Skip to main content
Available for Contract & Freelance

Senior DevOps &
Cloud Engineer

Shanuka Thennakoon

Designing resilient, secure and cost-optimized AWS & Azure platforms for high-growth teams in New Zealand and beyond.

6+

Years Experience

170+

Containers Managed

5

Certifications

Hire Me Download CV

About Me

Senior DevOps & Cloud Engineer with 6+ years building high-availability infrastructure across AWS, Azure, and OpenStack. Based in Auckland, New Zealand — working with teams across ANZ and globally.

I specialize in container orchestration at scale, complex cloud migrations, and baking security into every layer of the delivery pipeline (DevSecOps). My work spans healthcare, government APIs, IoT, and e-commerce.

Currently leading 24/7 cloud operations — focused on disaster recovery, cost optimization, and enterprise-grade security governance.

Auckland Central, New Zealand
6+ Years Experience
170+ Containers Managed
15+ EC2 Nodes Operated
Multi Region AWS Architecture
5 Cloud Certifications

Areas of Expertise

DevSecOps & Security

Implementing security best practices throughout the DevOps lifecycle

  • AWS Security Hub & Inspector integration
  • Infrastructure security hardening
  • API penetration testing & vulnerability assessment
  • Compliance frameworks (HIPAA, SOC 2)
  • Secret management & credential rotation
  • Security scanning in CI/CD pipelines

Cloud Architecture & Migration

Designing scalable, resilient cloud infrastructure solutions

  • Multi-cloud architecture design (AWS, Azure, GCP)
  • Legacy system migration to cloud platforms
  • High availability & disaster recovery strategies
  • Cost optimization & resource management
  • Hybrid cloud & on-premises integration
  • Serverless architecture implementation

Container Orchestration

Managing large-scale containerized applications with Kubernetes

  • Kubernetes cluster design & management (170+ containers)
  • EKS, AKS, and self-managed K8s clusters
  • Helm charts & Kustomize for deployments
  • Service mesh implementation (Istio/Kong)
  • Container security & image optimization
  • Auto-scaling & resource optimization

CI/CD Pipeline Engineering

Building automated deployment pipelines for rapid software delivery

  • GitOps workflows with ArgoCD
  • Multi-stage pipeline design (Build, Test, Deploy)
  • Automated testing integration
  • Blue-green & canary deployments
  • Pipeline optimization (40% reduction in build time)
  • Rollback strategies & version control

Infrastructure as Code

Automating infrastructure provisioning with code-based tools

  • Terraform modules & state management
  • AWS CloudFormation templates
  • Azure ARM & Bicep templates
  • Infrastructure testing & validation
  • Multi-environment management (Dev, QA, Prod)
  • Drift detection & remediation

Monitoring & Observability

Ensuring system reliability through comprehensive monitoring

  • Datadog & CloudWatch dashboards
  • Distributed tracing with Sentry
  • Log aggregation & analysis
  • Alerting & incident response automation
  • Performance optimization & tuning
  • SLA/SLO monitoring (99.9% uptime)

Technical Skills

Cloud Platforms

AWS Azure GCP OpenStack OVH

Infrastructure as Code

Terraform CloudFormation ARM Templates

CI/CD & Automation

Jenkins Azure DevOps GitHub Actions Bitbucket Pipelines GitLab CI/CD ArgoCD Kustomize

Containerization

Docker Kubernetes Amazon ECS Azure AKS Amazon EKS

Programming & Scripting

Python Bash PowerShell

Monitoring & Security

Datadog CloudWatch Sentry AWS Inspector Security Hub Penetration Testing

Systems & Networking

Linux (CentOS) Ubuntu Windows Server Active Directory OpenVPN DNS Management

Version Control

Git GitHub GitLab Bitbucket

Technical Knowledge & Capabilities

Amazon Web Services (AWS)

Compute & Containers

  • EC2: Instance types, Auto Scaling Groups, Launch Templates
  • ECS: Fargate & EC2 launch types, Task Definitions, Service Auto-scaling
  • EKS: Managed Kubernetes, Node Groups, Fargate profiles
  • Lambda: Serverless functions, Event-driven architectures
  • Load Balancers: ALB, NLB, Target Groups, Health Checks

Networking & Content Delivery

  • VPC: Subnets, Route Tables, NAT Gateways, VPC Peering
  • Security Groups & NACLs for traffic control
  • Route 53: DNS management, Health checks, Routing policies
  • CloudFront: CDN configuration, Origin setup
  • VPN & Direct Connect for hybrid connectivity

Storage & Databases

  • S3: Bucket policies, Lifecycle rules, Versioning, Encryption
  • RDS: Multi-AZ, Read Replicas, Automated backups
  • DynamoDB: NoSQL design, DAX caching
  • EFS & EBS: Persistent storage solutions
  • Database migration strategies

Security & Compliance

  • IAM: Roles, Policies, User management, MFA
  • AWS Inspector: Vulnerability assessments
  • Security Hub: Compliance monitoring, Security standards
  • KMS: Encryption key management
  • CloudTrail & Config: Audit logging, Compliance tracking

Monitoring & Automation

  • CloudWatch: Metrics, Logs, Alarms, Dashboards
  • Systems Manager: Parameter Store, Patch management
  • CloudFormation: Infrastructure as Code, Stack management
  • EventBridge: Event-driven automation
  • Cost optimization with AWS Cost Explorer

Microsoft Azure

Compute & Orchestration

  • Azure Virtual Machines: Availability Sets, Scale Sets
  • AKS: Managed Kubernetes, Node pools, Azure CNI
  • Azure Container Instances (ACI)
  • Azure Functions: Serverless compute
  • App Service: Web apps deployment & scaling

Networking

  • Virtual Networks (VNet): Subnets, NSGs, Peering
  • Azure Load Balancer & Application Gateway
  • Azure DNS & Traffic Manager
  • VPN Gateway & ExpressRoute
  • Azure Firewall & DDoS Protection

DevOps Tools

  • Azure DevOps: Pipelines, Repos, Boards, Artifacts
  • Azure Resource Manager (ARM) templates
  • Bicep for infrastructure deployment
  • Azure Monitor & Application Insights
  • Managing 30+ production/QA environments

Identity & Security

  • Azure Active Directory: User/Group management
  • RBAC: Role-based access control
  • Azure Key Vault: Secrets management
  • Azure Policy & Compliance
  • Security Center & Sentinel

Kubernetes & Container Orchestration

Core Concepts

  • Pods, Deployments, StatefulSets, DaemonSets
  • Services: ClusterIP, NodePort, LoadBalancer
  • ConfigMaps & Secrets management
  • Persistent Volumes & Storage Classes
  • Namespaces & Resource Quotas

Advanced Features

  • Horizontal Pod Autoscaler (HPA) & Vertical Pod Autoscaler
  • Ingress Controllers (Nginx, Traefik)
  • Network Policies for pod-to-pod communication
  • RBAC & Service Accounts
  • Custom Resource Definitions (CRDs)

Deployment Strategies

  • Helm: Chart creation, Values management, Releases
  • Kustomize: Environment-specific configurations
  • ArgoCD: GitOps continuous delivery
  • Blue-green & Canary deployments
  • Managing 170+ containerized services

Service Mesh & API Gateway

  • Kong API Gateway configuration
  • Istio service mesh concepts
  • Traffic management & routing
  • Observability & distributed tracing
  • mTLS & service-to-service security

CI/CD Pipelines & Automation

Pipeline Design

  • Multi-stage pipelines: Build → Test → Deploy
  • Parallel execution for faster builds
  • Artifact management & versioning
  • Environment promotion strategies
  • 40% improvement in deployment speed achieved

Testing & Quality

  • Unit test integration in pipelines
  • Integration & E2E testing automation
  • Code quality scanning (SonarQube)
  • Security scanning (Snyk, Trivy)
  • Test coverage reporting

Tools & Platforms

  • Jenkins: Declarative pipelines, Shared libraries
  • GitHub Actions: Workflows, Reusable actions
  • Bitbucket Pipelines: YAML configuration
  • GitLab CI/CD: .gitlab-ci.yml, Runners
  • Azure DevOps: Classic & YAML pipelines

GitOps & Deployment

  • ArgoCD: Application deployment, Sync policies
  • Git-based deployment workflows
  • Automated rollback mechanisms
  • Progressive delivery patterns
  • Zero-downtime deployments

Infrastructure as Code & Automation

Terraform

  • Module development & reusability
  • State management: Remote backends (S3, Azure Storage)
  • Workspaces for multi-environment
  • Variable management & tfvars files
  • Provider configuration (AWS, Azure, GCP)

CloudFormation

  • Template creation (JSON/YAML)
  • Stack management & updates
  • Nested stacks for modularity
  • StackSets for multi-account deployment
  • Change Sets for impact analysis

Scripting & Automation

  • Python: Boto3 for AWS automation, Azure SDK
  • Bash: Server management, deployment scripts
  • PowerShell: Windows Server automation
  • Ansible: Configuration management (basics)
  • Custom tooling for operational efficiency

Best Practices

  • DRY principles: Reusable modules
  • Version control for IaC code
  • Testing infrastructure code
  • Documentation & code comments
  • Drift detection & remediation strategies

Security & Compliance

Cloud Security

  • Security hardening for Linux & Windows servers
  • Network segmentation & firewall rules
  • Encryption: At-rest & in-transit
  • Identity & Access Management (IAM)
  • Least privilege principle implementation

Compliance Frameworks

  • HIPAA: Healthcare data compliance
  • SOC 2: Security controls implementation
  • CIS Benchmarks for hardening
  • Audit logging & compliance reporting
  • Regular security assessments

Security Tools

  • AWS Inspector: Vulnerability scanning
  • AWS Security Hub: Security posture monitoring
  • Penetration testing methodologies
  • API security testing (ApisecUniversity certified)
  • Container image scanning (Trivy, Clair)

DevSecOps Practices

  • Security scanning in CI/CD pipelines
  • Secret management (Vault, AWS Secrets Manager)
  • Automated security testing
  • Incident response procedures
  • Security awareness & best practices

Featured Projects

Security Hardening Multi-Region

Healthcare Compliance Solutions

Australia/New Zealand

Deployed HIPAA-compliant APIs on AWS ECS with full CI/CD automation using Bitbucket Pipelines. Implemented CloudFormation templates for infrastructure consistency and configured CloudWatch monitoring for proactive incident response.

AWS ECS CloudFormation Bitbucket Pipelines CloudWatch HIPAA Compliance
HIPAA-compliant infrastructure
Automated CI/CD deployment
High Availability Cost Optimisation

Age Verification System

High-Traffic Production

Managed AWS ECS infrastructure supporting high-traffic age verification services. Implemented Bitbucket CI/CD pipelines with automated testing and deployment. Configured auto-scaling policies and alerting mechanisms.

AWS ECS Auto-scaling CI/CD Monitoring
99.9% uptime achieved
Automated scaling & alerting
Multi-AZ Architecture Infrastructure as Code

ERP System - Seafood Exporter

Enterprise Solution

Designed and deployed complete ERP solution using AWS EC2 with Application Load Balancer. Implemented high availability architecture across multiple availability zones with automated backups and disaster recovery procedures.

AWS EC2 ALB Multi-AZ DR/Backup
High availability architecture
Automated disaster recovery
Cloud Migration Cost Optimisation

Cloud Migration - GoDaddy to AWS

Freelance Project

Led migration of legacy applications from GoDaddy hosting to AWS infrastructure. Designed cost-optimized AWS architecture using EC2, RDS, and Application Load Balancer. Implemented Azure DevOps CI/CD pipelines for automated deployments.

AWS Migration EC2 RDS Azure DevOps Cost Optimization
Zero-downtime migration
Cost-optimized architecture
Infrastructure as Code Hybrid Cloud

Hybrid Cloud - IoT Manufacturing

Freelance Project

Designed and implemented hybrid cloud environment connecting on-premises infrastructure with Azure. Created Azure cloud infrastructure using Terraform. Configured site-to-site VPN connection and deployed servers for IoT services in biscuit manufacturing facility.

Azure Terraform VPN Hybrid Cloud IoT
Secure hybrid connectivity
Infrastructure as Code
MSP Architecture Infrastructure as Code

Azure Kubernetes - Microservices Platform

Freelance Project

Designed and provisioned Azure AKS cluster for microservices architecture. Implemented Kustomize templates for environment-specific configurations. Created Terraform modules for reproducible infrastructure and configured Kong API Gateway for backend API management.

Azure AKS Kubernetes Kustomize Terraform Kong Gateway
Scalable microservices platform
API Gateway implementation

Certifications

AWS Certified SysOps Administrator

Associate Level

AWS

Azure Administrator Associate

Microsoft Certified (2023)

Azure

DevOps Engineer Expert

Microsoft Certified

Azure

API Penetration Testing

ApisecUniversity

Security

Jr. Penetration Tester Path

TryHackMe

Security

Get In Touch

Let's Build Reliable Cloud Platforms Together

Whether you need a full-time DevOps engineer, a freelance cloud architect, or a security-focused infrastructure review — I'm ready to help.

Send a Message

I typically respond within 24 hours

Available for new projects

Based in

Timezone

Response time

Connect with me

LinkedIn GitHub

Blog & Articles

View All Articles