Freelancer profile translated to English.
Back to original languageAbout Ilan
With over 10 years of experience as a Senior Engineer, Tech Lead, and Cloud Architect, I have had the opportunity to work on various architectures - cloud-native, hybrid, event-driven, DDD - for scale-ups and CAC 40 groups like TF1, Believe, and BNP Paribas.
What defines me: an approach focused on quality, reliability, and knowledge sharing. I place as much importance on infrastructure robustness as on supporting teams (tech talks, ADRs, pair programming).
I mainly focus on:
- Design and operation of production Kubernetes platforms (GitOps, ArgoCD, Kyverno, OPA)
- Deployment of Internal Developer Platforms with Backstage (SSO, Soundchecks, governance)
- Advanced AWS architecture: network design (VPC, Transit Gateway, multi-domain Route53, ACLs, Subnets), multi-account Landing Zone, IAM matrices, SCP, KMS - and FinOps (CloudTrail audit, rightsizing, €18,000/year saved at TF1)
- Setting up complete observability (Datadog, Prometheus, OpenTelemetry)
- Complex cloud migrations (Rancher → EKS, AWS → GCP, Terraform → OpenTofu)
Certified AWS Solutions Architect Professional and CKAD.
Feel free to contact me :)
French
Native or bilingual
English
Fluent
Can work on-site
Courbevoie (up to 15km)
Experience
- TF1Senior Platform engineer / SREPRESS AND MEDIAOctober 2024 - Today (1 year and 8 months)Boulogne-Billancourt, FranceKubernetes & GitOps :
- Deployment and configuration of Flux Image Updater for automating GitOps deployments to target environments.
- Optimization of Kyverno rules (anomaly correction, enforcement of security best practices across clusters).
- Installation of rootless BuildKit on Kubernetes to secure and accelerate container builds.
- Deployment of Argo Events to allow QA teams to trigger Argo workflows via events.
- POC Tetragon for implementing eBPF Runtime Security on clusters.
- ...
Bazel & distributed build :- Management of the Bazel/Buildfarm infrastructure: optimization of distributed cache and storage, implementation of remote execution to reduce build times.
- ADRs and benchmarks on macOS runners (GitHub SaaS vs. self-hosted EC2 macOS).
- ...
AWS & security :- Redesign of SCPs and restructuring of the multi-account IAM matrix.
- Rationalization of CloudTrail to only active regions - saving €18,000/year.
- Strengthening of Cognito policies.
- POC WIZ integration (CSPM).
- Terraform → OpenTofu migration.
- Improvement of IaC workflows with Terragrunt/Atlantis (drift management) and implementation of Terramate.
- ...
IDP & tooling :- Full deployment of Backstage (Okta SSO, OpenSearch, Redis).
- Implementation of Soundchecks as a security governance gateway.
- Integration of Apache Superset into Backstage to expose platform KPIs (incidents/team, Kyverno rules in error/team).
- Deployment of Steampipe/Powerpipe for DR, FinOps, and security compliance management.
- Organization of Tech talks in auditorium.
- ...
- BelieveSenior Cloud ArchitectENTERTAINMENT AND LEISURESeptember 2022 - September 2024 (2 years and 1 month)Paris, FranceAWS → GCP Migration (Believe Odyssey program) :
- Management of the strategic migration of the entire cloud infrastructure to Google Cloud Platform, in coordination with several product squads on a one-year program.
Infrastructure & network :- Complete redesign of the Landing Zone (account cleanup, SCPs, tags).
- Audit and reorganization of the multi-account Transit Gateway (diagram, routes, blackhole).
- Implementation of Cloudflare Zero Trust (tunnels, WARP devices, replacement of historical CDN).
- ...
Data & messaging :- MSK Kafka cluster deployment via Terraform with mTLS and ACL setup.
- Support and evangelization of Kafka among developers.
- Implementation of Temporal: PHP boilerplate (client/worker) and control plane management via a Go/Protobuf internal application.
- ...
Observability & FinOps :- Datadog deployment via Helmfile (agents, custom pipelines).
- Migration and redesign of business dashboards for all teams to Datadog, with training and support for product teams.
- Implementation of the Vector architecture: thanks to VCL rules, optimization of the logs and traces pipeline (reduction of ingested volume, improvement of signal/noise ratio) with a direct FinOps impact on observability costs.
- Vault (JWT Gitlab+Kubernetes auth, KMS auto-unseal, backup).
- ...
- La FourchetteCloud ArchitectAGRICULTUREApril 2021 - August 2022 (1 year and 5 months)Paris, FranceCloud-native migrations :
- Migration of microservices from Rancher Labs to AWS EKS (Kubernetes, Terraform, Vault, Route53).
- EKS 1.17 → 1.21 migration with zero downtime.
- Istio 1.7 → 1.12 migration on production cluster.
- Helm 2 → Helm 3 migration.
- Upgrade of 100 Terraform repositories from 0.11 → 1.0.
- Migration of LDAP and the deployment tool Zendeck Samson (multi-AZ RDS database, Vault secrets, ALB/Istio ingress) to Kubernetes.
- ...
AWS Security & governance :- Implementation of security policies via Rego (OPA) on clusters.
- Complete redesign of the AWS IAM matrix and Vault.
- Creation of complete AWS environments called "UAT" isolated by business domain (EKS, ALB, Istio, RDS, S3, Terraform) - allowing load and validation tests in real conditions.
- Creation of Elasticsearch 7 indexes via Terraform.
- ...
Festival TheFork — infra lead (40M€ TV ad budget) :- Responsible for load handling during TV advertising peaks.
- Design and optimization of Gatling scripts. Development of a custom Prometheus exporter to anticipate peaks and drive HPA pre-scaling. Prometheus/Grafana/New Relic dashboards for real-time monitoring.
- Analysis of performance tests and HPA tuning on 40 PHP microservices.
- ...
Platform tooling :- Development of "Hyperloop" - an internal Slack bot allowing teams to deploy to staging and production via a single command, with orchestration of QA workflows, customer notifications, and rollback.
- Implementation of ArgoCD with automatic synchronization of clusters and credentials. Helm optimization across all PHP projects (40 applications).
- ...
Reviews
P
Pierrick
fluctuo
Reviewed on 7/22/2020
Excellent experience with Ilan. He knew how to propose the right choices for setting up our K8s cluster with the right tools without overwhelming us. The result is accessible and scalable.
Very pedagogical and available throughout the mission.
Hugo
Padam Mobility
Reviewed on 1/21/2020
Ilan took ownership of the continuous deployment project with great involvement, seeking to thoroughly understand our needs to provide the most suitable solution. He made it a point of honor to deliver the solution with a sense of quality and understanding from the entire technical team. His skills in iOS as well as DevOps are a rare combination that can bring a lot of value to a development project.
Recommendations
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Certifications
- Kubernetes Application DeveloperCloud Native Computing Foundation
- AWS Certified Solutions Architect – AssociateAmazon Web Services (AWS)