⎈ context: omar-albalouli · namespace: career · cluster reachable · 4+ years uptime
❯ kubectl get pod/whoami -o yaml
apiVersion: career/v1
kind:
Engineer
metadata:
name:
Omar Albalouli
labels:
role:
Senior DevOps Engineer · DevSecOps & Cloud Security
experience:
"4+ years"
spec:
summary: |
Senior DevOps Engineer and security specialist with 4+ years building and securing highly available cloud and Kubernetes platforms. Specialized in embedding security across the SDLC: integrating SAST, SCA, and container image scanning (SonarQube, Trivy) into CI/CD, centralizing secrets with HashiCorp Vault, and hardening internet-facing workloads with Cloudflare. Proven track record across AWS, Azure, Terraform, Linux, and Python in identifying, triaging, and remediating vulnerabilities and driving DevSecOps practices that bake robust security into every stage of delivery.
contact:
[email protected]
status:
phase:
Available
❯ kubectl get pods
| name | ready | status | restarts |
| kubernetes | 1/1 | Running | 0 |
| aws | 1/1 | Running | 0 |
| terraform | 1/1 | Running | 0 |
| linux | 1/1 | Running | 0 |
| python | 1/1 | Running | 0 |
| azure | 1/1 | Running | 0 |
| helm | 1/1 | Running | 0 |
| teamcity | 1/1 | Running | 0 |
| azuredevops | 1/1 | Running | 0 |
| githubactions | 1/1 | Running | 0 |
| hashicorpvault | 1/1 | Running | 0 |
| cloudflare | 1/1 | Running | 0 |
| sonarqube | 1/1 | Running | 0 |
| trivy | 1/1 | Running | 0 |
| devsecops | 1/1 | Running | 0 |
| penetrationtesting | 1/1 | Running | 0 |
| vulnerabilityresearch(cve) | 1/1 | Running | 0 |
| prometheus | 1/1 | Running | 0 |
| grafana | 1/1 | Running | 0 |
| opensearch | 1/1 | Running | 0 |
| newrelic | 1/1 | Running | 0 |
| ansible | 1/1 | Running | 0 |
| argocd | 1/1 | Running | 0 |
| kafka | 1/1 | Running | 0 |
| rabbitmq | 1/1 | Running | 0 |
| mysql | 1/1 | Running | 0 |
| postgresql | 1/1 | Running | 0 |
| mongodb | 1/1 | Running | 0 |
| networking | 1/1 | Running | 0 |
| vulnerabilitymanagement | 1/1 | Running | 0 |
| sast/sca/dast | 1/1 | Running | 0 |
| containersecurity | 1/1 | Running | 0 |
| threatmodeling | 1/1 | Running | 0 |
❯ kubectl get jobs
| name | role | completions | age |
| cfi | Senior DevOps Engineer | active | January 2025 – now |
| network-international | Cloud Engineer | 1/1 | June 2024 – January 2025 |
| aspire-it-services-client-network-international | DevOps Engineer | 1/1 | March 2023 – June 2024 |
| electronic-health-solutions-ehs-hakeem | DevOps / Linux System Administrator | 1/1 | September 2022 – February 2023 |
❯ kubectl describe job/cfi
Name: cfi Role: Senior DevOps Engineer January 2025 — Present
Leading DevSecOps across the SDLC for a regional fintech.
Responsibilities:
• Lead DevSecOps across the SDLC — threat-modeling services and embedding SAST (SonarQube), SCA, and container image scanning into CI/CD, reducing high/critical vulnerabilities reaching production by 90% and auto-blocking insecure builds.
• Centralized secrets and credentials across all applications with HashiCorp Vault, eliminating hard-coded secrets and enabling short-lived, dynamic credentials.
• Secured internet-facing workloads with Cloudflare (WAF, DDoS protection, DNS, and zero-trust access).
• Operate business-critical, highly available Kubernetes clusters on self-managed AWS EC2, sustaining 99.95% uptime with zero-downtime upgrades.
• Provision cloud and on-prem infrastructure as code with Terraform for repeatable, version-controlled deployments.
• Build and maintain GitHub Actions CI/CD pipelines with automated testing, security gates, and deployment across all services.
• Design, provision, and operate OpenSearch clusters on AWS alongside Prometheus and Grafana for proactive monitoring, alerting, and security visibility.
• Implement New Relic APM to surface latency, errors, and bottlenecks across services.
• Administer and secure on-prem MySQL, PostgreSQL, and MongoDB, plus highly available RabbitMQ and Kafka on Kubernetes, with backup, replication, and HA strategies.
❯ kubectl describe job/network-international
Name: network-international Role: Cloud Engineer June 2024 — January 2025
Responsibilities:
• Managed 10+ Kubernetes clusters across Azure, AWS, OCI, and on-premises, ensuring scalability and high availability.
• Architected and deployed high-availability Kubernetes clusters on-premises using Ansible, Kubeadm, MetalLB, and Longhorn.
• Designed and implemented infrastructure as code (IaC) using Terraform.
• Created and maintained CI/CD pipelines using Azure DevOps, TeamCity, Python, and Bash scripting.
• Automated the release process to a single click — Slack notifications and Confluence release notes.
• Integrated SAST and SCA tools (Prisma Cloud, Veracode, SonarQube) into CI/CD to enforce application security and compliance.
❯ kubectl describe job/aspire-it-services-client-network-international
Name: aspire-it-services-client-network-international Role: DevOps Engineer March 2023 — June 2024
Responsibilities:
• Deployed and managed AWS resources including EC2 and EKS clusters using Terraform.
• Deployed and managed containerized applications using EKS and Helm.
• Designed and implemented CI/CD pipelines using AWS CodePipeline and AWS CodeBuild.
• Partnered with development and QA teams to containerize applications and automate EKS deployment pipelines, reducing release friction and environment drift.
❯ kubectl describe job/electronic-health-solutions-ehs-hakeem
Name: electronic-health-solutions-ehs-hakeem Role: DevOps / Linux System Administrator September 2022 — February 2023
Responsibilities:
• Managed critical environments with zero downtime, ensuring continuous availability and reliability.
• Managed on-premises Red Hat Linux servers for optimal performance and security.
• Implemented and maintained CI/CD pipelines using Jenkins.
• Developed and maintained Ansible playbooks for configuration and deployment automation.
• Configured and managed monitoring tools: Nagios, Prometheus, and Grafana.
• Configured and managed high-available load balancers using HAProxy and Keepalived.
❯ kubectl get certificates
❯ kubectl logs education
BSc, Computer and Network Engineering — Al Balqa Applied University, Amman (2022) · GPA 3.55
❯ kubectl logs security-research
Discovered and responsibly disclosed an authorization bypass in Moodle (open-source LMS) — CVE-2022-40208 (CWE-285): students could circumvent sequential quiz navigation via web services. Performed application and source-code analysis, reported upstream, and coordinated remediation through a responsible-disclosure process.
❯ kubectl get contacts