Konstantin Makeikin

Florianópolis, Brazil · Remote

• > Sole engineer owning the full infrastructure lifecycle for a multi-cloud platform: 259 servers, 30+ countries, 5,000+ active users, 99.9% uptime
• > IaC with Ansible — automated provisioning, configuration management, and rolling updates across the entire fleet, reducing manual ops from hours to minutes per deploy
• > CI/CD pipelines (GitLab CI) with blue-green deployments, automated tests, SAST scanning, and zero-downtime releases — deploy frequency 5-10x/week
• > Full observability stack: Prometheus + Grafana (26 alert rules, 13 dashboards), Loki centralized logging, Alertmanager → Telegram + PagerDuty, MTTR < 5 min
• > Migrated L4 proxy from nginx to kernel-space nftables + flowtable — cut RAM 75% (1.6 GB → 400 MB per node), eliminated userspace bottleneck under peak load
• > Security hardening: Trivy container scanning in CI, CIS Benchmarks, automated credential rotation, compromised node detection and replacement
• > Automated TLS rotation across entire fleet (Let's Encrypt + Ansible), geo-distributed failover with healthcheck-based DNS routing — zero certificate-related outages
• > Capacity planning: per-region utilization dashboards, automated server pool scaling, canary deployments for critical config changes — handled 3x traffic growth without incidents

Florianópolis, Brazil · Remote

• > Owned infrastructure and CI/CD for a 31-microservice platform (28 repos): real-time vessel monitoring and fleet management across international waters
• > CI/CD for all 31 services: GitLab pipelines with automated testing, container builds, staged rollouts — reduced release cycle from days to hours
• > Docker Compose for local dev, Docker Swarm for staging/production — service orchestration, rolling updates, zero-downtime deployments
• > Prometheus + Grafana monitoring: service health, latency percentiles (p95/p99), resource utilization, on-call alerting — reduced incident response time by 60%
• > Managed PostgreSQL + TimescaleDB cluster: 100K+ telemetry events/day ingestion, automated retention policies, query optimization — sub-second dashboard loads
• > Event-driven architecture: NATS JetStream + Redis Pub/Sub for reliable inter-service messaging with at-least-once delivery guarantees
• > Backend when needed: 15+ microservices (Java/Kotlin, Spring Boot), edge agent in Go for satellite-linked vessel data collection via MQTT/Modbus/NMEA-0183

Remote

• > Managed multi-AZ EKS clusters in a 5-person platform team: namespace isolation, RBAC, network policies, pod security standards for regulated fintech workloads
• > HashiCorp Vault secrets management: dynamic DB credentials, transit encryption, PKI for internal mTLS — eliminated hardcoded secrets across all services
• > Terraform IaC: multi-environment provisioning (dev/staging/prod), remote state with locking — infrastructure changes peer-reviewed via merge requests
• > GitLab CI/CD with SAST/DAST scanning, container image signing, automated compliance checks — zero security incidents during tenure
• > Blue-green deployment strategy for payment-critical services — zero-downtime releases with instant rollback capability
• > Observability for EKS: Prometheus + Grafana pod metrics, HPA scaling events, FinOps cost dashboards (identified 20% cloud spend savings), PagerDuty integration

• > Independent consulting practice serving 15+ SMB/mid-market clients: architecture design, capacity planning, cloud and on-prem migration strategies
• > Provisioned and managed 40+ Linux servers (Docker, Ansible) across dedicated and cloud environments — standardized deployments, cut provisioning time from days to hours
• > Zabbix monitoring across all client environments — 200+ hosts, 99.5%+ uptime SLA, automated incident escalation via Telegram and email
• > Backup strategies with daily verification, DR runbooks, security hardening (CIS benchmarks, SSH hardening, fail2ban) — zero data loss incidents across all clients

• > Progressed from Network Admin to Operations Lead managing a regional ISP: 14,000+ subscribers, team of 35, multi-city coverage
• > Built long-haul fiber backbone (DWDM, redundant optical links, multi-operator interconnects) — peak 180 Gbps, 99.95% backbone availability
• > Designed and launched local IX (Internet Exchange) for regional operator peering — reduced transit costs by 30% through direct peering agreements
• > Managed 500+ switches, GPON/xPON terminals, DOCSIS infrastructure — automated monitoring with Zabbix, handling 500+ tickets/week
• > Built bare-metal DC from scratch: rack-mount servers, PDU/UPS, cooling — 50+ servers provisioned and maintained with Ansible automation
• > Full ISP service stack: BGP/IX peering, VRF, DHCP/DNS HA, CGNAT, NetFlow, IPAM — all documented with runbooks and DR procedures
• > Led disaster recovery after catastrophic DB failure — restored service for 14,000+ customers with zero data loss within SLA

Moscow Region, Russia

• > Promoted twice in 2 years (Support → Admin → Senior Admin), managed DOCSIS 2/3 cable infrastructure for 5,000+ subscribers