations Management (ITOM), System Administration, Infrastructure as Code (IaC), Terraform, Disaster Recovery Plans (DRP), MySQL/MariaDB, Asana, Postman, Application Security, High-Availability Linux, Security Management, Debian, Fintech, Docker, DevOps Engineer, Business Continuity, Business Continuity Planning (BCP), Team Leadership, Leadership, IT Audits, Networks, VPN, Cloud Storage, Cloud Services, Cloud Security, Multi-factor Authentication (MFA), Load Balancers, Network Security, Data Security, Cloud, Data Protection, Hybrid Cloud Infrastructure, Cloud Computing, Information Security, NGINX, Data Loss Prevention (DLP)

LinkedIn Learning Instructor

2021 - 2023
LinkedIn Learning
  • Planned a cybersecurity course on fintech security essentials.
  • Wrote scripts for a cybersecurity course on fintech security essentials.
  • Recorded a cybersecurity course on fintech security essentials.
  • 计划了一个14个视频的网络安全必备课程,重点介绍了2022年最常报告的十大漏洞.
  • Wrote scripts and prepared slides for a course on cybersecurity essentials.
  • Recorded a 14-video course on cybersecurity essentials, complete with demos for each video.
Technologies: Fintech, Information Security, Cybersecurity, Amazon S3 (AWS S3), Amazon EC2, Amazon Virtual Private Cloud (VPC), Amazon Web Services (AWS), VPN, AWS VPN, OpenVPN, Amazon RDS, AWS WAF, Sentry, Amazon API Gateway, AWS Secrets Manager, Ansible, AWS Auto Scaling, Security Policies & Procedures, Lecturing, Application Security, Ubuntu, IT Infrastructure, AWS IAM, Debian, Continuous Integration (CI), Business Continuity Planning (BCP), Training, AWS Cloud Architecture, Cloud Architecture, Networks, AWS Cloud Computing Services, Cloud Storage, Cloud Services, Cloud Security, Azure Virtual Networks, Load Balancers, Network Security, Data Security, Cloud, Data Protection, PHP, Azure, Hybrid Cloud Infrastructure, Cloud Computing

DevSecOps Engineer

2022 - 2022
Freelance
  • 使用HorizontalPodAutoscaler (HPA)和cluster Autoscaler解决了Azure Kubernetes Service (AKS)集群上的突发流量问题.
  • 为Azure Kubernetes Services (AKS)研究并推荐了合适的云原生数据量,该数据量支持跨多个pod的并发访问和水平可伸缩性.
  • Architected a cloud-native infrastructure with the Web-Queue-Worker style for a new scalable, secure, resilient, and highly available application, which supports multi-tenant clients.
  • 部署了一个Web-Queue-Worker示例基础架构,并演示了如何使用Azure Synapse Analytics和其他工具将客户端转换为大数据架构.
Technologies: Kubernetes, Docker, NGINX, MySQL, MariaDB, DevOps, DevSecOps, Azure Functions, Azure Synapse, Azure Kubernetes Service (AKS), Azure Files, Azure Storage, Azure, Kubernetes HPA, Azure Container Instances, Azure Container Registry, Azure SQL Databases, Azure Synapse Analytics, Linux, Deployment, IT Operations Management (ITOM), Architecture, Security Design, Cybersecurity, Postman, Ubuntu, IT Infrastructure, Security Management, Debian, Continuous Integration (CI), CI/CD Pipelines, Azure DevOps, DevOps Engineer, IP Networks, Networks, Azure Key Vault, Cloud Services, Cloud Security, Azure Virtual Networks, Azure Virtual Machines, Load Balancers, Azure Administrator, Network Security, Data Security, Cloud, Data Protection, PHP, Cloud Computing, Information Security, AWS Lambda

Security Trainer

2019 - 2022
e.KRAAL Innovation Hub
  • 为国家网络安全培训计划(NCSTP)第三批20名学员讲授云安全, featuring 30+ hours of live, practical content, and nine practical labs on Azure, delivered over five days.
  • 为NCSTP第一批40名学员讲授关键信息基础设施保护课程, featuring 24+ hours of live, practical content, and five practical labs on AWS, delivered over four days.
  • Received overwhelmingly positive reviews for each training performed.
Technologies: Training, Azure, Amazon Web Services (AWS), Ansible, IT Security, Security, Hybrid Cloud Infrastructure, Security Policies & Procedures, Lecturing, Disaster Recovery Plans (DRP), Cybersecurity, Application Security, Ubuntu, IT Infrastructure, Proxies, AWS IAM, Security Management, Debian, Relational Database Services (RDS), Continuous Integration (CI), Amazon API Gateway, Docker, DevOps Engineer, Business Continuity Planning (BCP), Team Leadership, Leadership, AWS Cloud Architecture, Cloud Architecture, IP Networks, Networks, VPN, AWS Cloud Computing Services, Virtualization, Cloud Storage, Cloud Services, Cloud Security, Azure Virtual Machines, Load Balancers, Azure App Service, Network Security, Data Security, Cloud, Data Protection, PHP, Cloud Computing, Information Security, NGINX, Data Loss Prevention (DLP)

Systems Developer

2015 - 2016
Nature Surf Systems
  • Designed and deployed bespoke IT infrastructure focused on security. This included wildcard SSL certificates, strong SSL cipher suites, reverse proxies and load balancers, remote access VPNs, and site-to-site VPNs.
  • Led the development team to release a new feature every week for two months straight.
  • Reduced an Android application size from 1MB to 40KB by creating a lite, minified version capable of running on entry-level smartphones.
Technologies: PHP, Android, MySQL, Reverse Engineering, Apache2, NGINX, Apache, Information Security, Java, Linux, Security Policies & Procedures, IT Operations Management (ITOM), On-premise, System Administration, MySQL/MariaDB, Postman, Application Security, Ubuntu, IT Infrastructure, Proxies, High-Availability Linux, Controls, Security Architecture, Debian, Continuous Delivery (CD), Continuous Integration (CI), Bash, DevOps Engineer, Business Continuity, Business Continuity Planning (BCP), Team Leadership, Leadership, IP Networks, Networks, VPN, Virtualization, Cloud Storage, Cloud Services, Cloud Security, Multi-factor Authentication (MFA), Load Balancers, Network Security, Data Security, Cloud, Data Protection, Hybrid Cloud Infrastructure, Cloud Computing, Data Loss Prevention (DLP)

Graduate Management Trainee

2015 - 2015
Presidential Digital Talent Program
  • Updated the immigration department's information security policy.
  • Reviewed the interior ministry's website and made recommendations for its redesign.
  • Led the entire team of 100 management trainees as their appointed representative.
Technologies: Web App Design, Leadership, Team Leadership, Security Policies & Procedures, Ubuntu, IT Infrastructure, Controls, Debian, Business Continuity, IT Audits, IP Networks, Networks, Network Security, Data Security, Data Protection, Information Security, Data Loss Prevention (DLP)

AWS Well-Architected Framework Audit for a Financial Services Firm

客户对其托管在AWS上的基础设施进行了审计,以确定任何漏洞, loopholes, and non-adherence to best practices that impact the performance, availability, security, and scalability of the applications. The client was also seeking recommendations on how to address the issues identified.

我们实施此审计的方法由AWS良好架构框架(Well-Architected Framework)管理,该框架指导云解决方案架构师在AWS中创建基础设施时采用的最佳实践. The framework consists of six pillars (security, reliability, performance efficiency, cost optimization, operational excellence, and sustainability) that were all thoroughly audited during the engagement. We were granted access to the AWS, the demo, development, and UAT environments. Other documents, such as the AWS billing reports, were provided, as well as answers to questions asked.

The audit identified a total of 46 categorized issues: 11 issues were categorized as high impact, and their potential remediations were shared with the client for action.

Email Server Audit

这个项目是由一家旅游公司的信息通信技术系统,特别是电子邮件系统的不当行为引起的. The company owners were the project champions. The purpose of the project was to identify any possibilities of such malpractice on the ICT part, recommend solutions, and implement the solutions where possible.

该项目分三个阶段远程执行,并通过三次前往阿鲁沙总部的区域旅行:

Phase one involved a forensic analysis of the mail system to identify instances of foul play. Malpractice was indeed identified, and the evidence was presented to the project champions.

第二阶段是实现一个解决方案,该解决方案将邮件服务器迁移到安全的云虚拟专用服务器上,并运行加密、电子邮件防病毒和反垃圾邮件机制. This migration was done seamlessly and successfully with minimal business impact.

The final phase was the optimization of office ICT systems for both performance and security. This phase further involved configuration of the mail server to suit organizational needs, such as particular accounts to be limited to internal-only communication.

Overall, the project was a great success.

HeptaPay

http://heptapay.com
An online agent for loading money to a mobile money wallet via debit or credit card. As the integrations engineer, I set up the card processing payment gateway and connections to the telecommunications partners; tested these connections for security and performance; and managed the back end, the internal transaction monitoring dashboard, and the platform's security.

Sentiment Analysis of the 2017 Kenyan Presidential Election

http://uchaguzi.today/
Kenya held a general election in 2017. 我们建立了Uchaguzi Today,以展示每位候选人受欢迎程度背后的趋势,并解释(通过定期更新)他们的行为引发了积极的影响, neutral, or negative response. My involvement was setting up the infrastructure for collecting the data, interacting with the Twitter API to collect the tweets, designing and deploying the dashboard, and deploying an Android application to classify a sample dataset to help train the model.

Languages

PHP, Python, Java, Bash, JavaScript

Tools

NGINX, Amazon Virtual Private Cloud (VPC), VirtualBox, OpenVPN, Azure App Service, VPN, Apache, Azure Kubernetes Service (AKS), Ansible, Sentry, GitLab, Amazon EKS, AWS IAM, Postman, Azure Key Vault, Grafana, Terraform, Asana, Istio, Supervisor, Supervisord

Paradigms

Role-based Access Control (RBAC), DevOps, DevSecOps, Azure DevOps, Continuous Integration (CI), Continuous Delivery (CD), Web App Design

Platforms

Linux, Apache2, Azure, Amazon EC2, Kubernetes, AWS Cloud Computing Services, Amazon Web Services (AWS), Ubuntu, Debian, WordPress, Android, Docker, Azure Functions, Azure Synapse, Azure Synapse Analytics, AWS Lambda, Jelastic

Storage

MySQL, Azure Active Directory, MariaDB, Amazon S3 (AWS S3), PostgreSQL, MySQL/MariaDB, Data Centers, Storage Area Networks (SAN), Azure SQL Databases, On-premise, Azure SQL, LiteSpeed for SQL Server

Industry Expertise

Network Security, Cybersecurity

Other

Office 365, Hybrid Cloud Infrastructure, Cloud Computing, Information Security, Application Security, Cloud, Azure Administrator, Azure Virtual Machines, Multi-factor Authentication (MFA), Identity & Access Management (IAM), Azure Virtual Networks, Cloud Security, Cloud Services, Cloud Storage, Virtualization, Networks, IP Networks, IT Audits, Cloud Architecture, AWS Cloud Architecture, Leadership, Team Leadership, Training, Business Continuity Planning (BCP), Business Continuity, Storage, Email Security, DevOps Engineer, Azure Files, Kubernetes HPA, Fintech, AWS VPN, Amazon RDS, AWS Secrets Manager, AWS Auto Scaling, IT Infrastructure, Proxies, IT Security, Security, GitFlow, Load Balancers, CI/CD Pipelines, Deployment, Security Policies & Procedures, IT Operations Management (ITOM), Architecture, System Administration, Relational Database Services (RDS), Infrastructure as Code (IaC), Security Design, AWS Certified Cloud Practitioner, Lecturing, Security Architecture, Controls, Security Management, Disaster Recovery Plans (DRP), High-Availability Linux, Data Loss Prevention (DLP), Reverse Engineering, Mail Servers, Data Security, Azure Storage, Data Protection, Azure Container Instances, Azure Container Registry, AWS WAF, Amazon API Gateway, Prometheus, Shell Scripting, Code Auditing, AWS DevOps, Networking, Cisco, Azure Resource Manager (ARM), Web Hosting, GitHub Actions, Virtuozzo, Scaleforce

Libraries/APIs

Twitter API

Frameworks

Classic ASP, Laravel

2016 - 2018

Master's Degree in Information Technology

Carnegie Mellon University - Pittsburgh, PA

2012 - 2014

Bachelor's Degree in Applied Computer Technology

United States International University-Africa - Nairobi, Kenya

NOVEMBER 2023 - NOVEMBER 2026

AWS Certified Security – Specialty

Amazon Web Services

JUNE 2021 - JUNE 2024

Microsoft Certified: Azure Security Engineer Associate

Microsoft

DECEMBER 2020 - DECEMBER 2026

AWS Certified Cloud Practitioner

Amazon Web Services

OCTOBER 2020 - OCTOBER 2024

Microsoft Azure Administrator Associate

Microsoft

AUGUST 2020 - PRESENT

Microsoft Certified: Azure Fundamentals

Microsoft

APRIL 2015 - PRESENT

Associate - Information Storage and Management Version 2.0

Dell Technologies

NOVEMBER 2014 - DECEMBER 2026

Certified Ethical Hacker (CEH)

EC-Council

Collaboration That Works

How to Work with Toptal

在数小时内,而不是数周或数月,我们的网络将为您直接匹配全球行业专家.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring