Pavel Vařenka

Platform Engineer at @SemanticVisions

City: Prague, Czechia

• Email: pavel.varenka@protonmail.com
• Phone: 732967832
• Website: linktr.ee/pavelvarenka
• LinkedIn: linkedin.com/in/pavelvarenka

Summary

Platform Engineer with a strong passion for Cybersecurity and DevOps. Constantly striving to improve by staying updated in the professional field and technology overall. Current focus revolves around Dev(Sec)Ops, microservices (Golang/C#/Python), cloud (GCP/AWS/Azure), Infrastructure-as-Code, observability, and automation (SRE). Experienced in secure network architecture, SIEM, penetration testing, cloud security, system administration, and large-scale infrastructure automation. Primary goal is combining cloud security knowledge with DevOps and SRE principles. Advocate for open-source (CNCF), automation, re-usability, and the shift-left approach.

Work Experience

Sep 2024 – Present

Platform Engineer at Semantic Visions

Prague, Czechia

Jun 2021 – Present

Various Clients - Freelance

Prague, Czechia

Duties included: DevOps/Platform Engineering projects, both short and long-term ones.

Nov 2023 – Aug 2024

Senior Platform Engineer at Mews

Prague, Czechia

Duties included:

- Managing Azure resources (Container Apps, App Services, SQL server, ServiceBus,...)

- Building an internal SDK for developers using Pulumi and C# to enable self-service infra provisioning

- Handling SRE, incident management, and troubleshooting production issues

- Taking care of CI/CD - GitHub Actions, Octopus Deploy, Azure DevOps

- Monitoring using New Relic, Sentry and Grafana

- Participating in system design, direction of our product, as well as scaling and bigger initiatives

- Trying to automate everything we can :-)

Jan 2023 – Aug 2023

DevOps Engineer at GWI

London, England, United Kingdom

Duties included:

- Code reviews and support of developers

- Google Cloud administration

- Infrastructure-as-Code using Terraform

- Maintaining dozens of Kubernetes clusters

- Promoting DevOps culture and best practices

- Open Policy Agent implementation

- Enhancing monitoring stack (Loki, Thanos, Consul, Tempo, Prometheus, Grafana) and SRE practices

- Automation using GitOps (Atlantis/ArgoCD)

- Light programming in Go and Rego

- Bash and Python

- CI/CD (Drone and Github Actions) + Helm

- DevSecOps and security topics (OPA, networking, Kubernetes and container vulnerabilities,...)

- Open-source tooling and cost optimization

- Experimenting with distributed systems and novel solutions

May 2022 – Jul 2023

DevSecOps Engineer at CleverMaps

Prague, Czechia

Duties included:

- Focused on Infrastructure-as-Code (Terraform/Terragrunt)

- DRP/BCP execution, GitOps workflow (Flux, ArgoCD, Bitbucket Pipelines, monorepo, Helm/Kustomize)

- Kubernetes (EKS) maintenance

- Security revamping

- Backend service migration, and new dev environment creation.

Technologies:

- Terraform/Terragrunt

- Bitbucket Pipelines

- FluxCD, GitOps

- AWS/Azure

- Docker, Kubernetes on EKS

- Grafana/Prometheus

Feb 2022 – Dec 2022

Security Engineer at Smartlook

Remote

Duties included:

- Compliance

- AWS threat hunting

- Vulnerability scanning, security hardening, ad-hoc mitigation

- Penetration testing, implementing new security tools

- Code review, and cooperation with development/DevOps teams on infrastructure security

Nov 2021 – Feb 2022

Penetration Tester at Auxilium Cyber Security

Prague Metropolitan Area

Duties included:

- Penetration testing (automotive/IoT/hardware/internal/external infrastructure)

- Threat hunting

- Research (automotive/SCADA vulnerabilities) for corporate clients (logistics, transportation, government)

Jan 2021 – Nov 2021

Information Security Consultant at DataSpring s.r.o.

Praha - metropolitní oblast

Duties included:

- Vulnerability assessment

- Systems hardening (Debian/RHEL, Windows)

- Maintaining/creating on-prem security infrastructure, network architecture design

- Security-focused software engineering input

- SIEM analysis, SOC mentoring - experience with VMware, firewalls, IPS/IDS, SIEM, VM cluster maintenance, network segregation

Feb 2019 – Jan 2021

Editor at Letem Světem Applem

Duties included: Reporting on tech news, research/articles on information security and current events.

2013 – 2016

Assistant Editor at Zing.cz

Duties included: News, reviews, technology-related commentaries.

Education

2020

High School Diploma - Všeobecný, Gymnázium Písek

2016

Middle School - Základní škola Jana Husa v Písku

Skills

• Large Language Models (LLM) & Machine Learning
• DevOps
  • DevSecOps
  • SRE
  • Automation
  • CI/CD (GitHub Actions, Octopus Deploy, Azure DevOps, Drone, Bitbucket Pipelines, FluxCD, ArgoCD)
  • GitOps (Atlantis)
• Cloud Computing
  • AWS
  • GCP
  • Azure
• Infrastructure as Code
  • Terraform
  • Pulumi
  • Terragrunt
• Containers & Orchestration
  • Docker
  • Kubernetes (EKS)
  • Helm
  • Kustomize
• Observability & Monitoring
  • Prometheus
  • Grafana
  • Loki
  • Thanos
  • Consul
  • Tempo
  • New Relic
  • Sentry
• Cybersecurity
  • SIEM (IBM QRadar)
  • Penetration Testing
  • Vulnerability Assessment & Scanning
  • Security Hardening
  • Cloud Security (AWS Threat Hunting)
  • Open Policy Agent (OPA)
  • Network Security (Firewalls, IPS/IDS)
• Programming & Scripting
  • Golang
  • Python
  • C#/.NET
  • Bash
  • Rego
• System Administration
  • UNIX/Linux (Debian, RHEL, CentOS)
  • Windows
• Databases
  • SQL Server
• Messaging
  • ServiceBus
  • Kafka

Languages

• Czech (Native or Bilingual)
• English (Full Professional - C1 Score 199)
• German (Limited Working)

Certifications

• AWS Certified Solutions Architect – Associate (SAA-C02)
• Amazon Web Services Cloud Practitioner
• DevOps Foundations: Site Reliability Engineering
• GDPR Compliance: Essential Training
• IBM QRadar SIEM Foundational Analyst
• Cambridge English C1 Advanced (Score 199)