Paul Chanvallon

Project: Improvement and maintenance of Azure platform based on Azure Landing Zone framework

- Deployment of new platform components using Terraform with Terragrunt layering

- Automation of all platform components deployment using GitHub Actions

- Creation of an Azure Kubernetes Service cluster exposed by a Frontdoor premium and Private link services for platform multi-service APIs and SPA hosting

- Creation of APIs and SPA Kubernetes deployment using Helm charts and Docker images

- Implementation of an event-driven architecture using Azure Service Bus and Keda workers

- Implementation of Terraform providers in Go for custom APIs and Tufin API

- Self-service request service setup based on GitHub actions and GitHub issues

- Design and implementation of a post-installation solution to deploy agents on IaaS workloads using VM applications, Azure policies and Azure Network Manager

- Design and implementation of the deployment of the Private DNS resolver for OnPrem servers’ resolution

- Design and implementation of workaround to overcome Azure limitations or services specificities

- Design and implementation of a solution to replace centralized Log Analytics workspace by an Azure Data Explorer/Kusto cluster and several Azure Event Hubs

- Security hardening of infrastructure, identity and workload access following cybersecurity audit findings

- Implementation and integration of a PowerApp connector to call a custom API

- Infrastructure deployment tests using Pester framework

- Implementation of a monitoring and alerting solution using Prometheus exporters and Grafana dashboards

- Application of SRE methods like error budget, incidents post-mortem

- FinOps analysis and remediations to avoid uncontrolled costs

- Application teams support for design validation and implementation guidance or troubleshoot

Project: Run and maintenance of legacy Azure platforms

- Maintenance of Azure DevOps pipelines

- Windows/Linux servers’ administration

- Proxy server’s configuration like NGINX or SQUID systems

- Ansible Tower administration and Ansible playbooks maintenance

- Windows Virtual Desktop and Citrix solution administration

- Platform related issues troubleshoot with application teams

- Active Directory management for joined VM authentication

- Secure vulnerable applications by deploying network security like WAF policies and Application gateways

Project: Cloud platform implementation based on Azure Landing Zone framework

- Implementation of Microsoft Cloud Adoption Framework Azure Landing Zone (ex Enterprise-at-scale) in collaboration with Microsoft Consulting Services (MCS) and Microsoft Cloud Solution Architects (CSA)

- Deployment in a fully automated way by orchestrating Terraform deployment using Terragrunt layering, or by Powershell or Shell scripts if not possible in Terraform

- Creation of the whole Azure Landing Zone architecture by deploying Management Groups hierarchy, custom RBAC roles and Azure policies

- Development of custom policies for non-built-in covered use cases in order to enforce Cybersecurity, SRE or FinOps best practices

- Setup of all networking capacities in a multi-regional Hub & Spoke topology with shared services like Azure Firewall, Express Route gateways, DNS zones, Private Endpoints

- Automatic testing of Terraform modules using Kitchen-Terraform and Pytest

- Implementation of several APIs in .NET Core for platform management like Azure AD assets management, IPAM API for IP allocation and traceability or scheduled security scanning, deployed on Azure App services and Azure App function

- Configuration of Azure AD application registration to use OIDC authentication with custom App roles

- Deployment of example applications to demonstrate implementation best practices for simple web application, multi-regional web applications, and Kubernetes applications

- Development of an Ansible role for terraform backend creation, tested with Molecule and Pytest and registered on Ansible Galaxy