Skip to content
View leoleiden's full-sized avatar
πŸ’­
Bad in Black
πŸ’­
Bad in Black

Block or report leoleiden

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
leoleiden/README.md

Leonid Lachmann πŸ‘‹

Building reliable infrastructure ☁️ | From scientific R&D to cloud-native systems 🧬


βœ‰οΈ Connect with me:

LinkedIn DOU Email


πŸš€ About Me

Leonid Lachmann

I bring a 15-year foundation in scientific R&D automation. Since 2016, my work has centered on Drug Discoveryβ€”leading technical automation and managing massive, highly sensitive datasets (50+ million records). This evolved into over 5 years in the IT sector, blending deep Data Engineering expertise with 3 years explicitly focused on DevOps and infrastructure automation. Today, I apply this scientific rigor and strict security mindset to build resilient, highly available (SLA 99.9%) cloud-native infrastructure, core data platforms, and scalable pipelinesβ€”fully focused on both DevOps and Data Engineering.

🌐 Current Focus: Infrastructure reliability, core data platforms (Snowflake, dbt), Kubernetes optimization (HPA, RBAC), scalable hybrid/multi-cloud provisioning, ETL/ELT orchestration (Airflow, Prefect), and secure monitoring stacks.

πŸ§ͺ Domain Expertise: High-throughput screening pipelines, large-scale SQL database management, end-to-end data modeling, Change Data Capture (CDC), and implementing strict network/data isolation.

πŸ’¬ Ask me about: Multi-stage Docker hardening, Helm templating, automated ETL/ELT workflows, and Infrastructure as Code (Terraform).

πŸ” Looking For: Open to challenging DevOps, DataOps, and Data Engineering roles across all industries, with a particular interest in high-load systems, FinTech, BioPharma, MedTech, MilTech, and DefTech.



πŸ› οΈ Technical Stack

Category Technologies
Cloud, PaaS & DWH AWS Azure GCP Snowflake Hetzner Cloudflare Render
Containers, IaC & Security Docker Kubernetes Helm Terraform Ansible HashiCorp Vault
CI/CD GitHub Actions GitLab CI Jenkins
DataOps & ETL/ELT dbt Apache Airflow Prefect Airbyte Apache Kafka Apache Spark KNIME
Monitoring Prometheus Grafana VictoriaMetrics Elasticsearch Logstash Kibana Fluentd / Fluent Bit
Linux Ubuntu Debian Red Hat Oracle SELinux
Languages & DBs Python Bash PostgreSQL MySQL Redis
R&D & Scientific CDD Vault Instant JChem MATLAB Wolfram

πŸ—οΈ Highlighted Projects & Lab Contributions

  • AWS Scalable ECS Cluster via Terraform β€” Provisioned a highly available, serverless web infrastructure on AWS utilizing a modular Terraform architecture. Orchestrated zero-management container execution via Amazon ECS (Fargate), integrated encrypted Amazon EFS for persistent shared storage across tasks, and configured an Application Load Balancer (ALB) to ensure dynamic, cross-AZ traffic distribution for Nginx workloads, ensuring fault tolerance and strict network isolation for high-load environments.

  • Azure Infrastructure-as-Code: Django Deployment β€” Architected a modular Terraform Infrastructure-as-Code (IaC) solution to provision a secure Azure cloud environment for a Django application. Configured a remote state backend via Azure Blob Storage for collaborative workflows and automated zero-touch server bootstrapping using the Azure CustomScript VM Extension, enforcing strict network security with dedicated VNets and dynamic NSGs.

  • On-Premise Monitoring Stack (PoC) β€” Built a secure, scalable monitoring system using VictoriaMetrics, Grafana, and Node Exporter to monitor remote Oracle Linux instances. Integrated with system firewalls (firewalld) and enforced metric-scraping security with SELinux, meeting strict enterprise compliance and zero-trust requirements for bare-metal infrastructure.

  • Automated Hetzner & Cloudflare Infrastructure β€” Architected a fully automated Terraform (IaC) pipeline to dynamically provision and configure secure Hetzner Cloud workloads. Utilized cloud-init for zero-touch Nginx deployment and integrated Cloudflare for automated DNS routing, edge WAF protection, and flexible SSL/TLS encryption. Designed with an "Apply & Destroy" methodology to demonstrate ephemeral resource management and strict cost optimization.

  • Production-Ready CI/CD & Kubernetes Deployment β€” Engineered an enterprise-grade GitHub Actions pipeline featuring dynamic matrix testing, concurrency control, and manual staging approvals for a Django application. Packaged the workloads and a stateful MySQL database into custom Helm charts for scalable Kubernetes orchestration, integrating ephemeral clusters for CI dry-runs and configuring HPA for automated resource scaling.

  • Production-Ready Django Dockerization β€” Containerized a monolithic Django application utilizing multi-stage Docker builds to significantly reduce final image size and enhance security. Configured dynamic Python base images, isolated dependency compilation, and executed build-time SQLite migrations to ensure the container is completely ready to serve traffic immediately upon startup.

  • Event-Driven Extension Architecture β€” Executed a complete migration of the SelectionSK project to Google's Manifest V3 standard. Refactored persistent background logic into an event-driven model using modern Service Workers, ensuring high reliability and strict CSP compliance.

  • Kubernetes RBAC Security Baseline β€” Enforced zero-trust security in K8s workloads. Implemented strict RBAC controls (custom ServiceAccounts, Roles, RoleBindings) combined with container immutability (readOnlyRootFilesystem) for an Nginx deployment. Successfully validated restricted API access and filesystem locks, establishing an enterprise-grade baseline ready for PCI DSS and ISO 27001 compliance audits.

  • Terraform DevSecOps Baseline: Azure OIDC & Remote State β€” Engineered a secure, passwordless Infrastructure as Code (IaC) pipeline. Migrated local state to an isolated Azure Blob Storage backend with State Locking enabled. Implemented federated OIDC authentication via GitHub Actions, completely eliminating static credentials (zero secrets) and establishing an enterprise-grade standard for collaborative infrastructure management.

  • Secure EFK Stack: Nginx Observability & RBAC β€” Architected a lightweight, secure log management pipeline using Elasticsearch, Filebeat, and Kibana. Refactored traditional ELK architecture to an EFK stack to resolve Out-Of-Memory (OOM) constraints and optimize resource consumption. Enforced enterprise-grade security by implementing xpack.security, strict RBAC policies, and API-based credential injection for isolated infrastructure monitoring.

  • K8s Observability Stack: Prometheus & Grafana β€” Instrumented a web application to expose custom metrics and deployed the kube-prometheus-stack via Helm. Configured K8s ServiceMonitors for dynamic scraping and built custom Grafana dashboards using PromQL.


πŸ”₯ Always shipping code
βš™οΈ Automating everything
🧬 Science + Data Engineering + DevOps brain combo

Pinned Loading

  1. aws-terraform-ecs-cluster aws-terraform-ecs-cluster Public

    A production-grade IaC portfolio project demonstrating a modular Terraform architecture to deploy a scalable, serverless containerized web application on AWS ECS Fargate, featuring persistent share…

    HCL

  2. azure-terraform-django-deployment azure-terraform-django-deployment Public

    A professional IaC portfolio project demonstrating modular Terraform architecture, secure remote state management, and automated VM provisioning in Azure.

    Python

  3. production-ready-cicd-django production-ready-cicd-django Public

    Production-ready CI/CD pipeline & Kubernetes deployment (Helm) for a Django app via GitHub Actions. Features matrix testing, Dockerization, and environment gating.

    Python

  4. production-ready-django-docker production-ready-django-docker Public

    Containerized Django application demonstrating Docker best practices, multi-stage builds, and GitHub Actions CI integration.

    Python

  5. on-premise-monitoring-stack on-premise-monitoring-stack Public

    Infrastructure as Code (IaC) setup for a lightweight on-premise monitoring stack (Oracle Linux) using VictoriaMetrics, Grafana, and Node Exporter

  6. SelectionSK_RebirthV3 SelectionSK_RebirthV3 Public

    A modernized Manifest V3 revival of the SelectionSK browser extension for instant access to web tools upon text selection

    JavaScript