About Me
I am currently working and still learning to be a DevSecOps & Support Lead at a Batumbu Fintech Company, an affiliate company of Validus Capital.
Having experience in the financial services industry and technology industry means that I still have to keep learning with the rapid development of technology.
I’m passionate about DevSecOps Culture | Site Reliability Engineering | Cloud Compute & Security | Product Engineering | Network Engineering.
Because of that passion, I wanted to try writing something I might have experienced or learned about. I am also creating a blog and a special page at devsecops-culture.com.
Experience
PT Berdayakan Usaha Indonesia ( Batumbu ) ( November 2023 - Present)
Position: DevSecOps Manager
- To be input
PT Fliptech Lentera Inspirasi Pertiwi ( Flip ) ( September 2022 - November 2023)
Position: Senior Security Engineer + Site Reliability Engineer
- Launching private bug bounty platform on Hackerone.
- Manage reports from Hackerone and guide developer to fixing/patching.
- Create and launching VDP page (vdp.flip.id), submission to Hackerone.
- Create a documentation and rules related to security.
- Create a policy document for the secret manager and guide for legacy services to use the secret manager to store sensitive keys.
- Collaborating with the SRE team to create shift left security by implementing SAST, Secret Detection, SCA / Dependency Analysis, Container Image Scan in Pipeline CI/CD and the report in the store to and can be accessed from the Defect Dojo.
- Make a plan and research for the implementation of IDS / IPS.
- Make a plan and research for the implementation of SIEM.
- Research about RASP.
- Research on policy tools for kubernetes
- Participate in the on-call schedule and become the main person in handling incidents + security incident and making post mortems / RCA.
- More handle towards cloud security on Flip.
- Preparation for ISO 27001.
- Plan to migrate dev and staging subdomain to different to different domain.
- Research related to service mesh for internal service to service mTLS communication using Istio or Traffic director
- Create a custom script for automate healthcheck.
- Create script / bot slack service for integration between Hackerone and Clickup (task management), every time there is a new report, a clickup task card will be automatically generated. But rely on messages from Slack. Hackerone > Slack > Clickup
PT Fliptech Lentera Inspirasi Pertiwi ( Flip ) ( March 2022 - September 2022)
Position: Security Engineer + Site Reliability Engineer
- Main person for migrate all infrastructure and system from Alibaba cloud to Google Cloud Platform.
- Provisioning infrastructure and systems using infrastructure as code (Terraform)
- Main person for project rebrand bigflip.id to flip.id/business and business.flip.id.
- Provision and manage of new environment for new services outside of legacy environment / legacy system ( Dependency like Pub/Sub,Cloud SQL, Memorystore, GCS bucket, Google Cloud Load Balancer, APM, Logs, Metric, Secret Manager) , CI/CD pipeline for new service to all environment ( development, staging, production ).
- Participate in the process of integrating flip x amartha.
- Manage private bug bounty report by email (Create email for specific bug bounty report mail).
- Manage pentest report by 3rd parties and doing pentest byself in the weekly or monthly
- Main person for manage RBAC / IAM / Group mail.
- Research related SAST tools for Snyk and Sonarqube
- Implement SSO for internal platform tools (Making some internal platforms only accessible using SSO or IAP Proxy).
- Implement zero trust IAP proxy to access infrastructure located in GCP (developer access requirement), setup VPN only for SRE team.
- Review the security group and change it to be more secure.
- Participate in the on-call schedule and become the main person in handling incidents + security incident and making post mortems / RCA.
- Create documentation related to the comparison between bug bounty platforms (Hackerone, Bugcrowd, Yeswehack).
- Manage and monitor google security command center.
- Manage rules and enable WAF on cloudflare platform.
- Secret manager implementation for new services. Moved all secrets in git/source code repository to secret manager.
- interviewed candidates for senior SRE
PT Fliptech Lentera Inspirasi Pertiwi ( Flip ) ( August 2021 - March 2022)
Position: Site Reliability Engineer
- Manage all infrastructure on production, staging and development environment ( Alibaba Cloud and Google Cloud Platform).
- Participate in the on-call schedule and become the main person in handling incidents and making post mortems / RCA.
- Create and maintenance observability of application or service ( Dashboard metric, logging, APM ) on Datadog.
- Build CI/CD with step build, integration / automation test, deploy .
- Create SLA, SLI, SLO.
- Implementation Argo CD for continous deployment purposes and gitops workflow. And developers only get access to the gitops repository and argocd , not directly to the kubernetes console / CLI. Changes only occur and are recorded in the commit source code repository and argocd.
- Improvement security system and be security specialist in Flip (Manage private bug bounty report, pentest report and security related (RBAC / IAM / Group mail))
- Migrate some application run on VM to Kubernetes .
- Provision and manage of new environment for new services outside of legacy environment / legacy system ( Dependency like Rabbitmq,RDS, Redis, OSS bucket, Load Balancer, APM, Logs, Metric) , CI/CD pipeline for new service to all environment ( development, staging, production ).
- Set ACL bucket with millions privacy data (PII) from public to private
- Created monitoring core network infrastructure system. (Cloud NAT, VPC, VPN, VPC Peering)
- Create error page for all status code except 20x and 30x.
- Review the existing security group and create a new security group for each instance.
- Create monitoring connection to 3rd parties. (Dashboard VPN, NAT and Alerting).
- Implementation velero for backup recovery kubernetes workload.
- Make all external Instances, become private instances (with private IP VPC and limited access security group).
- Manage cloudflare platform for CDN and WAF
PT Berdayakan Usaha Indonesia ( Batumbu ) ( October 2020 - August 2021)
Position: DevOps Engineer
- Manage all infrastructure on production and staging environment ( Alibaba Cloud and Google Cloud Platform ).
- Manage all microservices application on production and staging environment (Google Kubernetes Engine).
- Build new infrastructure environment on Google Cloud Platform. • Migration from Alibaba Cloud environment to Google Cloud Platform Environment and Migration from monolithic application or legacy application to microservice application.
- Maintenance System Server and Platform Product. • Build CI/CD for deployment application with Jenkins CI / CD and Bitbucket pipeline.
- Create automate scaling and high availability.
- Build Ansible Playbook for provisioning automation.
- Build and manage monitoring with Prometheus + Grafana and Google Cloud Monitoring.
- Build logging system with stackdriver or Google Cloud Logging.
- Implementation Hashicorp Stack (Nomad + Consul and Vault) for another project of Batumbu.
- Supervisi to Vendor Team (Developer) from regional (Validus Singapore).
- Implementation Istio Service Mesh for Ingress API Gateway and Service Discovery
Sekolah Digital Cilsy ( October 2020 - April 2021)
Position: DevOps Instructor
- Become an Instructor at 3 Batch ( 7, 9 and 13 ) and got the best instructor award.
- Become an instructor according to the module provided by the Sekolah Digital Cilsy. And share knowledge related to DevOps knowledge.
- Teaching related to Basic Networking, Linux and Basic Programming, Ansible, AWS, API, Docker, Kubernetes, CI/CD with Jenkins, Logging with Elastic Stack, Monitoring Metric with Prometheus and Grafana, and Terraform.
PT Digital Alpha Indonesia ( Uangteman ) ( February 2020 - October 2020)
Position: DevOps Engineer
- Manage all infrastructure on production and staging environment ( Hybrid Cloud / VmWare Based )
- Manage all microservices application on production and staging environment (OKD / Openshift Community)
- Build staging environment with OKD Platform from scratch.
- Install and Troubleshooting System Server or Platform Product.
- Build CI/CD for deployment application with Teamcity, GoCD and Nexus OSS for Repository.
- Build automation scaling and high availability.
- Build Ansible Playbook for provisioning automation.
- Build and manage monitoring, logging and alerting application / infrastructure with Grafana, Prometheus, Kubewatch, InfluxDB, Elasticsearch, Fluentd, Kibana.
- RnD for migration to Google Cloud Platform based in Indonesia.
PT IT Group Inc ( June 2019 - December 2019)
Position: DevOps Engineer
- Work by project and troubleshoot or manage services
- Install and Maintenance Redhat Product ( RHEL, Satellite, Openshit Container Platform, Ansible ) and Other Product ( Nexus, Jenkins, TeamCity, Prometheus, Elastic Stack, etc )
- Troubleshooting System Server or Platform Product.
- Build Ansible Playbook for provisioning automation .
- Build pipeline CI/CD for deployment application with Jenkins,Teamcity,Gitlab.
- Monitor application and infrastructure with Prometheus + Grafana and Elastic Stack
- Experience on project client :
- Danamon Bank ( Build Ansible Playbook for manage credentials),
- Telkomsel ( Upgrade version of Openshift from 3.6 to 3.11),
- Commonwealth Bank (Deploying application to Openshift Production Environment with Teamcity CI/CD),
- Lintasarta (Custom Openshift Web Console),
- OCBC NISP Bank (Build Devops Toolchain (Gitlab,Nexus Sonatype,Jenkins,Ansible Tower) with Installing Openshift Container Platform version 4).
PT Varnion Technology Semesta ( October 2016 - June 2019)
Position: Network Engineer / Specialist
- WAN (Internet) / LAN Client and Data Center network monitoring.
- Analyze and Troubleshooting problems on WAN (Internet) / Client LAN and Data Center.
- Routing, switching, subnetting and things related to the activation of internet connections on the WAN / LAN Client network and servers in the Data Center.
- Analyze Client’s technical requests and implement related Client technical requests and provide technical consultations to the Client.
- Presenting related requests or technical problem that occur in the Client.
- Managing IIX (Local) and IX (International) Network Routing using BGP Dynamic Routing.
- Regulate Internal Bandwidth and Backbone (POP-Client), IIX (Local) and IX (International).
CV Bentang Inspira Teknologi (April 2015 - April 2016)
Position: Network and System Engineer
- Network and server maintenance.
- Become an administrator or configure server and network devices.
- Analyzing and troubleshooting servers and network devices.
- Install LAN and Internet. • Become an IT Support / Helpdesk (if needed).
- Experience on project client :
- Gedung Sate or Sekretariat Daerah Jawa Barat ( Manage Network and System Infrastructure),
- Dinas Tenaga Kerja Kota Bandung ( Manage Network and System Infrastructure for web application disnaker.bandung.go.id ),
- Kementerian Dalam Negeri ( Install ISPConfig for web application dukcapil ),
- Kementerian Desa dan daerah Tertinggal ( Install Openstack Orchestrator + Ceph Storage with hardware server and network device ).
PT Solusi Aksesindo Pratama / Netzap Broadband Internet (internship) (January 2014 - April 2014)
Position: Technical Support
- Conducting surveys for the installation of internet clients.
- Installing internet with wireless devices on the BTS and Client side.
- Analyze and solve problems on the internet network.
Certification:
Toolset
Tech Toolset
| System Operation |
|
| Automation Tools |
|
| Api Gateway / Service Mesh / CNI |
|
| CI/CD |
|
| Monitoring & Observability |
|
| Orchestrator VM / Container |
|
| Programming Language (Basic) |
|
| Databases/Datastores |
|
| IDEs |
|
| Cloud |
|
| Others/Misc |
|
| Network Device |
|
| Server Device |
|
Security Toolset
| Vulnerability Management / Dashboard |
|
| SAST |
|
| SCA & Image Scanner |
|
| Secret Scanner |
|
| SBOM Generator |
|
| WAF / DDoS / BOT Mitigation |
|
| Runtime Security |
|
| SIEM / XDR / NGAV |
|
| Penetration Testing |
|