Diane Lakestani

Context: Engagement as a Senior DevOps / Platform Engineer within a SaaS fintech company, in a high-growth environment with strong requirements around reliability, security, and compliance.

Key achievements:

• Designed and implemented a serverless cloud platform on GCP (Cloud Run), focused on scalability and resilience

• Delivered production and staging environments across two separate regions in two weeks (rapid ramp-up on GitHub Actions and Cloud Run)

• Built dynamic review environments in one week

• Industrialized CI/CD pipelines using GitHub Actions

• Authored and implemented an ADR to set up a GCP landing zone aligned with Zero Trust principles

• Implemented smoke tests and end-to-end tests (Playwright) integrated into CI/CD pipelines, in collaboration with the QA team

• Semi-automated the migration of Windows VMs from Azure to GCP:

• PowerShell startup scripts

• Logging and Datadog integration

• Automatic user assignment to Active Directory groups

• Active Directory domain join and Entra ID (Azure AD) integration

• NetBIOS renaming and customer anonymization using UUIDs

• Implemented customer-managed encryption keys (CMEK) as part of ISO 27001 / SOC 2 compliance

• Deployed and configured Auth0 in front of legacy customer URLs and web environments:

• Username/password authentication

• SSO via Entra ID and other IdPs

• Participated in technical discussions with customers to implement their SSO and integrate their identity providers

• Provided cross-functional support to support and development teams:

• CI/CD coaching and enablement

• Terraform permissions management following the principle of least privilege

• Deployed Metabase on Cloud Run with a Cloud SQL database (SQL Server)

Context: Hyper-growth pet health insurance company following a funding round, with architecture and practices evolving - strong need for DevOps standardization and industrialization.

Key achievements:

• Implemented a multi-environment front-end stack (CloudFront + S3, Secrets Manager, CloudFront Functions) aligned with Build Once, Deploy Anywhere and trunk-based development principles.

• Advanced GitLab CI/CD industrialization: split Terraform and application pipelines (GitLab CI DAGs), centralized packaging via GitLab Package Registry.

• Adopted trunk-based development and Semantic Release, with coaching and support for QA & dev teams (workflow, best practices, releases).

• Deployed and configured Renovate to automate updates of in-house Helm charts, handling breaking changes via post-upgrade Python scripts.

• Redesigned and improved reliability of the internal Helm ecosystem: version harmonization, best-practice standardization, and preparation for scaling microservices (HPA and Karpenter). Added the Goldilocks label to enable automated monitoring and prepare resource tuning.

• Complete overhaul of GitLab repository templates:

◦ Fixed and updated Serverless (SAM) templates and their associated pipelines (previously non-functional templates),

◦ Added/updated CI best practices for PHP and TypeScript repositories (formatting, linting, hooks, quality),

◦ Standardized new repositories using these templates (baseline for upcoming projects).

• Evangelized DevOps practices (trunk-based, CI quality, automation) across teams.

Context: SOCOTEC is a major player in Testing, Inspection & Certification (TIC) for construction and infrastructure, with engineering teams working directly on-site (construction sites, structures, equipment). Within the Digital Factory in Lyon (~30 people, operating like an internalized consultancy), the challenge was to maintain and evolve critical business applications (audits, inspections, compliance, field reports, structure monitoring) used by engineers in the field, while ensuring a sovereign and stable on-prem Kubernetes platform. The infrastructure relied on multiple on-prem RKE2 clusters managed with Ansible, with strong expectations around availability, observability, and security, as the hosted services supported operational field use.

Key achievements:

• Built a complete Kubernetes sandbox cluster (RKE2, CNPG, External Secrets Manager, Kafka, RabbitMQ, Istio, Longhorn, HPA).

• Implemented GitOps deployments with FluxCD, service mesh with Istio, and a gRPC backend.

• Integrated Vault, External Secrets, and Keycloak for access management.

• Optimized observability: Loki, Prometheus, Grafana, Tempo (cache optimization).

• Developed and customized the company status page based on the open-source project StatPing-NG (Go, Vue.js, Keycloak, Notion automation): integrated incident management on the status page via Notion hooks → status page.

• Provided support to dev/QA teams on GitLab CI and Kubernetes.