Doan Nguyen

Senior DevOps - Cloud Engineer

📍 Ho Chi Minh City, Vietnam

📧 doan.uit@gmail.com | 📞 +84-948-487-784

🌱 Career Journey

📚 Education

Bachelor of Engineering – University of Information Technology

🛠️ Technical Skills

☁️ Cloud Provider

  ⁜ AWS                   ⁜ Azure

🧑‍💻 Programming & Frameworks

  ⁜ Java (Spring Boot)    ⁜ Shell Script             ⁜ Dapr 
  ⁜ Nx                    ⁜ .Net                     ⁜ Node

🐳 Containerization & Orchestration

  ⁜ Docker                ⁜ Kubernetes               

🖥️ Infrastructure as Code (IaC)

  ⁜ Terraform             ⁜ Bicep                    ⁜ CloudFormation
  ⁜ AWS SDK

🔄 CICD

  ⁜ Azure DevOps Pipeline ⁜ Github workflow          ⁜ Jenkins
  ⁜ AWS Code pipeline     ⁜ Gitlab CI                ⁜ ArgoCD

🔄 Logging

  ⁜ PLG                   ⁜ ELK                      ⁜ Dynatrace

🔍 Observability & Tracing

  ⁜ Jaeger                ⁜ OpenTelemetry

🛡️ DAST/SAST

  ⁜ Snyk                  ⁜ Rapid7                    

🚀 Highlighted DevOps & Cloud Architecture Projects

• Private EKS Hosting for .NET Backend API
• Migrating Legacy .NET Desktop Application To Azure AKS Microservices
• Cloud Migration of On-Premise IIS Application to Azure
• Standardized CI/CD Templates for Multi-Project Migration to Azure DevOps

Private EKS Hosting for .NET Backend API

  ⁜ EKS                   ⁜ Cloudfront              ⁜ EC2
  ⁜ SSM                   ⁜ Transit Gateway         ⁜ Direct Connect
  ⁜ VPC                   ⁜ Site-to-Site VPN        ⁜ Global Accelerator
  ⁜ Route 53              ⁜ ALB                     ⁜ Certificate Manager

• Provisioned infrastructure using Terraform, ensuring consistency, version control, and repeatability.
• Designed and deployed a Private Amazon EKS cluster to host a .NET backend API.
• Implemented secure connectivity to On-Premise SQL Server via Transit Gateway and AWS Direct Connect.
• Configured Site-to-Site VPN for third-party integration with on-premise servers.
• Architected traffic routing using Cloudflare → Application Load Balancer (ALB) → EKS.
• Automated deployment and release management with Helm and ArgoCD.

Migrating Legacy .NET Desktop Application To Azure AKS Microservices

  ⁜ AKS                   ⁜ Application Gateway     ⁜ App Service Webapp
  ⁜ SQL Server            ⁜ Redis                   ⁜ Azure Cosmos
  ⁜ VNET                  ⁜ KeyVault                ⁜ P2S VPN

• Cloud Architecture Design – Designed end-to-end Azure Cloud architecture with strong focus on scalability, security, and private networking.
• Infrastructure as Code (IaC) – Provisioned infrastructure using Terraform, ensuring consistency, version control, and repeatability.
• Microservices & Containerization – Refactored legacy .NET desktop app into AKS-based microservices, fronted by Application Gateway with private IPs.
• Secure Networking – Implemented private endpoints + private DNS for SQL Server, Blob Storage, Key Vault, Cosmos DB, and Redis to eliminate public exposure.
• Developer Access – Configured Azure P2S VPN for developers to securely connect to SQL Server from local machines during development.
• CI/CD Automation – Built Azure DevOps pipelines to automate build, test, and deployment. GitOps with ArgoCD & Helm – Integrated ArgoCD for GitOps-driven continuous delivery into AKS, using Helm charts for deployment templates and versioning.
• End-to-End Observability – Integrated tracing, logging, and monitoring to ensure smooth operations and faster troubleshooting.

Cloud Migration of On-Premise IIS Application to Azure

  ⁜ Frontdoor             ⁜ Appservice Webapp       ⁜ Static Webapp
  ⁜ SQL Server            ⁜ P2S VPN                 ⁜ Blog Storage
  ⁜ Commnuication Service ⁜ Private Endpoint        ⁜ VNET

Modernize and migrate a legacy on-premise IIS-hosted application (Angular SPA + .NET Web API backend) to Azure Cloud with a secure, scalable, and automated deployment architecture.

Key Contributions & Architecture

• Migrated Angular SPA frontend to Azure Static Web Apps and .NET Web API backend from on-premise IIS to Azure App Service (Web App), hosted securely in a private VNet.
• Designed and provisioned infrastructure using Terraform (IaC) for consistency and reusability.
• Integrated Azure Front Door as a global entry point for secure and performant routing to backend services.
• Configured Point-to-Site (P2S) VPN to enable developers to securely connect to Azure SQL Database within the private network.
• Implemented Azure DevOps pipelines for CI/CD to automate build, test, and deployment processes.
• Adopted infrastructure-as-code workflows to ensure repeatable, auditable deployments.
• Applied network isolation and private endpoints for backend APIs and SQL server to minimize attack surface.

Standardized CI/CD Templates for Multi-Project Migration to Azure DevOps

  ⁜ CICD                  ⁜ Azure DevOps Pipeline   ⁜ Template
  ⁜ Security Scanning     ⁜ Secret Managemenet      ⁜ RBAC      

The company initially relied on Jenkins pipelines for CI/CD across multiple projects (both .NET and Java/Tomcat). Each project had its own pipeline, which caused high maintenance effort, inconsistent workflows, and slow onboarding for new projects.

Contribution

• Led the migration from Jenkins to Azure DevOps Pipelines (ADO), focusing on building a scalable, reusable CI/CD framework.
• Designed and implemented Azure DevOps Pipeline templates, enabling projects to adopt a standardized CI/CD process with minimal customization.
• Established a plug-and-play CI/CD model where new projects could be onboarded by simply referencing the relevant template.
• Developed reusable templates for:
  • .NET build & IIS deployment
  • Gradle build & Tomcat deployment
  • DAST & SAST security scanning
  • Automation test
  • Rollback deployment

Impact

• Reduced pipeline creation time for new projects from days to a few hours.
• Ensured consistency and compliance across all CI/CD pipelines.
• Minimized maintenance overhead, as updates to templates automatically applied across projects.
• Accelerated adoption of modern DevOps practices company-wide.