About Deepak
I’m a senior AWS Security & Platform Architect and DevOps consultant with deep experience designing, enforcing, and operating cloud platforms at enterprise scale. My work sits at the intersection of security, governance, platform engineering, and delivery automation, with a strong focus on making cloud environments secure, reliable, and auditable by default. I currently lead organization-wide AWS security and governance initiatives in a large multi-account environment, defining mandatory security baselines, guardrails, and control mechanisms aligned with regulatory requirements such as DORA and NIS2. This includes IAM and access governance, SCP/RCP enforcement, logging and detection platforms, backup and disaster recovery validation, and policy-driven automation using Terraform and DevSecOps practices. Across previous engagements, I’ve led on-premise to AWS migrations end to end from architecture and connectivity design through production go-live covering highly available infrastructure, CI/CD platforms, observability, cost management, and operational resilience. I’ve standardized delivery pipelines (GitLab + AWS), automated infrastructure with Terraform and Ansible, implemented Kubernetes/EKS platforms, and built reusable platform components adopted across multiple teams. I work closely with engineering teams, security, and stakeholders to translate requirements into practical, enforceable architectures that scale without slowing teams down. My focus is always on reducing manual effort, preventing bypass of controls, and improving reliability, visibility, and audit readiness. I operate through Cloud Trekkers B.V. and am available for contract or freelance engagements. Based in the Netherlands (Amsterdam / Den Haag / Rotterdam region) and open to remote or hybrid work.
English
Native or bilingual
Can work on-site
The Hague (up to 50km), Amsterdam (up to 10km)
Experience
- The Cloud Trekkers BVAWS Security Architect(Contractor for Odido)March 2024 - Today (2 years and 3 months)The Hague, ZH, NetherlandsDefined and enforced organization-wide cloud security, governance, and platform architecture across a large-scale multi-account AWS environment.• Designed and implemented a mandatory security baseline using Security Hub, GuardDuty, Detective, Config, Security Lake, and WAF — codified via Terraform for repeatability, auditability, and compliance (DORA/NIS2 aligned)• Architected preventive governance controls using SCPs/RCPs covering tagging, IAM protection, KMS constraints, and backup isolation (Rubrik)• Delivered end-to-end Rubrik integration including policy design, enforcement, and DR validation• Built automated governance frameworks using Service Catalog, Lambda, and Config rules to improve cost allocation, ownership visibility, and audit readiness• Implemented IAM lifecycle automation with CyberArk-integrated access key rotation and near-zero manual overhead• Architected Security Lake pipelines (Glue, Athena, OCSF) and developed a Bedrock-powered interface to accelerate threat analysis• Designed security detection use cases and integrated log pipelines to CrowdStrike, enabling automated alerting and correlation from AWS security logs for enhanced threat detection and response• Led application-layer security: architected AWS WAF for L7 DDoS protection using adaptive rate-limiting, custom rules, and attack-pattern analysis; handled high-volume traffic bursts with zero backend impact while reducing false positives• Integrated security findings into centralized observability (OpsRamp) for unified incident workflows• Strengthened EKS governance using Gatekeeper and Terraform-based policy enforcement• Delivered Athena dashboards for threat analytics, compliance reporting, and cost optimization• Enhanced identity governance using Identity Center and Access Analyzer for cross-account least-privilege enforcement
- The Cloud Trekkers BVSenior Devops Consultant(Contractor for LeasePlan)September 2022 - November 2023 (1 year and 2 months)Working on deploying workloads from Test to Production.Cover all steps needed for project to Go live from architecture phase.Devops automation activity on AWS,CICD pipeline making systems fault tolerant and Highly available. Replicate all components in Data Center into AWS using Terraform(IAC),Ansible Tower(deployment),Datadog(Monitoring Setup).Setup monitoring, Dashboards, synthetic monitors and logs shipping in Datadog with Terraform IAC. Work with stakeholders to understand day to day needs in Data center,use AWS components to migrate data from Data center into AWS using S3,SFTP ,VPC end point,landing zone etc. Use Gitlab for Terraform(IAC) and Ansible Tower(deployment),code is handled in CICD process with multiple approvals before deploying to production. Create documents needed for Go live of project and present to management, documents include Cost management techniques(used AWS services),Disaster recovery steps(use Commvault and AWS CLI commands).Replicate Disaster recovery on EC2/RDS using Commvault/AWS services, example terminate RDS and recover from AWS pointintime restore techniques, cross region/cross account S3 bucket replication. Work on POC for devops team to provide platform engineering level solution(solutions reuse across organisation),this reduces effort and cost for other teams.Example cross region/cross account S3 bucket replication, connect windows instances to AD using Ansible AWX etc. Worked on AWS security tools Security hub,KMS,WAF,Secrets manager,IAM policy creation,Guard Duty etc. AWS EKS kubernetes (Create terraform IAC for RBAC,Service account,HPA,cluster auto scalar,EFS,helm and ingress resources).Build all resources in k8s using terraform and grouping ingress/namespaces per workload
- The cloud Trekkers BVSenior Devops Consultant (Contractor for Essent IT)July 2021 - August 2022 (1 year and 1 month)Working on enhancing, cost saving projects for the company.Analyse current short falls in CICD,DevOps flows,AWS landscape and come up with new solution to mitigate issues faced by developers and stakeholders. Discuss current architecture and provide suggestion on improvement, provide detailed analysis of investigation/assessment and present the solutions to stakeholders. Devops automation activity on AWS,CICD pipeline making systems fault tolerant and Highly available.Prepare terraform code for creating code pipeline in AWS ,S3 bucket etc. Working on cost effective environment by decommission Bitbucket and Jenkins, move all code to Gitlab.Projects to migrate all source codes from other source code to Gitlab and helping teams settings up CICd pipelines and adding runners in Gitlab. Integrate GitLab with Aws code pipeline for deployments ,store artifacts in S3 and ECR(containers),cost saving by eliminating third party tools.All project deployment setup created from Gitlab to AWS instances using AWS codePipeline. Worked on security tools like Sonarqube,AWS inspector,security hub,secrets manager etc. Synthetic monitoring of all Essent IT websites login/bill usage etc using Appdynamics(code written in python).Alerting setup in case of issues.
Recommendations
Be the first to recommend Deepak
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Red Hat Certified Specialist in Ansible Automation AWS Certified SysOps Administrator - Associate PRINCE2® Foundation Certificate in Project ManagementRed Hat Certified Specialist in Ansible Automation AWS Certified SysOps Administrator - Associate PRINCE2® Foundation Certificate in Project Management
- Certified: Terraform AssociateHashiCorpCertified: Terraform Associate