Loic L.

Scoping mission for a multi-account AWS Landing Zone for the Île-de-France public transport group (RATPCAP), via ABTEKA.

Program 1 — Multi-account AWS Landing Zone (network backbone): 7 AWS accounts architecture (1 hub + 6 spokes), Transit Gateway backbone, Route 53 Resolver hybrid DNS, cross-AZ FortiGate-VM ATP HA inspection. Terraform code 3,822 LOC in 13 reusable modules, 25 stacks, GitLab→AWS federated OIDC (zero static keys), 5-stage parallel:matrix pipeline.

Program 2 — Ticketing System Integration (Token Broker): Token Broker pattern 290 PAX terminals, 26-35k calls/day volume, TTL caching, idempotence, HATEOAS absorption, k6 load POC with Python analyzer.

Program 3 — Fleet Telematics: API Gateway + Lambda + SQS facade architecture, 2,000 vehicles, 7 formal ADRs, target cost ~€620/month.

Program 4 — Hybrid Identity Resilience: RADIUS + AD + cross-DC DNS discovery, 4-mode failover strategy.

Program 5 — SecNumCloud v3.2 Compliance: gap analysis of AWS footprint 6 accounts, prioritized backlog P0/P1/P2.

Program 6 — Fortinet + Meraki Network CI/CD: industrialization of 94 FortiGates + 100+ Merakis, 13 GitLab CI Components, reverse GitOps L1/L2.

Landing Zone Security: IAM Identity Center (5 permission sets, 4 SCPs, JIT break-glass), Prowler audited on 10+ frameworks (CIS 1.4-3.0, AWS FSBP), Level 3 Security Group audit (195 SGs, 66 critical rules).

AWS (Organizations, TGW, VPC, Route53 Resolver, RAM, KMS, IAM Identity Center, Config, CloudTrail, DynamoDB, Lambda, API Gateway, Secrets Manager) | Terraform 1.6+ | GitLab CI Components + Federated OIDC | FortiManager | Meraki | Prowler | k6 | Python automation | ANSSI / NIS2 / SecNumCloud v3.2

Industrial cloud platform supporting supply chain robots deployed at 300+ clients. Transition management mission for the Core Infrastructure function, combined with a Cloud Platform & Observability Architect role.

Cross-functional management of 4 teams (~30 people): Core Platform (~15), Security (~7), Tools (~5), FinOps (~3). Participation in architecture committees, TDR steering.

Design and governance of a hybrid AWS / on-prem platform (standardization, reliability, operations).

Industrialization of deployments (IaC Terraform) and implementation of CI/CD pipelines.

Centralized observability (metrics, logs, alerting), OpenTelemetry instrumentation, APM, end-to-end monitoring + synthetic checks, SLO/SLI dashboards.

DRP/PRA contribution: backup/restore, recovery tests, operational runbooks. Implementation of Chaos Engineering scenarios on critical components.

Contribution to Agent/LLM POCs for Ops (knowledge retrieval, incident summarization) with governance, security, and traceability.

Results: Availability > 99.9%, MTTR -40%, 70% of deployments automated. 30% reduction in incidents through run organization, observability, and automation. Platform operated internationally (300+ clients).

AWS (EC2, S3, RDS, EKS, Lambda, VPC, IAM, CloudWatch, X-Ray) | Docker | Kubernetes (EKS) | Terraform | Jenkins | Git | Prometheus | Grafana | Loki | OpenTelemetry | Agents/LLM (POC) | Jira | Monday

French investment bank. Data and AI platforms in a regulated hybrid Cloud & On-Premise environment (Risk, Compliance, HR scopes). Strong auditability and traceability requirements.

Design of hybrid Cloud / On-Premise architectures: integration patterns, environment separation, event-driven approach for event flow and traceability.

Scoping of Generative AI and RAG use cases in a banking regulatory context: integration, access control, logs/audit, security & traceability. Execution of Agent/LLM POCs.

Contribution to Enterprise Architecture: IT mapping, repositories, trajectories/roadmaps, using LeanIX / TOGAF.

Contribution to Data Governance: data lineage, data catalog, MDM / golden sources, data products, DQ controls.

Integration of DORA, BCBS239, GDPR requirements through controls, logs, audits, committees, and architecture governance.