Franck TOUNGA

AWS Architect & DevOps Lead | Kubernetes & OpenShift Expert | 4x AWS – Terraform – Prometheus Certified | Repreneur stratégique (1–7M€ CA)

Achères, Île-de-France, France

About

As an AWS Architect and DevOps Engineer with a decade of rich experience, I excel in creating resilient cloud and on-premise architectures, underscored by a robust skill set in AWS, Kubernetes, OpenShift, and automation tools such as Prometheus, Terraform, GitLab, and Ansible. My journey has been marked by a commitment to continuous learning, as evidenced by certifications including AWS Solutions Architect, Certified Kubernetes Administrator, and several others that have honed my technical prowess. My professional impact is quantifiable: I've architected cloud solutions that have streamlined operations, leading to a 40% boost in system efficiency and a 25% reduction in downtime. Initiating and driving a CI/CD pipeline, I've slashed deployment times by half, reinforcing my firm belief in innovation through automation. Currently, I am seeking to leverage my skills and suite of certifications in a Senior AWS Architect or Lead DevOps Engineer role that focuses on cloud transformation, containerization, and crafting cutting-edge continuous delivery pipelines for dynamic tech enterprises. 🧭 In parallel, I am actively exploring opportunities to acquire a small, healthy business (1–2M€ in revenue), preferably in a simple, non-regulated sector, with potential for remote management and long-term value creation. My goal is to build a profitable asset generating stable cash flow, with the ambition to scale, optimize, and eventually sell or group it with complementary businesses.

Experience

  • Expert sécurité containers & OpenShift | Kubernetes | Cloud AWS at BPCE Solutions informatiques
    Aug 2024 - Present · 2 yrs

    Container & Cloud Security Project: Hardening of Kubernetes/OpenShift environments and cloud infrastructure, image pipeline security, secret management, and DevSecOps enablement. Role: Container & Cloud Security Expert – OpenShift / Kubernetes / AWS - Deployed Kata Containers on OpenShift clusters to isolate vulnerable workloads (e.g., Jenkins with critical CVEs), improving runtime security and evaluating performance impacts on volume sharing and pod startup times. - Designed secure CI/CD pipelines on OpenShift, automating the patching and hardening of Red Hat UBI8/UBI9 container images via ImageStreams, BuildConfigs, and publishing them to an internal trusted registry (Liberty catalog / Harbor). - Implemented Twistlock (Prisma Cloud) for cluster-wide vulnerability scanning, compliance monitoring, and container runtime protection across OpenShift workloads. - Integrated Cosign to enforce image signing and verification before deployment, securing the software supply chain and ensuring only trusted containers reach production. - Integrated CyberArk Conjur for secure secrets management within OpenShift, using SecretProviderClass, supporting dynamic secret injection, versioning, and RBAC policies. - Led cross-team DevSecOps enablement, coaching development squads on Kubernetes/OpenShift best practices: RBAC, SCC, Seccomp, Admission Controllers, and NetworkPolicies. - Provisioned a secure AWS EKS cluster via Terraform, including IAM configuration, network isolation, and full integration with CI/CD and security scanning processes. Technical stack: OpenShift 4.x, Kubernetes, Jenkins, Terraform, AWS (EKS, IAM, S3), UBI8/9, Twistlock (Prisma Cloud), Cosign, CyberArk Conjur, GitLab CI, Helm, BuildConfig, ImageStream, Harbor, Linux, Seccomp, SCC, Admission Webhooks, Liberty registry.

  • EDF (Ville de Paris, Île-de-France, France)
    • DevOps | AWS Solution Architect
      Nov 2022 - Apr 2025 · 2 yrs 6 mos

      As part of the back office overhaul in a hybrid environment based on OpenShift and Kubernetes, I was tasked with defining and implementing the hybrid network architecture for the SENARIO, SYNEMA, CAMERA applications. Responsibilities: AWS/ Design of a hybrid network architecture: Use of AWS Direct Connect to link the on-premise infrastructure to AWS, ensuring a reliable and low-latency nework connection for the applications. Integration with VPC for secure and isolated access to AWS resources. - Technical architecture definition: Establishment of a hybrid architecture including EC2, S3, CloudFront, ELB, EKS, SQS, SNS, Lambda, API Gateway, VPC Peering, CloudTrail, GuardDuty, Security Hub, AWS Organization Landing Zone, WAF, and integration with OpenShift for container orchestration. - Technical implementation choices: Angular, Java, Spring Boot, ActiveMQ, DataWarehouse, DataLake, Tableau, OAuth2, Docker, Kubernetes. Implementation of Swagger for the REST API services. - Cloud infrastructure sizing: Scripting of VMs and deployment via Terraform for effective Infrastructure as Code (IaC) management and easier versioning. - Writing of Technical Architecture Documents (TAD). - CI/CD implementation: Continuous integration and continuous deployment for the applications, using modern tools and DevOps practices. - Writing OpenShift manifests: Configuration of DeploymentConfig, NetworkPolicy, Service, ServiceAccount, PVC, Storage, StorageClass, Ingress, etc. - Monitoring solution implementation: Use of Prometheus to proactively monitor the infrastructure and applications

    • Openshift Devops Expert - (AWS | Kubernetes | Ansible | Prometheus | Terraform)
      Sep 2022 - Apr 2025 · 2 yrs 8 mos

      As part of the redesign of their back office in a Kubernetes environment, I am in charge of the architecture design of 3 applications: SENARIO, SYNEMA, CAMERA. Responsabilities: - Openshift installation in provisionned user mode on EC2 VM. Network configuration. Operator installation for monitoring, data storage, search engine(Prometheus, Postgresql, Elasticsearch) - Cluster administration: Ldap authentication as Identity provider, Role config, groups, servicesAccount with security context constraints - Choice of technical implementation: Angular, Java, Spring Boot, ActiveMQ, DataWarehouse, DataLake, Tableau, postgresql, Oauth2, Docker, Kubernetes. - Cloud infrastructure sizing and VM scripting to facilitate versioning and deployment throught Ansible, and Terraform. - Design of the continuous integration chain(CI/CD): Jenkins, Ansible, Sonar, nexus, Docker, kubernetes - Redaction of openshift manifests files: deploymentConfig, networkPolicy, service, serviceAccount, PVC, storage, storageClass, routes...etc - Implementation of a monitoring solution: prometheus

  • Ministère de la Justice (Freelance · 1 yr 5 mos)
    • DevOps kubernetes|Openshift Expert
      May 2022 - Sep 2022 · 5 mos

      CI/CD pipelines design on Jenkins for our Kubernetes clusters. - Docker stream image - Kustomize framework Implementation to handle differents environnement more efficiently - manifest packaging throught Helm Cluster monitoring through Prometheus Implementation of Kubernetes good practices within the development team - Implementation of dataTree - scan of docker images, validation of deployed versions, network policy in kubernetes admition controller design Persistent kubernetes volumes provisionning for differents applications Management of roles, and service account provisioned on clusters Environnements: Kubernetes, Jenkings, Helm, Java, SpringBoot, Postgresql, Angular

    • DevOps Technical Lead
      May 2021 - Sep 2022 · 1 yr 5 mos

      The PPN project aims to digitize all criminal proceedings. As part of this program, the SPS squad is responsible for setting up various applications: - Synchronization of DPN files managed at the level of the judicial courts, in order to centralize them. - Implementation of a rights management console Responsibilities: Tech Lead - Team management of 7 software engineers - In charge of deployments on the different test environments • Writing jenkins deployment jobs • Design of kubernetes, pvc, services, secrets, configMap, cronJob, services, egress, pods - Design of the authentication layer throught spring security - Animation of coaching session on Elasticsearch - Implementation of a MOM architecture (Message oriented middleware) with ActiveMQ - Implementation of good craftmanship and calimetry practices on sonar Technical environment: Java 11, Angular 11, Spring Boot 2, Elasticsearch, PostgreSql, Docker, Kubernetes, Openshift, Jenkins, Spring data JPA, Nginx, ActiveMQ

  • DevOps AWS | Kubernetes Expert at Banque de Luxembourg
    Sep 2020 - Aug 2021 · 1 yr

    AWS Landing Zone and EKS Cluster Project: Implementation of a secure and scalable cloud infrastructure on AWS, including the creation of a landing zone and an EKS cluster for container orchestration. Responsibilities: AWS Architect - Deployment of the AWS landing zone via Terraform: Automation of the AWS account configuration, IAM policies, VPCs, and security groups. - Setup of an EKS cluster: Use of Terraform for the automated deployment of the EKS cluster, configuration of IAM roles, and implementation of security policies. - Automation of deployments with Terraform: Provisioning of AWS resources (EC2, RDS, ELB, S3) and management of scalability. - Configuration and management of AWS services: Implementation of CloudFront, Route 53, IAM, and CloudWatch to improve performance and security. - AWS cost optimization: Use of reserved/spot instances and analysis with AWS Cost Explorer to reduce expenses. - Code review and DevOps practices: Guidance on the use of Terraform and AWS, ensuring the quality and security of infrastructures. Technical Environment: Terraform, AWS (EC2, RDS, EKS, VPC, IAM, S3, CloudFront, Route 53, CloudWatch), Docker, Kubernetes, Java, Spring Boot, PostgreSQL, Elasticsearch, Swagger, Angular

  • Senior Java Software Engineer at Renault Digital
    Sep 2019 - Oct 2020 · 1 yr 2 mos

    Golden Eye project: Digitalization of the management of monitoring plans necessary for the design of Renault vehicle parts. Responsibilities: Analyst and Fullstack Developer • Design of the layer responsible for Oauth2 authentication via the IDP keycloack, and in accordance with the OpenIdConnect stack • Integration tests implementation throught Quickperf in order to reduce generated SQL queries. • Swagger implementation for API Rest services • SQL queries optimization to improve performance • Parameterization and improvement of the garbage collector and the JVM via the VisualVM profiler • Optimized docker images - Use of caching - Implementation of docker's multi-stage builder • Nginx configuration as a proxy for the Angular GUI. - Creation of virtual hosts - Configuration of SSL certificate signed by Letsencript • Integration of the OauthModule module and implementation of Guards to manage Oauth2 authentication at the graphical interface level. Technical environment: Java 11, Spring 5, Spring Boot 2, Postgresql, Nginx, Docker, Gitlab, Git, VisualVM, AWS