Je travaille sur la sécurisation des applications et des infrastructures cloud (DevSecOps). J’aide les entreprises à : sécuriser leurs déploiements (CI/CD, Docker, cloud) corriger les failles de sécurité avant qu’elles ne deviennent critiques réduire leurs coûts cloud en optimisant leur architecture Mon objectif est simple : rendre les systèmes plus fiables, sécurisés et rentables. Je suis actuellement ouvert à des opportunités et à des collaborations avec des entreprises souhaitant améliorer leur infrastructure.

PROFESSIONAL SUMMARY

DevSecOps & Cloud Engineer with 5 years of experience designing, securing, and operating critical infrastructure on AWS and Kubernetes. I have worked across German government platforms under strict GDPR requirements, high-traffic multi-tenant SaaS products, fintech startups pursuing SOC 2 certification, and national-scale microservices ecosystems.

Security is embedded into everything I build: automated SAST/DAST in CI/CD pipelines, secrets management with HashiCorp Vault, Kubernetes hardening, and continuous compliance controls. Delivered results: 60% cloud cost reduction via FinOps, 99.95% SLA in production, infrastructure handling peaks of 1M+ requests with zero incidents.

TECHNICAL SKILLS

Security & DevSecOps

• SAST (SonarQube, Semgrep)
• DAST (OWASP ZAP)
• HashiCorp Vault
• Zero Trust architecture
• OPA Gatekeeper
• Kubernetes hardening (CIS Benchmark)
• SIEM
• IAM least-privilege
• SOC 2 / ISO 27001
• GDPR compliance

Cloud & Orchestration

• AWS (EC2, EKS, RDS, S3, Lambda, IAM, CloudWatch, WAF, Shield, Security Hub)
• GCP
• Kubernetes (RKE2, EKS, bare-metal)
• Docker
• Helm

IaC & CI/CD

• Terraform
• Ansible
• GitHub Actions
• ArgoCD
• GitOps
• Blue-Green deployments
• Automated security gates in pipelines

Observability & SRE

• Prometheus
• Grafana
• Datadog
• Uptime Kuma
• CloudWatch
• SLO/SLA definition
• P1/P2 incident management
• Runbooks
• Post-mortems

Backend & Data

• Node.js
• TypeScript
• Python (FastAPI)
• PostgreSQL
• On-premise ETL pipelines

FinOps

• AWS cost auditing
• Resource right-sizing
• Reserved instances
• Dormant infrastructure cleanup

PROFESSIONAL EXPERIENCE

DevSecOps Consultant — NyxenTech

Nov. 2025 – Mar. 2026 | Remote

nyxentech.io — Cloud infrastructure & cybersecurity firm for startups and fintech companies

DevSecOps & Cloud Engineer — Kaeyros Analytics

Sep. 2023 – Feb. 2026 | Hybrid

Backend Developer & Cloud Consultant — Freelance

Jan. 2021 – Aug. 2023 | Remote

• Designed and deployed Zero Trust AWS architectures for fintech startups pursuing SOC 2 Type II certification: least-privilege IAM, inter-pod network policies, end-to-end encryption, and secrets management via HashiCorp Vault.
• Built end-to-end DevSecOps pipelines (SAST, DAST, Trivy image scanning, OPA Gatekeeper) to automate compliance checks at every release — achieving zero critical findings before audit.
• Led emergency Kubernetes hardening post-incident: rebuilt environments with OPA Gatekeeper, network policies, real-time threat detection, and a full incident response playbook — production restored and secured within 72 hours.
• Delivered full GitOps pipelines (GitHub Actions, ArgoCD) with Blue-Green deployments, PR previews, automated test gates, and rollback on failure — reducing deploy time from 45 min to under 2 min.
• Audited and optimized AWS spending across client accounts, consistently achieving 40% average cost reduction through right-sizing, reserved instances, and elimination of unused resources.
• Integrated a full DevSecOps chain into CI/CD pipelines: SAST (SonarQube, Semgrep) and DAST (OWASP ZAP) at every Pull Request, with automatic build blocking on critical vulnerabilities before any production release.
• Deployed centralized secrets management with HashiCorp Vault across all projects — fully eliminating hardcoded credentials from code and configuration files.
• Hardened RKE2 Kubernetes clusters against the CIS Benchmark: network policies, restrictive RBAC, Docker image scanning (Trivy), and removal of unnecessary root capabilities.
• Led DevOps operations across 5+ concurrent client projects, coordinating with distributed teams of developers and data scientists across Europe and Africa.
• Deployed and maintained observability stacks (Prometheus, Grafana, Uptime Kuma) across 30+ applications with automated alerting, SLO tracking, and on-call runbooks.
• Executed a FinOps strategy that cut AWS monthly spend from $1,500 to $600 (–60%) through right-sizing, reserved instances, and infrastructure cleanup.
• Led P1/P2 post-mortems and standardized incident response procedures, delivering measurable MTTR improvement.
• Designed and containerized 10+ production REST APIs (NestJS/TypeScript) with OAuth2/JWT authentication, deployed on AWS with auto-scaling and zero-downtime Blue-Green pipelines.
• Reduced PostgreSQL query latency by 30% through targeted indexing, query optimization, and connection pooling.
• Advised SMBs on cloud migration, IaC adoption (Terraform), and CI/CD setup — cutting manual deployment effort by ~70% across all engagements.

KEY PROJECTS & PLATFORMS

German Government Platforms — NRW State (GDPR / Cybersecurity)

• MIRA
• DINA
• MIQ
• MEDAR
• Operated 4 production environments handling sensitive government data (discrimination and racism reporting) for the State of North Rhine-Westphalia, under strict GDPR constraints.
• Deployed hardened multi-node RKE2 Kubernetes clusters with end-to-end encryption, multi-layer DevSecOps scanning integrated into the pipeline, Vault-based secrets management, and full audit trail logging.
• Implemented Zero Trust architecture: inter-pod network policies, automatic secret rotation, and RBAC with least-privilege access control.
• Maintained 99.9%+ availability with formal incident response procedures and regular compliance reporting.

SEMA Platform — B2B CRM & Microservices

sem-a.com

• Architected infrastructure for a multi-service B2B ecosystem: SEMA Travel, SEMA Chatbot (WhatsApp integration), and Attendance Tracking — with service isolation and secured inter-microservice communication.
• Scaled the platform to absorb a 6-month national tombola campaign for Boissons du Cameroun (SABC), handling peaks of 1M+ requests with zero SLA breaches through proactive load testing and horizontal auto-scaling.

EZE Platform — Multi-tenant Educational SaaS

eze-platform.com

• Designed auto-scaling AWS infrastructure (EKS, Multi-AZ RDS, S3, CloudFront) for a multi-tenant SaaS serving 10,000+ concurrent users, with strict per-tenant data isolation.
• Achieved 99.95% availability via Multi-AZ architecture, GitHub Actions pipelines with Blue-Green deployments, and automatic rollback on failed health checks.
• Defined and tracked SLOs (availability, P95 latency) through dedicated Grafana dashboards.

CERTIFICATIONS & EDUCATION

• AWS Certified Solutions Architect – Associate | Amazon Web Services
• 100 Days of DevOps | KodeKloud (RKE2, GitOps, CI/CD Automation)
• DevOps on AWS Specialization | Coursera
• AI Career Essentials (AICE) & AI Starter Kit | ALX Africa
• Software Engineering Program | ALX Africa (Backend Specialization — 12 months)
• Cloud Developer Nanodegree | Udacity
• Bachelor in Software Engineering | Siantou University, Cameroon

LANGUAGES

• French — Native
• English — Professional working proficiency