Carsten Frank

Release planning and control, architecture development and further development of the security concept, guidelines for achieving basic IT protection according to "BSI-Grundschutz", control of external broker connections and GDV integration, connection of the commercial insurance product platform to the central Bipro services of BarmeniaGothaer.

Cloud / Platform Engineer and Enterprise Architecture Management

(EAM),

Technology and tasks: Openshift, Kubernetes, Terraform, Ansible, Gitlab,

Artifactory, Ceph, Rook, K3S, Hashicorp Vault, CertManager

Certificate Management via HC Vault PKI, BitWarden - VaultWarden, Cisco ACI –

Software-defined network, BSI IT Grundschutz, Enterprise Architecture

Management (EAM)

Excerpt of individual results

• Development of IaC code for building a Proxmox cluster

• IaC for VM-distributed services such as LDAPs, Vault Cluster, PowerDNS,

• K3S and Terraform code for building services such as Gitlab, Vault-PKI

and Certmanager connection for connecting K3S to the PKI

• Hashicorp Vault security policies for tenant separation under

Zero Trust Guideline

• Setup of an Openstack / Openshift hybrid architecture with Undercloud

and Overcloud strategy.

• Automated setup of the Openshift cluster via IaC (Ansible);

Continuous operation of Openshift management via Red Hat

Cluster Management (RHCM)

• Hardening of security-sensitive container applications in K3S

through Ingress, Egress, Network Policies, separation of network traffic

by 1-to-1 assignment of NICs to service PODs via Multus

• Hardening of Proxmox VMs according to Openscap vulnerability assessment

• Setup of a pipeline for CVE analysis of all container images and

software artifacts via JFrog Artifact and JFrog Xray. Risk assessment

and risk mitigation

Project methods and development principles:

• Agile project organization according to Scrum principles

• Requirements management in Jira