Ewen BARA

Technical Architect / Orange France

Security Architect / Orange France

• Support for project teams

  • Recommendations on functional and technical changes
  • Recommendation on architectures
  • Follow vulnerabilities' resolution after security audits
  • Validation of network flow requests
  • Proposal of technical solutions to respond to security alerts

• Implementation of solutions developed by DevSecOps

  • Sharing knowledge on developments from the DevSecOps team
  • Helping with implementation in CI/CD tool chains

• Cybersecurity watch

• Technology watch

DevSecOps Architect / Niji

DevOps Engineer / Orange Cloud for Business

• Maintain operational condition

• Redesign of Terraform and Ansible projects to make them usable

  • Code factorization by creating modules for Terraform and roles then collections for Ansible
  • Implementation of an Ansible testing strategy via Molecule and ansible-test
  • Standardization of practices and establishment of best practices
  • Tools update

• Setting up a Gitflow

  • Defining processes to follow
  • Configuring of Gitlab groups and projects
  • Creating Gitlab-CI templates

• Response to customer change requests

  • Study of needs
  • Architecture proposal and implementation
  • Recommendation about the state of the platform and the desired target

IAM Engineer / Adeo

• Platform management

  • Maintaining Linux servers (RHEL 5-7)

• Migration project of LDAP solution from Oracle to IBM

  • Installing RHEL 7 servers
  • Installation and configuration of the new solution
  • Data synchronization

• Maintaining and operating tools

  • Maintaining the Oracle Directory Server Enterprise Edition Service
  • Maintaining the IBM Security Directory Server service
  • Maintaining the IBM Security Directory Integrator service

IAM Engineer / Decathlon

• Platform management

  • Maintaining Linux servers (RHEL 6-7)
  • Managing Terraform code for deployment to AWS
    • Writing modules for platform deployment
      • EC2 instance creation
      • Managementof Security Group
      • Load balancer management (ELB, F5)
    • Review of submodules used in case of update to determine impacts
    • Manual modifications of tfstate files in case of breaking change
  • Writing Puppet modules for configuring services

• Scripting (Bash, PHP, Perl)

  • Writing scripts for specific needs
  • Bug fixes on web tools (PHP, Symfony, Zend)
  • Code reviews during deliveries from suppliers
  • Creation and use of APIs

• Maintaining and operating tools

  • LDAP server (PingDirectory)
  • Authentication server (PingFederate, SAML, OAuth2)

DevOps et free software engineer / Consort NT

Linux System Adminitrator / Scalair

• Deployment of platforms

  • Definition of needs
  • Installing virtual machines
    • Creation of VMWare virtual machines
    • Installation and configuration of Linux distribution (RHEL, CentOS, Debian, Ubuntu)
  • Installation and configuration of services
    • WEB services: NGINX, Apache, PHP, Tomcat, HAProxy
      • Setting up VirtualHosts
      • Certificate generation and SSL/TLS configuration
      • Creating redirects
      • Application deployment
      • Middleware tuning
    • Centralized authentication service
      • Management of configurations in "legacy" and "in base" mode
      • Creating the tree and objects with LDIF
      • Creating schemas
      • Configuring connectors
      • Installation and configuration of management scripts (useradd like)
      • Instance replication
      • Setting up the backup
    • Docker (for specific needs)
      • Installation and configuration of the service
      • Creating and maintaining images
  • Configuring filtering and NAT rules (Stormshield)
  • Configuration of monitoring (Centreon)
    • Add system monitoring
    • Implementation of L7 monitoring (application)
    • Specific script development
    • Poller deployment
  • Writing technical documentation

• Slow platform audit and optimization

  • Reproducing slowness issues
  • Metrics gathering
  • Correction of configurations or change of solution
  • Writing audit reports

• Maintaining systems in operational condition

  • Incident management
  • Analyze the root cause
  • Correction of monitoring (Centreon/Nagios)

System and Network Administrator / Unis

• Maintaining systems in operational condition

  • Incident management
  • Analyze the root cause
  • Correction of monitoring (Zabbix)
  • Automation of maintenance tasks to prevent incident (Bash, PowerShell)

• Redesign of the network

  • Design of the new network
    • VLAN and subnet division
  • Choice of material according to constraints
    • Number of RJ45 ports
    • Number of WIFI terminals depending on the area to be covered
  • Hardware setup and configuration
    • Cisco ASA, switch Catalyst, Cisco Aironet

• Security audit and upgrade of Linux servers and services provided

  • Inventory of the services provided by each server
    • WEB services: Apache, Tomcat
    • CI: GIT, Jenkins, SonarQube, nexus
      • Installation of services
      • Build CI processes
    • Zabbix monitoring
  • Installation of new, up-to-date and secure machines
    • CentOS
    • Authentication with winbind
    • Implementation of Kerberized services
    • Configuring SELinux
  • Installation of a log aggregator service

• Deployement of VPN

  • Testing various VPN solutions
    • IPSec, OpenVPN, PPTP, L2TP
  • Installing a Site-to-Site VPN (IPSec)
  • Installing a VPN for user (OpenVPN)
    • Creating a package for user
    • Writing documentation (installation and usage)

Production tools developer / Byook

• Maintenance of existing tools

  • Upgrade from Qt4 to Qt5
  • Fixing conflicts
  • Porting tools to make them cross platform
    • OS: Windows, Mac et Linux
    • Langage: C/C++

• Development of an internal SDK

  • Creation of libraries from existing code
  • Replacing duplicated code with libraries
  • SDK Documentation