Personal profile

Sergey S.

Linux System Administrator

Professional Summary

Security-driven Linux System Administrator with over 15 years of experience specializing in architecting, hardening, and automating high-availability on-premises infrastructures across Linux systems, including DevOps-driven automation for scalability, integrity and reliability.
Core responsibilities include 24/7 incident response, performance tuning of the kernel and production applications, runtime hardening, vulnerability assessment, and system lifecycle management — while extending DevOps responsibilities to automate provisioning and enforce strict GitOps workflows.

Core competencies

  • Linux System Administration: (Debian, Ubuntu, CentOS) – Lifecycle management, kernel tuning and sysctl optimization for high performance, hardware/network diagnostics, and 24/7 incident response.
  • Containers & Orchestration: (KVM, LXC, Docker, Kubernetes) – virtual machine management, microservice deployment, and rolling updates.
  • Security Hardening: (AppArmor, MAC) – Attack surface minimization, user namespace isolation, and enforcing least-privilege access.
  • Web Server & Network Performance: (Nginx, HAProxy, OpenVPN) – Precision fine-tuning of web servers and network performance optimization.
  • DevOps & Automation: (GitLab CI, Ansible) – Automated deployment and provisioning via Infrastructure-as-Code (IaC).
  • Security Auditing & Diagnostics: (Lynis, rkhunter, chkrootkit, ClamAV) – automated weekly scanning and remediation reporting.

Technical experience

  • Spearheaded the evolution of infrastructure orchestration by implementing an initial GitOps workflow via Puppet, Cgit, and Gitolite, subsequently modernizing the stack to GitLab CI and Ansible to optimize operational efficiency and replace phased-out technologies.
  • Automated microservice deployments on an on-premises Kubernetes cluster using Flux and GitLab, thereby improving deployment reliability and frequency.
  • Implemented network segmentation and environment isolation to restrict development team access to the organization's infrastructure; co-authored internal DevOps GRC (Governance, Risk, and Compliance) policies regarding access control.
  • Developed and maintained Ansible Playbooks for the automated provisioning of Dockerized microservices, Nginx load balancers, and PostgreSQL clusters, reducing manual operational tasks by 25%.
  • Implemented a unified ChatOps workflow using the Matrix protocol integrated with GitLab CI and a custom Python bot for real-time pipeline alerts, configuration drift monitoring, automated incident triage, and execution of management actions.
  • Architected and deployed a hardened, private infrastructure with strict access verification across multiple geographies and on-premises equipment, utilizing Cloud frontend Nginx and HAProxy to load balance internal servers and application services.
  • Performed a comprehensive infrastructure audit to minimize the attack surface; hardened every entry point according to environment-specific security guidelines. Migrated services to KVM/LXC/Docker while applying the principle of least privilege, Mandatory Access Control (MAC), and user namespace isolation.
  • Engineered an automated software lifecycle pipeline for critical system components (Kernel, Nginx, qemu-system) using custom Git repositories to manage patching, source compilation, and distribution across mixed OS and hardware environments.
  • Implemented advanced Nginx logic for connection flow using Lua modules.
  • Tuned kernel parameters to achieve OpenVPN throughput of ~99.5% of 1Gbps line rate under full encryption and low latency, verified via iperf3 under sustained load.
  • Developed a suite of custom automation tools using Bash, Zsh, and Python scripts with dynamic parameter sourcing from Git repositories.
  • Integrated HashiCorp Vault with GitLab CI to centralize the management of tokens, API keys, and secrets.
  • Strengthened data privacy by deploying self-hosted internal communication and file-sharing platforms (Matrix/Synapse and Nextcloud), ensuring total data sovereignty.
  • Automated regular security audits using Lynis, rkhunter, chkrootkit, and ClamAV; generated remediation reports and implemented AppArmor policies to ensure least-privilege access.
  • Conducted vulnerability assessments using Wireshark/Tshark, Burp Suite, Suricata IDS, and ZMap/Nmap, resulting in a 20% reduction of the visible attack surface and successful reconnaissance probes.
  • Engineered a deceptive security layer via a Lua-based Nginx honeypot; by analyzing TLS Fingerprints, User-Agents, and bot behavior, successfully diverted 95% of automated malicious requests away from critical infrastructure over 12 months post-deployment (result verified through Nginx log analysis).
  • Managed core system administration including initial system deployment, configuration and upgrades, package lifecycle and user management, hardware diagnostics, and 24/7 incident response escalation.
  • Authored comprehensive documentation for equipment, end-to-end processes, and security policies to streamline compliance and team onboarding.

Infrastructure & Systems Stack

  • OS: Debian, Ubuntu, CentOS (legacy), FreeBSD (legacy)
  • Virtualization & Orchestration: KVM, LXC, Docker, Kubernetes
  • Services & Networking: Nginx, Apache, HAProxy, OpenVPN, WireGuard
  • Runtime Hardening: AppArmor, MAC, User Namespaces
  • Security Monitoring & Auditing: Lynis, ClamAV, rkhunter, chkrootkit, Nmap, Burp Suite
  • DevOps & Automation: GitLab CI/CD, Git, Ansible, Flux | Python, Bash, Zsh
  • Diagnostics: tcpdump, iperf3, Wireshark/Tshark

Full-Stack Web Developer (legacy)

Professional Summary

Versatile Web Developer & SEO Specialist specializing in end-to-end digital products and search-optimized websites that balance aesthetic excellence with technically sophisticated architecture.

Core competencies

  • UI/UX & Visual Design: End-to-end design process, including wireframing, interactive prototyping, and the development of cohesive brand design systems.
  • Full-Stack Development: Full-cycle website engineering using «vanilla» stacks (HTML5, CSS3, JS) and custom CMS integration (WordPress, Joomla).
  • Performance Engineering: Advanced web optimization specializing in load-time reduction via asset compression, Memcached caching, and HTTP request minimization.
  • SEO & Growth: Technical SEO auditing, semantic core development, and template refactoring to maximize crawlability and search rankings.
  • Digital Marketing Strategy: Integrated market entry campaigns utilizing a synchronized blend of SEM (Search Engine Marketing) and SMM (Social Media Marketing).
  • Web Administration: Full-scale site management, community forum administration, and user engagement optimization.

Technical experience

  • Conceptualized and executed comprehensive user interfaces, including wireframing, interactive UI prototyping, and the creation of cohesive design systems (logos, typography, and iconography) to ensure brand consistency.
  • Engineered fully functional websites and landing pages from initial sketches to production-ready code, utilizing both custom «vanilla» stacks (HTML, CSS, JS) and CMS frameworks (WordPress, Joomla).
  • Drastically improved website and backend performance, achieving a 50% reduction in load times via:
    Optimization: Implemented complex CSS-sprites and advanced PNG compression to reduce total asset size by 45%.
    Code Efficiency: Utilized JS/CSS compressors to minimize script sizes by 55%.
    Caching: Configured Memcached to optimize database/filesystem queries and response times.
    Network Efficiency: Reduced cumulative HTTP requests by 85%.
  • Oversaw full-scale website administration and community forum management, ensuring relevance of information and optimal user engagement.
  • Executed comprehensive SEO audits, refactoring existing CMS templates to improve crawlability, indexing, and search engine visibility.
  • Led SEO strategy and developed semantic cores to drive sustainable organic traffic growth.
  • Launched initial market entry and promotion campaigns using a synchronized blend of SEM (Search Engine Marketing) and SMM (Social Media Marketing) techniques.

Tech Stack (legacy)

  • Frontend: HTML/XML/XHTML, CSS, JavaScript, jQuery
  • CMS & Frameworks: Jekyll, WordPress, phpBB, Joomla, vBulletin
  • Design Tools: Adobe Photoshop, Illustrator, GIMP
  • Documentation & Markup: Sphinx, Markdown, Liquid
  • Productivity: MS Office Suite, Adobe Acrobat

Languages

  • English Advanced
  • Italian Intermediate
  • Russian Native
  • Ukrainian Advanced