Resume Ewen BARA – IT architect, DevSecOps and free software engineer

About me

Passionate about information systems, particularly architecture and DevOps, I enjoy testing, observing, and learning about both new and established practices. Naturally curious and quite determined, the pursuit of service optimization is a constant source of motivation. As such, I adapt easily to diverse environments and teams. I can be a mentor and guide when it comes to supporting, informing, and preventing issues, and a leader when it comes to optimizing decision-making to ensure it is fair and appropriate.

Experience

DevOps Engineer / Infomaniak Network SA

September 2025 - Present

Technical Architect / Orange France

February 2024 - Present

Security Architect / Orange France

March 2022 - February 2024

Within the Risk Management and Security team, I supported various projects (System Team TV, Protected Home, Orange Mobile Mail, etc.) by providing my technical expertise in terms of security and architecture.

Support for project teams
- Recommendations on functional and technical changes
- Recommendation on architectures
- Follow vulnerabilities' resolution after security audits
- Validation of network flow requests
- Proposal of technical solutions to respond to security alerts
Implementation of solutions developed by DevSecOps
- Sharing knowledge on developments from the DevSecOps team
- Helping with implementation in CI/CD tool chains
Cybersecurity watch
Technology watch

DevSecOps Architect / Niji

March 2022 - August 2025

DevOps Engineer / Orange Cloud for Business

February 2021 - March 2022

OCB took over the management of the high-traffic mobile application's API.

Maintain operational condition
Redesign of Terraform and Ansible projects to make them usable
- Code factorization by creating modules for Terraform and roles then collections for Ansible
- Implementation of an Ansible testing strategy via Molecule and ansible-test
- Standardization of practices and establishment of best practices
- Tools update
Setting up a Gitflow
- Defining processes to follow
- Configuring of Gitlab groups and projects
- Creating Gitlab-CI templates
Response to customer change requests
- Study of needs
- Architecture proposal and implementation
- Recommendation about the state of the platform and the desired target

IAM Engineer / Adeo

March 2020 - November 2020

My goal was to replace the aging Oracle Directory Server Enterprise Edition solution with the IBM Security Directory Server solution while maintaining the historical platform.

Platform management
- Maintaining Linux servers (RHEL 5-7)
Migration project of LDAP solution from Oracle to IBM
- Installing RHEL 7 servers
- Installation and configuration of the new solution
- Data synchronization
Maintaining and operating tools
- Maintaining the Oracle Directory Server Enterprise Edition Service
- Maintaining the IBM Security Directory Server service
- Maintaining the IBM Security Directory Integrator service

IAM Engineer / Decathlon

October 2017 - November 2019

Platform management
- Maintaining Linux servers (RHEL 6-7)
- Managing Terraform code for deployment to AWS
  - Writing modules for platform deployment
    - EC2 instance creation
    - Managementof Security Group
    - Load balancer management (ELB, F5)
  - Review of submodules used in case of update to determine impacts
  - Manual modifications of tfstate files in case of breaking change
- Writing Puppet modules for configuring services
Scripting (Bash, PHP, Perl)
- Writing scripts for specific needs
- Bug fixes on web tools (PHP, Symfony, Zend)
- Code reviews during deliveries from suppliers
- Creation and use of APIs
Maintaining and operating tools
- LDAP server (PingDirectory)
- Authentication server (PingFederate, SAML, OAuth2)

DevOps et free software engineer / Consort NT

June 2017 - March 2022

Linux System Adminitrator / Scalair

April 2016 - March 2017

Scalair accompagne les entreprises dans la conception de leurs environnements grâce à ses solutions Cloud et réseau.

Deployment of platforms
- Definition of needs
- Installing virtual machines
  - Creation of VMWare virtual machines
  - Installation and configuration of Linux distribution (RHEL, CentOS, Debian, Ubuntu)
- Installation and configuration of services
  - WEB services: NGINX, Apache, PHP, Tomcat, HAProxy
    - Setting up VirtualHosts
    - Certificate generation and SSL/TLS configuration
    - Creating redirects
    - Application deployment
    - Middleware tuning
  - Centralized authentication service
    - Management of configurations in "legacy" and "in base" mode
    - Creating the tree and objects with LDIF
    - Creating schemas
    - Configuring connectors
    - Installation and configuration of management scripts (useradd like)
    - Instance replication
    - Setting up the backup
  - Docker (for specific needs)
    - Installation and configuration of the service
    - Creating and maintaining images
- Configuring filtering and NAT rules (Stormshield)
- Configuration of monitoring (Centreon)
  - Add system monitoring
  - Implementation of L7 monitoring (application)
  - Specific script development
  - Poller deployment
- Writing technical documentation
Slow platform audit and optimization
- Reproducing slowness issues
- Metrics gathering
- Correction of configurations or change of solution
- Writing audit reports
Maintaining systems in operational condition
- Incident management
- Analyze the root cause
- Correction of monitoring (Centreon/Nagios)

System and Network Administrator / Unis

July 2014 - March 2016

Maintaining systems in operational condition
- Incident management
- Analyze the root cause
- Correction of monitoring (Zabbix)
- Automation of maintenance tasks to prevent incident (Bash, PowerShell)
Redesign of the network
- Design of the new network
  - VLAN and subnet division
- Choice of material according to constraints
  - Number of RJ45 ports
  - Number of WIFI terminals depending on the area to be covered
- Hardware setup and configuration
  - Cisco ASA, switch Catalyst, Cisco Aironet
Security audit and upgrade of Linux servers and services provided
- Inventory of the services provided by each server
  - WEB services: Apache, Tomcat
  - CI: GIT, Jenkins, SonarQube, nexus
    - Installation of services
    - Build CI processes
  - Zabbix monitoring
- Installation of new, up-to-date and secure machines
  - CentOS
  - Authentication with winbind
  - Implementation of Kerberized services
  - Configuring SELinux
- Installation of a log aggregator service
Deployement of VPN
- Testing various VPN solutions
  - IPSec, OpenVPN, PPTP, L2TP
- Installing a Site-to-Site VPN (IPSec)
- Installing a VPN for user (OpenVPN)
  - Creating a package for user
  - Writing documentation (installation and usage)

Production tools developer / Byook

April 2013 - October 2013

BYOOK APPS, créateur d'applications pour les entreprises | BYOOK STORIES, éditeur d'ebooks enrichis associant textes, effets spéciaux et jeux | BYOOK GAMES, studio de jeux vidéos

Maintenance of existing tools
- Upgrade from Qt4 to Qt5
- Fixing conflicts
- Porting tools to make them cross platform
  - OS: Windows, Mac et Linux
  - Langage: C/C++
Development of an internal SDK
- Creation of libraries from existing code
- Replacing duplicated code with libraries
- SDK Documentation

Volunteer

Admin Core / French Data Network

October 2023 - March 2026

FDN (French Data Network) is a non-profit Internet service provider. Founded in June 1992, it is the oldest ISP in France still in operation.

Operating on a completely voluntary and selfless basis, the association now provides several hundred ADSL, VDSL, FTTH and VPN lines across the country.

Authoritative DNS
- Implementation of auto-managed DNSSEC
- Transformation of zones deployment chain (Gitlab-CI, shell)
Puppet code improvment
...
Data center interventions

Certificates

Red Hat Certified Engineer in Ansible

April 2024

Red Hat Certified Engineer in Enterprise Linux

April 2024

ITIL 4 Foundation

October 2021

DenyAll Web Application Firewall version 5.5

September 2016

Education

Bachelor, Cycle d'ingénierie

October 2014 - March 2016

Bachelor, Cycle préparatoire

November 2011 - June 2014

Bachelor, Sciences et technologies industrielles

September 2008 - June 2011

Skills

DevOps

Infrastructure as Code: Terraform, Pulumi

Configuration management: Ansible, Puppet, SaltStack

CI/CD: Jenkins, Gitlab-CI, Travis-CI

GNU/Linux

Distribution: Arch Linux, Rocky/RedHat, Debian

Web: Apache, NGINX, Tomcat, PHP, DenyAll WAF, HAProxy, F5

FTP: vsftpd, tftpd

Database: MySQL, MariaDB, Galera, PostgreSQL

Mail: Dovecot, Postfix, Exim

Security: iptables/nftables, SELinux, GnuPG

Authentication: PAM, winbind, OpenLDAP, Kerberos, PKCS #11, PingDirectory, PingFederate, SAML, OAuth2

Monitoring: Zabbix, Prometheus, Centreon

Others: systemd, ISC DHCP, BIND 9, nfs, samba, rsync, Linux I/O (iSCSI), GLPI, sshd, PXE, git, OpenVPN

Microsoft Windows

Windows Server 2003 - 2012R2

Active Directory, Group Policy Object

Windows Server Update Services

DHCP, DNS

Windows Deployment Service

Windows XP - 11

Hyper V

Cisco CCNA & Security

Cisco IOS

Cisco ASA

C/C++

Bash

Python

PHP / SQL

PowerShell

Languages

French · Native speaker
English · Professional working proficiency