bchoy.me
Blog About Resume
bchoy.me

Resume

General

OptionDescription
Languages/FrameworksPython, Golang, Ruby, TypeScript, NodeJS, Bash
GitHubhttps://github.com/bycEEE
Websitehttps://bchoy.me
EducationBinghamton University, Computer Science

TLDR

  • AWS infrastructure as code: Terraform, AWS CDK, AWS CloudFormation.
  • Kubernetes provisioning and administration: kops, Rancher, AWS EKS, Helm, Helmfile, Flux, ArgoCD, Cilium, Istio, Linkerd.
  • Linux server provisioning and configuration management: Packer, Salt, Ansible, Chef.
  • Networking: AWS VPC, AWS Route53, ACLs, cross environment/account VPC peering, subnetting.
  • Create and maintain dashboards, monitors, and alerts using Datadog. Prometheus, Grafana.
  • Metrics, alerts, and logging: Datadog, Prometheus, Sentry, ELK, Fluentd.
  • CICD and testing: Jenkins, Travis, CircleCI, GitHub Actions, Celery.
  • Permissions and secrets management: IAM, RBAC, LDAP, ActiveDirectory, Vault.

Professional Experience and Details

ClinicOS - Senior Platform Engineer/Consultant

November 2023 - April 2024 | Los Angeles, California

  • Built local development and deployment workflows for a medical AI image generation product.
  • Developed the Python inference service using PyTorch and pix2pix.
  • Provisioned AWS infrastructure using CDK to secure and anonymise patient data, train models on CUDA-enabled EC2 instances, and scaling real time inference services using queue based AWS ECS autoscaling.
  • Met HIPAA and security compliance using industry best practices to create IAM roles, permissions, KMS keys, and AWS Secrets Manager, to restrict access by the principle of least privilege.

Reverb - Senior Infrastructure Engineer

May 2023 - November 2023 | Chicago, Illinois

  • Managed company AWS infrastructure primarily with Terraform and Kubernetes.
  • Migrated the existing local Terraform workflow to HCP Terraform Cloud to meet compliance and auditing standards including logging all user interactions/runs, automated drift checking, and ensuring no sensitive data was present on developer machines.
  • Set up GitHub actions to improve automated PR checks and deployments on merge.
  • Managed, maintained, and upgraded EKS Kubernetes clusters across our environments and accounts. Worked closely with the Platform and Software Engineering teams to set up base Helm charts and create the workflow for self-managed deployments.
  • Assisted in the evaluation of ArgoCD vs Flux for continuous delivery/integration on Kubernetes.
  • Evaluated the transition from the existing AWS Secrets Manager implementation to HCP Vault as the main secrets management store.
  • Handled Elasticsearch upgrades.

ComputeX - Senior Platform Engineer/Consultant

November 2022 - November 2023 | Los Angeles, California

  • Bootstrapped and initialised company AWS accounts, infrastructure, IAM permissioning, logging, monitoring, and auditing using AWS CDK.
  • Architect infrastructure and developer workflow to fit the needs of a Python startup. Work closely with business to determine priorities, striking a balance between feature rollout speed and meeting customer demands, while developing our internal tooling, maintaining code quality, adhering to industry best practices, and managing total cost of operation.
  • Lead Python developer for a core API service for a which leverages RabbitMQ and other technologies for secure routing to a mix of iOS devices in multiple on-prem data centers, and AWS nodes to schedule and scale video transcoders.
  • Provision Kubernetes clusters using Helmfile and KEDA to serve GPU-reliant workloads for machine learning and transcoding.
  • Work alongside the Machine Learning team to develop a workflow for training models and running inference on image generation pipelines using a GAN.
  • Create reproducible CUDA-enabled and CPU workflows for local/remote development with PyTorch and pix2pix. Configure a queue based autoscaling ECS service for real-time inference.
  • Work with advisors to meet HIPAA compliance, and integrate tools such as cdk-nag and checkov to help identify potential issues.

SnailBot - Software Engineer

April 2022 - September 2022 | San Francisco, California (Remote)

  • Lead NodeJS/Typescript developer for a cloud based SaaS solution, successfully supporting tens of thousands of users in the automated purchase of high demand items such as graphics cards, video game consoles, and collectable trading cards.
  • Pioneered the first cloud based SaaS offering for a specific major retailer, supporting features such as instantaneous product stock alerts, automatic checkout, authentication refreshing, improving account legitimacy score, and bot detection mitigations.
  • Utilised Burp Suite, OWASP Amass, and other reconnaissance tools for tasks such as endpoint discovery, parameter automation/fuzzing, site update monitoring, request/response logging history, and discover methods to simulate human behaviour accurately.
  • Demonstrated reverse engineering prowess to decipher obfuscated JavaScript, enabling the successful bypass of anti-bot technology from retailers using providers such as PerimeterX and F5 Solutions.
  • Developed a suite of tools to automate requests to multiple endpoints, and designed monitors to alert on differences or unexpected behaviour to ensure the validity of existing bypass methods or to probe for new potential methods.
  • Focused on lowering latency to the lowest amount possible to stay ahead of competing software and provide customers with the highest chance of obtaining their desired items.

JW Player - Senior DevOps Engineer

March 2018 - April 2022 | New York, New York

  • Leveraged my expertise in AWS, Kubernetes, Terraform, and SaltStack daily.
  • Operated on the core Kubernetes administration team, managing several production clusters with hundreds of nodes each, with an uptime of 99.999%.
  • Architected a robust Kubernetes cluster creation and management workflow with kops, helm, and Terraform. Developed additional internal tooling for cluster provisioning, and established a production grade environment with proper RBAC roles, multi-layered monitoring/alerting, tool-assisted resource/request limits, right sizing, autoscaling, secrets management, centralised logging, etc.
  • Made significant contributions to our suite of microservices that handle our in-house deployment system. Developed software primarily in Python and Golang to allow our development teams to have autonomy and ownership of deploying their own applications to Kubernetes. This tool handled authentication flow, secrets retrieval without exposure, team based and individual permissioning, rollback and deployment history, configuration validation, etc.
  • Automated a variety of tasks using Bash, Python and Golang, such as new hire onboarding, JIRA ticket creation from AWS maintenance notifications, and third-party platform integration based on LDAP attributes.
  • Designed AWS VPC architecture across multiple accounts. Created and managed AWS VPC resources including subnets, route tables, security groups, network ACLS, and NAT gateways. Set up VPC peering across our accounts and multiple regions and configured VPC endpoints to privately access AWS services without exposure to public internet. Assisted in creating an internal - Terraform module to perform subnet math that played nice with our existing legacy VPC structure.
  • Improved suboptimal Terraform modules and introduced best practices such as versioned modules to overhaul a legacy Terraform repository that contained duplicated and unwieldy code. - - Led the initiative to move Terraform runs to CI/CD instead of local runs.
  • Modernised an outdated Vault implementation and hardened the existing configuration to make better use of previously unused features including ACLs, properly expiring tokens/renewals, issuing dynamic credentials, certificate requests, and integration with Kubernetes and SaltStack. Participated on the SecOps team, kickstarting our bug bounty program in collaboration with HackerOne, developing our policy and refining our process. We also enhanced our security posture by employing trust architecture starting with Vault, implementing automated scanning tools for our repos and containers, established container security practices such as image scanning and runtime security, moving away from AWS secret keys to IAM Roles, etc.

Opsline - DevOps Engineer/Consultant

May 2016 - Oct 2017 | New York, New York

  • Managed infrastructure using Chef and CloudFormation.
  • Worked actively with 5+ clients to create custom solutions for their respective needs.
  • Worked with a large array of software due to each client’s existing stacks including MongoDB, MySQL, Postgres, Cassandra, Chef, Node.js, Ruby on Rails, ELK, ActiveMQ, Redis, OpenVPN, Apache, Nginx, Nagios, etc.
  • Greatly reduced build times and eliminated inconsistent deployments by optimising Jenkins and Travis pipelines.
  • Improved security by performing routine IAM key audits, security group audits, repository scanning, Jenkins plugin vulnerability scanning, etc.
  • Handled containerising and orchestration using Docker and ECS.

The Barbarian Group - System Administrator

August 2015 - April 2016 | New York, New York

  • Converted an entirely manually managed infrastructure into infrastructure as code using instances provisioned by Packer and managed with Ansible.
  • Re-architected the existing manually code deployment pipeline to true CICD using Jenkins.
  • Streamlined local cross-platform development using Vagrant and Docker.
  • Built internal tools using Ruby and bash to automate procedures such as backups and analytics parsing.

The Barbarian Group - Front End Web Developer

June 2015 - August 2016 | New York, New York

  • Created responsive webpages for Samsung US using HTML5, SASS/CSS, Handlebars, Bootstrap, and Javascript.
  • Built an interactive experience for customers to interact with an in store display using their mobile device using Box2D, PixiJS, Node.js, and websockets.