You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Jean-Noël LesdemaJL

Jean-Noël Lesdema

Platform Engineer | DevOps | Cloud & Bare-Metal

€700/day
Paris, FR
8-15 years
Kubernetes
Ansible
Golang
Python
Node.js

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Jean-Noël

Go, Python, Node.js backend developer for 13 years, moved to infrastructure: Kubernetes, networking (BGP, WireGuard, Headscale), security (Vault, PKI), IaC (Terraform, Ansible).

In my free time, I am building jxmas.cloud, a multi-site provider-agnostic (AWS, GCP, bare-metal), open-source, and geo-redundant platform, with declarative failover and daily DR drills.

I host an LLM forge there, among other things.
Software Publishing
Banking and Financial Services
Defense and Military
Digital Business Models
Digital and IT Services

  • French

    Native or bilingual

  • English

    Fluent

Can work on-site
Paris (up to 10km)

Experience

  • JXMAS Cloud
    Platform Architect
    TECH
    January 2020 - Today (6 years and 5 months)
    Paris, France
    Self-hosted multi-site cloud platform (AWS + on-premises bare-metal), Kubernetes & Ceph & Mesh VPN, open-source first, zero critical managed services

    • Dual-cluster active/passive AWS + bare-metal: declarative failover (Vault, Envoy L4, Ceph S3 multi-site, anti-split-brain) — in progress
    • Multi-node kubeadm Kubernetes cluster: bootstrap from scratch, CNI Flannel, NGINX Ingress, CoreDNS, cert-manager, Reloader, Reflector, layer-structured namespaces
    • Inter-site AWS ↔ bare-metal routing via BGP: redundant gateway via double site-to-site WireGuard tunnel, automatic route selection, automatic failover
    • Bare-metal multi-layer networking: transparent TCP proxy (bastion → S2S tunnel → VIP), BGP gateway failover, 3 L2 keepalived VRRP VIPs, HAProxy load balancing → K8s NodePorts
    • Headscale VPN Mesh (open-source Tailscale): encrypted inter-site admin access, OIDC authentication via Ory Hydra, mandatory 2FA
    • Ceph/Rook distributed storage: two tiers (NVMe performance, HDD capacity), 3x replication, dynamic RBD provisioning
    • Two-tier Vault: vault-root (bastion, Shamir) provides Transit engine as KMS for vault-app (K8s, auto-unseal)
    • Two-level automated PKI: internal step-ca (direct JWK), Let's Encrypt (Route53 DNS-01), cert-manager
    • Open-source IAM: Ory Kratos (identity), Hydra (OIDC), Keto (authorization), Oathkeeper (auth proxy)
    • Infrastructure as Code: 80+ idempotent Ansible playbooks in 10 tiers (000 to 900), Terraform AWS
    • Self-hosted services: code forge, container registry, observability, databases, secure SMTP messaging, internal DNS

    Technologies: Kubernetes, Ansible, Terraform, Vault, step-ca, Ory, PostgreSQL, Redis, Ceph, AWS, CoreDNS, WireGuard, Headscale, HAProxy, GoBGP, keepalived, Flannel, cert-manager
    Kubernetes Ansible Terraform PostgreSQL Amazon Web Services
  • Thales
    Fullstack Go / Angular Developer
    DEFENSE AND MILITARY
    July 2025 - Today (11 months)
    La Defense, Puteaux, France
    Defense project: ~20 Go microservices, Angular microfrontend architecture (Lerna monorepo, 80+ packages).

    • Full frontend ownership on a 5-year-old Angular monorepo (microshell, registryService, microfrontend state injection): feature development and bug fixes
    • Go backend development and debugging: APIs, microservices communicating via NATS (tracing message chains across 3+ services to identify and fix cross-service bugs)
    • Creation of advanced testing tools: custom Robot Framework libraries using OpenCV to detect the presence and location of symbols on a map
    • Development of a shadow banner (Shadow DOM) injected into the application to contextualize automated test steps (Selenium/Robot Framework)

    Technologies: Go, Angular, TypeScript, Lerna, NATS, PostgreSQL, Traefik, Docker Compose, Kubernetes, Robot Framework, Selenium, OpenCV, Python
    Golang Kubernetes Python PostgreSQL Docker
  • BNP Paribas
    DevOps Engineer – Monitoring Infrastructure
    BANKING AND INSURANCE
    March 2023 - April 2025 (2 years and 1 month)
    Paris, France
    • Administration of 12 Dynatrace clusters in production (600+ machines, 50,000+ monitored servers)
    • Development of a CLI (Node.js/CommanderJS) to automate server inventory: Dynatrace API connectors, ServiceNow, reverse-engineering of internal portals
    • Automation via Ansible/Tower: scaling up/out clusters, LVM/XFS disk management, network traffic opening
    • Incident management and on-call for critical infrastructure

    Technologies: Dynatrace, Node.js, Python, Ansible, Tower, Linux, LVM, XFS, REST API
    Ansible Node.js Linux Python Docker
Check out Jean-Noël's experience

Recommendations

Be the first to recommend Jean-Noël

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • Network Security
    CNAM Paris
    2020
    Sécurité des réseaux, cryptographie, infrastructure PKI, TLS, pare-feu
  • Engineering Degree
    Institut d'Optique Graduate School
    2012
    Diplôme d'Ingénieur, Traitement du signal et des images (2009–2012)
Check out Jean-Noël's education

Skill set

Terraform
Docker
Amazon Web Services
PostgreSQL
Linux
LLM
Machine learning

Categories