Experience

JPMorgan Chase & Co.

Vice President Lead Security Engineer

Oct 2023 - Present

Control Plane Ltd.

Cloud Native Engineer (Contract)

Sep 2022 - Oct 2023

Developed an ingestion tool as part of a team which scans open-source dependencies for vulnerabilities and evaluates them with Open Policy Agent (OPA).
Established the use of GRPC service architecture to strongly define APIs, abstract layers and components into replaceable parts, and generate Swagger compatible user-facing API documentation.
Implemented support for rotating time-limited database credentials provided by Hashicorp Vault at runtime.

Ocurity Ltd.

Co-Founder and Director

Mar 2022 - May 2023

Implemented Zero-Trust edges to access internal services and infrastructure with github.com/pomerium/pomerium.
Deployed an MVP of the Dracon SaaS product with multi-tenancy at the infrastructure layer powered by Terraform, Helm, GitOps and the Please build system.
Built a scalable version of the Dracon SaaS product with multi-tenancy at the application layer that runs on serverless infrastructure to minimise costs.

Thought Machine Group Ltd.

Senior Backend Engineer, Cloud Security

Apr 2021 - Sep 2022

Technical Lead for a strategic programme making the Vault product available as SaaS on Google Cloud Platform. This involved architecting the cloud infrastructure, producing timelines and resource requirements, and ultimately being responsible for the technical delivery.
Technical Lead for the deployment of Falco, a Kubernetes Runtime security agent across our Kubernetes clusters and the implementation of pre-building the eBPF probes that we use over at github.com/thought-machine/falco-probes.
Drove and implemented identity-based methods for service-to-service authorization (i.e. Workload Identity) to move us away from provisioning and using multiple password-like credentials for services.
Maintained open-sourced Please build rules for Terraform at github.com/VJftw/please-terraform.

Backend Engineer, Cloud Security

Aug 2019 - Apr 2021

Designed and built a service that facilitated self-service federated access to Cloud and Kubernetes environments with support for break-glass processes. This was a pluggable collection of micro-services in Golang which communicate via GRPC.
Matured our Terraform usage by writing rego policies for conftest based on CIS benchmarks to mitigate misconfiguration vulnerabilities; migrating to Terraform 0.12+; adding declarative authentication; and parallelising our CI/CD pipelines.
Implemented simple immutable infrastructure using Packer and Terraform to be used in projects where Kubernetes was undesirable.
Designed a scalable network architecture for our SaaS offering on AWS using AWS PrivateLink VPC endpoints to expose services between VPCs instead of VPC-peering.
Implemented and scaled our audit logs pipeline on both AWS and GCP using AWS Kinesis/GCP PubSub and Logstash to include audit logs from AWS CloudTrail, AWS EKS, AWS Security Hub, GCP, and GKE.
Open-sourced Dracon, a tool for building k-native security pipelines on top of Tekton CI github.com/thought-machine/dracon
Created an Attestations Proxy for B2B clients to authenticate and verify that the Docker images they pull are signed by Thought Machine. This is an authenticating reverse proxy to Grafeas.
Created a Docker Registry Proxy for B2B clients to authenticate and pull Docker images we create. This is now an open-source project github.com/VJftw/docker-registry-proxy
Developed “Cheese”, a tool to help raise awareness around engineers leaving workstations unlocked.

Digital Shadows Ltd.

Senior DevOps Engineer

Apr 2019 - Aug 2019

Implemented horizontal auto-scaling of Jenkins workers with EC2 spot instances and promote the use of Docker in build processes to improve consistency and reduce developer deployment feedback loop.
Devised, implemented and automated GitOps focussed Role-Based Access Control (RBAC) on AWS across multiple accounts based upon AWS Landing Zone principals.
Automated weekly reports of cloud-based infrastructure via ScoutSuite.
Reduced infrastructure divergence from code by splitting Terraform source into domain-driven modules and states that are run more frequently.
Spearheaded Ansible to automate the deployment of new releases onto legacy “pet” instances.

DevOps Engineer

Jun 2018 - Apr 2019

Built a Highly Available platform with improved scalability, resource use and continuous deployment whilst improving existing security standards with Docker, AWS ECS (Elastic Container Service), Consul, Traefik, HAProxy, and Terraform with GitOps. HA Traefik was provided by DNS round-robin load balancing and workload instances utilised AWS Spot fleet to reduce costs.
Introduced structured logging from Docker container output into centralised logging with ELK which allowed us to record and perform analysis on outbound requests through Squid proxies.
Introduced Grafana and Prometheus with InfluxDB for metric-based monitoring.
Maintained existing Puppet-based cloud infrastructure configuration, upgraded existing services such as Artifactory OSS, and RabbitMQ, whilst promoting the movement to immutable infrastructure.
Lead the containerisation of Java applications to conform with Docker best practices with portable integration tests via docker-compose.
Improved development workstation provisioning using a pre-seed configuration with LUKS(FDE) and LVM.

Ultra Violet Design Ltd.

Developer

Jan 2016 - Jun 2018

Migrated projects to use Docker containers utilising AWS ECS (Elastic Container Service), WeaveNet and Traefik to reduce costs.
Lead security which involved vulnerability scanning, risk assessments and deploying more secure protocols such as mutual TLS (mTLS).
Lead DevOps involving infrastructure as code with Terraform and container orchestration.

Junior Developer (Internship)

Aug 2014 - Aug 2015

Aided in the development of projects with clients such as British Rowing and Vote for Policies which were developed in Python and PHP (Symfony).

Education

King's College London

Sep 2016 - Sep 2017

MSc Computing and Security

Pass with Distinction

Awarded the prize for the best overall performance on the MSc in Computing and Security (2016/17).
Dissertation titled “Collective Privacy Management in Social Media” (74%)
C-score: 73%. Top 5 modules: Security Engineering (92%), Group Project - Chit Chat (85%), Cryptography and Information Security (80%), MSc Individual Project - Collective Privacy Management in Social Media (74%), Network Security (69%).

Queen Mary, University of London

Sep 2012 - Jul 2016

BSc Computer Science with Industrial Experience

First Class Honours

Dissertation titled “Implementations of Homomorphic Encryption” (82%)
C-score: 75%. Top 5 final year modules: Embedded Systems (83%), Computability (82%), Project - Implementations of Homomorphic Encryption (82%), Web Programming (80%), Algorithms and Complexity (73%).

Skills

Programming Languages

Golang (Expert)

Terraform (Expert)

Bash (Advanced)

Python (Intermediate)

Rust (Beginner)

Technologies

Public Cloud

Amazon Web Services
Google Cloud Platform

Containers

Kubernetes
Nomad

CI/CD

Tekton
GitHub Actions

Provisioning

Ansible
Puppet

Servers

Debian & Redhat-based
Fedora CoreOS

Micro-services

GRPC
Producer/Consumer

Message Queueing

RabbitMQ
Kafka

Caching

Redis
In-memory

Databases

PostgreSQL
MongoDB

Service Mesh

Consul
Istio

Principles

Domain Driven Design

Behaviour Driven Development

Separation of Concerns

Immutability

GitOps

Zero-Trust

Side Projects

Cloud Desktops

github.com/VJftw/cloud-desktops

Cloud based virtual desktops on Google Cloud Platform to help organisations provide remote-based workspaces in response to the COVID-19 pandemic.

	vj@vjpatel.me		github.com/VJftw
	vjpatel.me		linkedin.com/in/vj-patel

VJ Patel