Kai Held - Backend Python Engineer

Munich, Germany

Experience

Oct 2023 - Present

2 years 4 months

Backend Python Engineer

Rohde & Schwarz SIT

Conceptualizing & developing a need-to-know, domain-based identity and access management system in a high-security environment
Backend development (Python): API & microservice development

Apr 2023 - Oct 2023

7 months

Senior AWS DevOps Engineer

InformMe

Architecting & developing a GDPR-compliant AWS Account Factory for a MedTech startup
Architecture: AWS Control Tower setup, Service Catalog, CfCT pipeline, Node.js Lambdas
Infrastructure as Code: AWS CDK (TypeScript), CloudFormation
AWS Identity Center (SSO)
Custom SCPs, Config rules & SRA
On-premises migration to ECS Fargate & Lambda

Jan 2023 - Present

3 years 1 month

Site Reliability Engineer

Bundesdruckerei GmbH

Constructing & operating a data science platform in a high-security environment
High-security Kubernetes bootstrapping: Kubespray
GitOps: FluxCD
Monitoring/Logging: Prometheus, Grafana, Loki, Elasticsearch
Storage: MinIO, Longhorn
Authentication: Keycloak
Infrastructure as Code (IaC): Ansible, Helm, Kustomize
CI/CD with GitLab

Dec 2022 - Jan 2023

2 months

Senior Cloud Architect (AWS)

Volkswagen AG (via Rackspace)

Provided short-term support to Volkswagen on AWS IAM and resolved several internal audit findings
Analyzed the existing environment and defined security solutions with minimal effort

Jul 2021 - Nov 2022

1 year 5 months

DevOps Engineer (AWS, Kubernetes)

Eurofins

Architecting & engineering AWS EKS (Kubernetes) & supporting AWS services in a greenfield project
Greenfield: setting up & maintaining EKS (Terraform, Crossplane)
Kubernetes: Helm, ArgoCD, AWS LB Controller, ExternalDNS, External Secrets, Consul, EFS CSI
Kubernetes monitoring & logging: Prometheus, Grafana, Loki, Elasticsearch
Kubernetes security: cluster hardening (Bottlerocket)
Setting up Kubernetes authentication via OAuth2/OIDC (PingID) & AWS Cognito
Migrating on-premises workloads to an AWS serverless stack: Lambda, API Gateway, Cognito, DynamoDB
Setting up AWS security: IAM, SSM, CloudTrail, Secrets Manager
Setting up & maintaining Kubernetes-native development (Skaffold)
Infrastructure as Code (Terraform, Crossplane)
CI/CD pipelines with Azure DevOps & GitLab
Linux administration (Debian, Ubuntu, RHEL)
Programming with Bash, Python & Go
Data engineering (AWS RDS: PostgreSQL, MS SQL)

Oct 2020 - Jun 2021

9 months

AWS Cloud/DevOps Engineer

Siemens AG & Siemens Energy

Migration of on-premise B2B e-learning platform to AWS ECS cluster & general AWS support for Siemens Energy carve-out
Infrastructure as Code (Terraform, Ansible)
Setting up AWS security: IAM, SSM, CloudTrail, Secrets Manager
Setting up SAML & OIDC authentication
Working with container tools: Docker, ECS
CI/CD pipelines with GitLab
Linux administration (Debian, Ubuntu)
Scripting with Bash, Python, JavaScript & Go
Data engineering (AWS RDS: PostgreSQL, MS SQL)
Configuration and deployments of EC2 Auto Scaling groups and launch templates with load balancing

Jun 2020 - Dec 2022

2 years 7 months

AWS Cloud/DevOps Engineer

ventx Gmbh

Worked on several DevOps projects
Architecting AWS cloud frameworks
CI/CD with Bitbucket, GitLab, Jenkins and Jira
Linux administration (Debian, Ubuntu, CentOS)
Working with container tools: Kubernetes, OpenShift, Docker
Consulting and support for the DevOps teams
Documentation of development
Building highly available and scalable multi-tier AWS infrastructure
Building serverless infrastructure with AWS Lambda, API Gateway and DynamoDB
Infrastructure as Code with Terraform and CloudFormation
Configuration and deployments of EC2 Auto Scaling groups and launch templates with load balancing

Feb 2019 - May 2020

1 year 4 months

System Engineer

Bamberger VerlagsGruppe

Agile project coordination (e.g. development of MS Dynamics NAV, helpdesk, wiki software)
Educational data mining/scraping with Python for learning analytics and business intelligence
Data engineering (Python: NumPy, Pandas) and maintenance of databases (MySQL, PostgreSQL)
Web development (HTML, CSS, JavaScript) and deployment (Linux: Debian, Ubuntu, CentOS)
Defined system standards and processes for provisioning and maintaining software on Linux
Developed scripts for unattended installations (start scripts, installation automation)
Maintaining on-premise server infrastructure (Windows; Linux: Debian, Ubuntu, CentOS; VMware)
Project budget planning (e.g. ~105k € image database project, ~95k € ERP development)

May 2015 - Feb 2019

3 years 10 months

DevOps Engineer (working student)

C.C.Buchner Verlag

Creating workflows to optimize processes
Automating tasks with Python (e.g. conversion scripts for various media outputs)
Sub-project management and assistance
Front- and backend web development (e.g. shop website, ticketing system)
Maintaining on-premise server infrastructure (Windows, Linux)

Jan 2013 - May 2015

2 years 5 months

System Administrator & IT-Supporter (student assistant)

Computing Centre University of Bamberg

Maintenance of university data centre hardware and software
Creating install-images for PC pools and maintaining hardware
Network administration (Linux: Debian, Windows Server)

Skills

Aws - Container: Eks, Ecs, Fargate, Ecr
Aws - Vm: Ec2, Auto Scaling, Load Balancing
Aws - Storage: S3, Ebs, Efs
Aws - Networking: Vpc, Route53, Cloudfront
Aws - Serverless: Api Gateway, Lambda, Dynamodb, Eventbridge, Sqs, Sns
Aws - Databases: Rds (Postgresql, Ms Sql, Mariadb, Mysql, Aurora)
Aws - Security: Iam, Cognito, Waf, Kms, Secrets Manager
Aws - Compliance: Config, Cloudtrail
Ci/cd: Gitlab, Github, Bitbucket, Azure Devops
Kubernetes & Container Orchestration - Deployment: Helm, Kustomize, Crossplane
Kubernetes & Container Orchestration - Gitops: Argocd, Flux
Kubernetes & Container Orchestration - Dev Tools: Skaffold, Devspace
Kubernetes & Container Orchestration - Observability: Prometheus, Grafana, Loki, Tempo, Elasticsearch, Kibana (Elk)
Programming, Scripting & Automation: Go, Python, Java, Kotlin, Bash, Html, Css, Javascript, Terraform, Cloudformation, Sql, Ansible
Authorization & Authentication: Oauth2 (Pkce), Oidc, Saml