Summary
Overview
Work History
Education
Skills
Additional Vendor Training
Qualification Highlights
Certification
References
Timeline
Generic

Jay Kianos

Simpsonville

Summary

Lead Software Engineer at Wells Fargo specializing in automation scripting and infrastructure management. Demonstrated success in enhancing security protocols and optimizing CI/CD processes. Proficient in Kubernetes management and fostering team collaboration to meet project objectives. Experienced in utilizing cloud technologies to implement innovative solutions.

Overview

30
30
years of professional experience
1
1
Certification

Work History

Lead Software Engineer

Wells Fargo
12.2017 - Current
  • As a member of the Private Cloud Team, my main responsibilities were with the Tanzu Application Service (Cloud Foundry) platform. This dealt with creating automation for the installation and upgrading of TAS, rotation of certificates, CA’s, and ssh keys, security baseline testing and reporting, and many other.
  • Automation was performed using Concourse for CI/CD.
  • My other main responsibilities were management and upkeep of infrastructure systems consisting of Concourse for CI/CD, Minio for S3 file storage, and docker.
  • All infrastructure vms were managed and deployed by BOSH.
  • Other regular tasks included creating monthly buildpacks for TAS for java, python, dotnet-core, nodejs, and staticfile, creating new releases for TAS system software and tiles and fully testing the release in lab, creating and maintaining a custom docker image used to run automation containers.
  • I worked closely with the various security teams to allow their access into TAS to run weekly Qualys scans as well as set up Prisma Cloud on each TAS foundation to scan each application container in real time.
  • Qualys scans were analyzed weekly for vulnerabilities to determine if they were able to be resolved internally or if we needed to work with Broadcom to initiate a vendor fix to resolve.
  • Along with weekly scans by Qualys of the running TAS foundations, two other VM’s were set up using BOSH for scanning.
  • The first was a vm created with the latest stemcell downloaded from Broadcom. As a new stemcell was downloaded, this pipeline would update the stemcell scanning VM to allow Qualys to scan the stemcell before it was deployed to any foundation.
  • The second VM setup a VM running docker that allowed Qualys to scan the latest rootfs that the application containers were running.
  • Although TAS was my primary responsibility, I also assisted with our Kubernetes platform, TKGI, as well as lead the proof-of-concept project on Red Hat OpenShift.
  • For TKGI, I assisted with much of the scripting used in that products’ installation and update Concourse pipelines.
  • I also worked with the bank’s Kafka team as they ran a proof-of-concept of running Kafka out of Kubernetes instead of bare metal servers.
  • As for OpenShift, I lead a 6-month project to build several OpenShift lab clusters and to assist any application team wishing to test their application on OpenShift to get access and help them deploy.
  • Notable Projects and Accomplishments
  • TAS and Infrastructure Management. Installed and managed 17 TAS foundations in lab and 40+ foundations in production and QA. Also installed and maintained 25 BOSH directors with 15 Concourse deployments, 25 Minio deployments, and 50+ Concourse worker deployments. Wrote and maintained concourse pipelines and BASH scripts for the installation and management (upgrades, certificate rotation, storage migration, etc) of the various TAS foundations and infrastructure deployments.
  • Buildpack Creation and Installation. Created monthly buildpacks for Java, Python, dotnet-core, nodejs, and staticfile. This involved interfacing with language product owners in order to exclude non-allowed versions, working with other component owners to include the supported library versions, and security to scan for any vulnerabilities before release. As part of this project, I wrote the Concourse pipelines that would clone the upstream buildpack GitHub project, manage the releases built into each buildpack manifest to remove any undesired versions, build the buildpack, load the buildpack on a lab foundation and run a test application with it to insure proper functionality. I also wrote the Concourse pipeline that would manage the buildpacks installed on each foundation based upon a yaml manifest kept in a git repo.
  • TAS and Concourse database backups. Wrote concourse pipelines to do daily backups of TAS mysql databases and Concourse postgres databases to S3 storage buckets and managed the backups to only keep the 5 most recent copies.
  • TAS mysql database migration. Due to a management decision to stop supporting mysql databases in the organization, all TAS foundations needed to be migrated from externall enterprise mysql databases to foundation managed internal mysql databases. This required creating a procedure to add mysql databases to the foundation manifests and creating the databases, stopping the foundation API to prevent writes to the database, creating a full backup of the external mysql databases, loading the backup on to the new internal mysql databases, modifying the foundation manifest to then use the internal databases, and finally restarting the foundation API to allow regular functionality.
  • Security Baseline Scripting. As part of security regulations, each foundation had to have a number of base security checks performed on every TAS foundation monthly. This included verification of allowed user accounts, groups, file access permissions, and many others. This was previously done by the operations team and took a week to complete. I worked on automating these checks with Concourse pipelines that would run through each baseline check and submit a object to Splunk allowing a monthly Splunk dashboard to be created for each TAS foundation without any human intervention needed to create it.

L4 Unix Server Engineer

Logic Technology, Inc.
10.2015 - 10.2017
  • Full-time assignment to General Electric as an L4 Unix Server Engineer. My primary responsibilities are as an escalation point for the L3 and L2 Unix teams, maintaining a point of contact with application teams, manage vendor relationships, and oversee the production environment for any improvements in increasing reliability or security.
  • I worked with the unix architecture, automation, patching, and other various teams to set policies and procedures in managing the development, QA, and production environments.
  • Notable Projects and Accomplishments
  • Remediation of physical server consoles. In order to manage administrative access to server consoles, as well as manage automated password resets by SAPM, wrote scripts to clear all local console accounts, create the new local administrative account, and configure LDAP access for administrator usage. The scripts managed Solaris ILOM/ALOM/RSC consoles as well as HP ILOM running Red Hat Linux and Solaris x86.
  • Run POC for using Red Hat Satellite. Linux repos were managed manually with scripts, which was both time consuming and occasionally were not correctly updated due to human error. Ran a POC on both Red Hat Satellite and Foreman/Katello to determine which would be the better choice. I am currently working on an implementation plan to bring Foreman/Katello into production.
  • Converted server logs to Splunk. Implemented the conversion of all Unix servers from keeping system logs locally on each server to a centralized Splunk environment.
  • Updated Linux and Solaris patching strategies. Prior patch strategies only installed vendor security tagged patches. This led to a non-standard patch base as OS builds were updated as new releases of the OS were released. By doing full upgrades, all servers are now kept at a consistent code base, and applications can file exceptions to prevent upgrading current version.
  • Unified LDAP configuration process. In order to standardize Unix account access across business environments, I wrote a single LDAP configuration package that would correctly configure LDAP, 2-factor authentication and HPA access with sudo or SUPM, depending on the server design.
  • Implement a configuration management solution. Start a POC with Ansible, Puppet, and Chef to determine which would be the best choice to implement configuration management and self-healing. This project is in the very early stages.
  • Data Center Consolidation. Assisted local manufacturing sites in migrating servers from local data centers to corporate managed centralized data centers. Assisted site managers in the best method of moving servers (P2V or V2V migrations or physically moving existing hardware) or if an exception had to be granted to allow the server remain local.
  • Pivotal Cloud Foundry. Set up a PCF POC environment to assist web teams to investigate moving from legacy jboss and tomcat environments to PCF for their j2ee 1.7/1.8 applications. This also was the web platform for the GE Predix platform that was slated to be rolled under centralized management.

Unix Architect

General Electric
01.2010 - 01.2011
  • Full-time assignment to General Electric as Unix Architect. My primary responsibilities were upgrading and maintaining the Solaris and Linux build images, certify new hardware models from Oracle and HP, and test and certify new drivers and firmware for current hardware.
  • Notable Projects and Accomplishments
  • Converted Solaris to use ZFS for root drive. Modified the Solaris boot image to use ZFS for the root drive. I created and documented the procedure to, if needed, upgrade existing servers to Solaris 10 U6. All Solaris servers were upgraded to ZFS in order to use Live Upgrade and ZFS snapshots for patching.
  • Veritas VCS HA. Introduced the first application cluster using Veritas VCS HA to create an active-active 3-node cluster.

L3 UNIX Server Administrator

General Electric
01.2005 - 01.2010
  • Full-time assignment to General Electric as an L3 Unix System Administrator. My primary responsibilities were supporting and mentoring the L2 Unix team. Worked on mostly high-visibility Priority 1 incidents as well as looking into repetitive problems to prevent further occurrences.
  • I adopted standard procedures on repeatable tasks and documented those procedures for use by the rest of the Unix team. I also ran numerous Unix operational projects.
  • Notable Projects and Accomplishments
  • Created Solaris patching scripts. Wrote a set of scripts to download and install patches tagged as security by Sun/Oracle. The scripts used Patch Check Advanced (PCA) to identify and download missing patches from a local proxy and then install to an alternate boot environment using Live Upgrade. The patches were then activated through a reboot script. All the scripts were pushed to the systems using Opsware.
  • Created Linux patching scripts. Wrote a set of scripts to download and install patches tagged as security by Red Hat/Oracle. The scripts used yum to download patches ahead of the patching window and then used rpm to install the patches previously downloaded and reboot the system. All scripts were pushed to the systems using Opsware.
  • Maintained local Linux patch repos. Wrote python script to maintain internal patch repositories. For each OS (Red Hat, Oracle Linux) and release (5, 6, 7), a separate quarterly and monthly repo had to be maintained for the different patch schedules.
  • Created scripts to setup local repos. Wrote python and bash scripts to setup all official company repos. The script needed to determine the correct OS release (Red Hat or Oracle Linux), OS version (5,6,7) and bits (64,32).
  • Converted all Solaris and Linux systems to LDAP based user accounts. Designed a master-slave replication environment with Sun Directory Server 5.2 to hold all user accounts, groups, netgroups, and sudo rules. Led a migration team to convert all user and functional accounts into LDAP and create sudo rules to allow users access to root and functional accounts.
  • Upgraded LDAP to Oracle Directory Server 7. Upgraded Directory Server to version 7 which also allowed converting from a master-slave replication architecture to a large multi-master mesh.
  • Designed web based wanboot and kickstart system. Designed a web-based new build registration system that allowed the build teams to pre-register servers into LDAP, creating netgroups and server profiles that allowed the administration teams access to the server. Also allowed setting other server options such as server functionality or export control status that would automatically provision or remove netgroups based on selections. The build team could then wanboot (Solaris) or kickstart (Linux) the server and the post-installation scripts would automatically configure the server from options stored in LDAP, requiring no human intervention.
  • Designed internal wiki site for administrative documents. Created administrative procedural documents for L2 teams to follow in adding storage, multipathing, creating automounts, etc.
  • Managed DNS on bind. Managed 20+ domains under ge.com across 8 global bind servers.

Unix L2 System Administrator

General Electric
01.2001 - 01.2005
  • Full-time assignment to General Electric as an L2 Unix System Administrator. My primary responsibilities included completing assigned user trouble tickets and change requests within SLA, monthly and quarterly OS patching, maintaining Unix printing queues, and support of engineering HP Unix Workstations.
  • Notable Projects and Accomplishments
  • Administered all Network Appliance filers. Responsible for hardware and maintenance of all Network Appliances filers. Worked with NetApp support to resolve hardware issues and disk replacement, configured the filers to authenticate users against NIS domains, and configured NFS shares on the filer and mounted to servers and workstations.
  • Consolidation of DNS domains. Consolidated multiple DNS domains, each hosted off individual DNS servers to two primary DNS servers.

Unix / Network Administrator

Globalvision / ACSinc.net
03.1998 - 01.2001
  • Brought on as Unix Administrator for a local ISP, I managed Sun Solaris servers to run DNS, mail and web services. I also managed Cisco routers, and switches, and Portmaster equipment. Most of the CGI code developed in-house for customers were written by me in TCL or Perl.

Computer Operations

Softbank Services Group
06.1995 - 03.1998
  • As part of the computer operations team, I was responsible for making sure automated scripts executed on-time and completed successfully, as well as running other jobs manually as needed. Managed both HP HP-UX and Sun Solaris servers. I also was responsible for making sure backup tapes were changed and properly stored.

Education

Associate of Science - Computer Science

Jamestown Community College
Jasmestown, NY
05-1992

Some College (No Degree) - Computer Science

SUNY At Buffalo
Buffalo, NY
05-1996

Skills

  • Linux distributions: Ubuntu, Red Hat, CentOS
  • Cloud Foundry
  • Continuous integration
  • Infrastructure management
  • Security testing
  • Automation scripting
  • Kubernetes management
  • Containerization with Docker
  • Agile methodologies
  • Virtualization technologies
  • Version control with Git
  • Database management: MySQL, Postgres, Redis
  • Monitoring and logging tools
  • Scripting languages: Bash, Python, Perl, PHP
  • Networking tools: BIND DNS, Sendmail
  • Configuration management tools

Additional Vendor Training

  • VMware NSX-T Basics
  • VMware TKGI Administration
  • VMware TAS Platform Automation
  • Redis Administration
  • Basic Network Appliance On-Tap Administration
  • Advanced Network Appliance On-Tap Administration
  • Solaris 10 for Experienced Administrators
  • Solaris 11 for Experienced Administrators
  • Sun ZFS

Qualification Highlights

  • 8 year’s professional experience with Tanzu Application Service (TAS), formerly Pivotal Cloud Foundry, for private cloud on the VMware platform.
  • 4 year’s professional experience with Kubernetes using OpenShift Container Platform (ocp) and Tanzu Kubernetes Grid (TKGI).
  • 25 years professional experience with Linux (Ubuntu/Red Hat) and Solaris operating systems and Sun/Oracle and HP hardware.
  • 15 years professional experience supporting Apache, jboss, and tomcat web servers running J2EE 1.7 and 1.8.
  • Vendor training in VMware NSX-T, TKGI, OpenShift, Redis, Solaris, ZFS, Opsware, and Network Appliance.
  • Enterprise experience in an environment of 10,000+ Unix servers.
  • Developed LDAP infrastructure for centralized Unix account infrastructure with Oracle Directory Server and highly privileged access through sudo.
  • Developed Solaris and Red Hat Linux patching systems to allow automated patching of 1000’s of systems in a single night.
  • Developed custom BASH and Python scripts for system automation.
  • Implementing Foreman/Katello to manage Linux systems and manage software repos.
  • Used Concourse and Jenkins for continuous integration.

Certification

  • Microsoft Azure AZ-900

References

References available upon request.

Timeline

Lead Software Engineer

Wells Fargo
12.2017 - Current

L4 Unix Server Engineer

Logic Technology, Inc.
10.2015 - 10.2017

Unix Architect

General Electric
01.2010 - 01.2011

L3 UNIX Server Administrator

General Electric
01.2005 - 01.2010

Unix L2 System Administrator

General Electric
01.2001 - 01.2005

Unix / Network Administrator

Globalvision / ACSinc.net
03.1998 - 01.2001

Computer Operations

Softbank Services Group
06.1995 - 03.1998

Associate of Science - Computer Science

Jamestown Community College

Some College (No Degree) - Computer Science

SUNY At Buffalo

Similar Profiles

CREATE PROFILE
Jay Kianos