Andrew Osipov, Developer in Moscow, Russia
Andrew is available for hire
Hire Andrew

Andrew Osipov

Verified Expert  in Engineering

Software Developer

Location
Moscow, Russia
Toptal Member Since
January 5, 2021

Andrew是一个非常积极、多才多艺、熟练的DevOps和DevSecOps. 他使用经济高效的方法交付了许多大型基础设施实现. Andrew excels in high load, availability, and security using AWS, Kubernetes (EKS), and Terraform, 实现基础设施即代码和配置即代码的方法. Andrew is also brilliant at managing compliance, security, 以及全公司的健康和支付数据文档(HIPAA和PCI DSS).

Information SecuritySystem AdministrationFirewallsSecurity Policies & ProceduresData ProtectionVulnerability ManagementLinux Server AdministrationSecurityAWS DevOpsHAProxyPrometheusCybersecurityOpenVPNNessusLinuxFluentdDevSecOpsGrafana

Portfolio

Softpay
网络,安全,基础设施,Linux管理,AWS DevOps...
Orthodox Union
网络,安全,基础设施,Linux管理,AWS DevOps...
MDDX Research and Informatics (acquired by Bioclinica)
性能测试,网络,安全,基础设施,Linux管理...

Experience

Information Security - 13 yearsIT Systems Architecture - 10 yearsDevOps - 7 yearsDevSecOps - 7 yearsHIPAA Compliance - 6 yearsTerraform - 4 yearsKubernetes - 3 years

Availability

Part-time

Preferred Environment

Amazon Web Services (AWS), IT Security, CI/CD Pipelines, Linux, HIPAA Compliance, PCI DSS, DevSecOps, DevOps, Terraform, Kubernetes

The most amazing...

...我所做的项目是帮助MDDX被Bioclinica收购的项目, after hard work and successful HIPAA and FDA audits.

Work Experience

DevOps and DevSecOps Engineer

2020 - 2020
Softpay
  • 使用Terraform执行PCI-DSS兼容的AWS基础设施即代码, packer, Elasticsearch, Cognito, Inspector, Guardduty, Fluentd, OSSEC, Wazuh, Nginx, many others of the AWS services.
  • 将容器基础设施作为代码实现,并与Kubernetes (EKS)一起工作, Fluentd, Fluent Bit, Istio, and Docker.
  • Accomplished numerous security reviews and hardenings. 使用Terraform(符合PCI-DSS)部署的代码实现安全VPN, multi-node cluster, and integrated Google MFA).
Technologies: 网络,安全,基础设施,Linux管理,AWS DevOps, AWS Cloud Architecture, Amazon Web Services (AWS), Ansible, PCI DSS, OpenVPN, VPN, IT Security, Amazon EKS, Docker, OSSEC, Amazon Cognito, Fluentd, Elasticsearch, Packer, Information Security, Kubernetes, Terraform, DevSecOps, DevOps

DevOps and DevSecOps Engineer

2019 - 2020
Orthodox Union
  • 开发现代系统架构,实现Amazon Web Services和EKS基础设施.
  • 处理AWS上大多数服务(Terraform和CloudFormation)的云安全和合规配置.
  • Implemented EKS (local environment with minikube, development, staging, 以及生产集群),包括性能监控和事件管理实现.
  • 执行Kubernetes安全加固、基于角色的访问控制(RBAC)和秘密管理.
  • 使用CircleCI实现无停机和用户中断的CI/CD.
  • Reviewed compliance requirements and mapped them to the current security state; handled PCI, DSS, SAQ, D, and security.
  • Implemented missing security controls, such as vulnerability assessments, VPN, WAF, SSO, secure SDLC, event management, proper roles, access matrix, and others.
Technologies: 网络,安全,基础设施,Linux管理,AWS DevOps, AWS Cloud Architecture, Amazon Web Services (AWS), CI/CD Pipelines, Kubernetes, Web Application Firewall (WAF), OpenVPN, Software Development Lifecycle (SDLC), Burp Suite, Nessus, Okta, CircleCI, AWS CloudFormation, Terraform, Amazon EKS, DevSecOps, DevOps, PCI DSS

DevOps and DevSecOps Engineer

2013 - 2019
MDDX Research and Informatics (acquired by Bioclinica)
  • 领导和管理两名承包商,负责以下职责:系统运营, 24-hour support, monitoring, HIPAA compliance documentation, and execution of different check-ups.
  • 实现Amazon Web Services云基础设施,包括集成基础设施即代码方法,实现云安全性和HIPAA合规性(HITECH和FDA 21 CFR PART 11).
  • 执行初始Kubernetes设置可持续的非常高的峰值. 配置Kubernetes事件管理,监控,多环境,额外的安全性.
  • Integrated vulnerability assessments and fixes, system security hardenings, CIS compliance, security policies, FW, WAF, IPS, HIDS, VPN, integrity controls, file encryptions, security and event management, secure SDLC, and network security.
  • Developed backup plans, business continuity & 灾难恢复计划,致力于性能修复并实现了显著的成本优化.
  • Implemented numerous custom solutions using Shell and Python scripting; extensively used regular expressions.
Technologies: 性能测试,网络,安全,基础设施,Linux管理, AWS DevOps, Kubernetes, AWS Cloud Architecture, Amazon Web Services (AWS), Leadership, Ansible, CI/CD Pipelines, Management, Shell Scripting, Terraform, IT Infrastructure, Vulnerability Assessment, HIPAA Compliance, Information Security, IT Security, DevSecOps, DevOps

Tech and Security Lead

2011 - 2013
ОАО «Электронная Москва
  • Led and managed a small engineering team (2-3 persons); organized the work with more than ten contractors which included assignment tracking, standups, report reviews, action plans, and results tracking.
  • 为不同的企业级项目设计体系结构并实现复杂的子系统. (设备机架120余架,裸金属服务器500余台).
  • Implemented various systems including firewalls and VPNs, intrusion prevention, vulnerability assessment, security, information, event management, IAM, and WAF.
  • 执行漏洞扫描并创建业务连续性、灾难恢复和备份计划.
Technologies: Performance Testing, Networking, Security, Infrastructure, System Administration, SIEM, Web Application Firewall (WAF), Linux, Business Continuity & Disaster Recovery (BCDR), Information Security, IT Systems Architecture, IT Security, Vendor Management, Management, Leadership

Lead Information Security Specialist

2010 - 2011
CJSC Svyaznoy Bank
  • Implemented and maintained complex IT systems and applications; organized and managed work with about ten contractors.
  • Worked on the bank's compliance; did penetration testings, log analysis, forensic investigations, and reporting. 这项工作为新的安全基础设施提供了基础.
  • Implemented various subsystems including firewalls and VPNs, content filtering, proxy, anti-spam, anti-virus, data and access protection systems, and the implementation and integration of security policies.
Technologies: Networking, Security, Infrastructure, PCI DSS, Data Protection, SIEM, Penetration Testing, Vulnerability Assessment, Vendor Management, Management, Security Policies & 程序,防火墙,VPN,信息安全,IT安全

Lead Information Security Engineer

2009 - 2010
CJSC Verysell
  • 定义IT和信息安全项目的技术和组织需求.
  • Designed the architecture for complex information systems.
  • Implemented various setups including firewalls, different Linux environments, different Windows Server setups, HSM, AV protections, Cisco projects, and intrusion detection systems.
Technologies: Networking, Security, Infrastructure, Windows Server, VPN, Intrusion Detection Systems (IDS), Linux, System Administration, IT Systems Architecture, Information Security, IT Security

System Administrator

2008 - 2008
IBS Datafort
  • Implemented various Linux and Windows Server setups.
  • 维护系统,执行监控和事件管理.
  • 实现Jira任务管理,包括记录保存和解决紧急事件.
技术:网络、安全、基础设施、Windows、Linux、系统管理

OpenVPN Setup with MFA (Terraform, Ansible, and Packer)

http://github.com/accesskeeper/openvpn-pcidss-terraform
一个pci - dss兼容的MFA (Google认证)OpenVPN集群安装使用Packer, Terraform, and AWS Systems Manager (Ansible Playbook).

Steps:
1. Created an AWS AMI image using Packer.
2. Generated offline CA, server, and client keys.
3. Deployed the infrastructure using Terraform, which creates S3 buckets, instances, IAM, security groups, 并在实例上运行AWS系统管理器(Ansible Playbook).

By default, it creates one master and one slave node. 可以稍微调整代码以创建一个主服务器和多个从服务器.

Camping Site That Can Handle High-load Spikes

http://campdror.com
我在EKS上部署的众多项目之一(总共可能超过50个项目). PHP, Node.js, Elasticache, and CDN. It contains an API service as well. 我使用CircleCI实现了CI/CD,没有任何停机时间或用户中断. 我还使用Minikube实现了本地部署、开发和暂存. and production clusters.

Terraform, Elasticsearch和Cognito项目与mfa兼容的PCI-DSS和HIPAA

http://github.com/accesskeeper/pcidss-elasticsearch-vpc-cognito
This project involved Elasticsearch with Cognito authentication deployed via Terraform inside VPC; it is compliant with PCI-DSS and HIPAA.

为管理员和开发人员部署了两个角色,以访问各种日志流. It is possible to add more users for example security staff. It has 2-factor authentication configured with phone SMS. 所以当你创建一个隐姓埋名的新用户时,你需要提供你的号码.

此设置可用于支付和健康数据、安全性和应用程序数据日志.
2004 - 2010

Master's Degree in Information Security

MEPhI |莫斯科工程与物理研究所-莫斯科,俄罗斯

Libraries/APIs

Node.js

Tools

Terraform, Packer, Fluentd, OSSEC, Amazon EKS, VPN, OpenVPN, CircleCI, Nessus, Ansible, Shell, Helm, Grafana, NGINX, PHP-FPM, Docker Compose, Splunk, Git, Amazon Cognito, AWS CloudFormation, AWS Systems Manager, GitLab CI/CD, Hyper-V, VMware

Languages

Bash Script, Bash, PHP, SQL, Python

Platforms

Kubernetes, Docker, Linux, Windows Server, Windows, Amazon Web Services (AWS), AWS Lambda, Amazon EC2, Unix, Burp Suite, Azure, DigitalOcean

Paradigms

DevOps, DevSecOps, HIPAA Compliance, Penetration Testing, Continuous Delivery (CD), Continuous Integration (CI), Management

Industry Expertise

Cybersecurity

Storage

MySQL, Amazon S3 (AWS S3), Amazon DynamoDB, Elasticsearch, MongoDB, MSSQLCE, PostgreSQL

Frameworks

Windows PowerShell

Other

Information Security, IT Systems Architecture, System Administration, Network Administration, IT Security, PCI DSS, Web Application Firewall (WAF), Vulnerability Assessment, IT Infrastructure, Shell Scripting, Vendor Management, Business Continuity & Disaster Recovery (BCDR), SIEM, Firewalls, Security Policies & Procedures, Data Protection, Intrusion Detection Systems (IDS), Prometheus, Host-based Intrusion Prevention, HAProxy, Vulnerability Management, AWS Cloud Architecture, Architecture, AWS DevOps, Linux Server Administration, Amazon Cognito User Pools, Linux Administration, Infrastructure, Security, Networking, Scripting, TCP/IP, Okta, Software Development Lifecycle (SDLC), CI/CD Pipelines, OWASP Top 10, Site Reliability Engineering (SRE), Performance Testing, Leadership, Amazon Kinesis

Collaboration That Works

How to Work with Toptal

在数小时内,而不是数周或数月,我们的网络将为您直接匹配全球行业专家.

1

Share your needs

在与Toptal领域专家的电话中讨论您的需求并细化您的范围.
2

Choose your talent

在24小时内获得专业匹配人才的简短列表,以进行审查,面试和选择.
3

Start your risk-free talent trial

与你选择的人才一起工作,试用最多两周. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring