Cloud Enterprise Architect

• Dec 2019 - Present

Building and executing cloud migration plans for highly regulated workloads (telcos, financial institutions, public sectors) through an holistic analysis of business, regulatory and technical requirements.- Defining migration strategy and architecture (AWS and Azure) based on existing assets, skills, budget and timing: 7R; retire, retain, rehost, relocate, repurchase, replatform, refactor- Designing migration scenario and architecture in compliance with applicable standards (ex: PCI-DSS, PCI-TSP, GSMA SAS, eIDAS); including interactions with the bodies in charge when a change request is necessary (many standards have not been designed with the cloud in mind)- Identifying and addressing sovereignty requirements through data location, encryption, enclaves (AWS Nitro Enclave, Azure SGX), attestations and in-HSM processing.- Directly engaging with customers to present the migration plan and get their approval.Providing IDEMIA presales, product and operational teams with AWS and Azure architecture expertise:- Resilience: 3-9s to 5-9s architectures, disaster-recovery, geo-redundancy, critical path analysis, blast radius analysis, predictive availability calculation, immutability, IaC, self-healing, 12-factor-app design- Containerization and Serverless migration: Docker, K8S, AWS Fargate, AWS EKS, AWS Lambda, Azure AKS.- Automation: infrastructure as code, immutability, blue/green, Terraform- Data security and confidentiality: encryption with KMS/HSM, defense in depth, multi-layer encryption, confidential computing, data classification, risk assessment (NIST), threat modeling.Engaging with customers during presales to push forward IDEMIA cloud-first strategy:- Presenting how the cloud benefits them (agility, resilience, scalability, location, security)- Identifying and addressing cloud hesitancy/refusal- Addressing customers' security and compliance concerns- Debunking cloud myths Show less

Enterprise Architect

• Nov 2015 - Dec 2019

Leading the replatforming of IDEMIA digital services to an automated container stack (Docker, Kubernetes, Salt Stack):- Analyzing and defining a containerization and migration path for each service, with the support of each product team and in coordination with the product stakeholder (budget, TTM, skills)- Evangelizing and training all product architects- Supporting all teams as they went through the long and often difficult replatforming processIn addition, sponsoring the adoption of immutability, 12-factor-app and infrastructure as code where it provided a positive return on investment.Lead architect for IDEMIA digital hosting modernization:- Defining the strategy and architecture based on business, regulatory and technical requirements, in an heavily regulated context with resilience requirements (from 3-9s to 4-9s, plus disaster recovery)- Driving technical evaluations and interviews of hosting and service providers- Validating the provider's architecture and deliverables (2 new data centers with managed IT services up to the OS level, plus DBs)- Supporting the services migration from IDEMIA ad-hoc hosting facilities to those new data centersIn charge of reviewing the IDEMIA digital presales offers to ensure alignement with IDEMIA capabilities and strategy. Engaging directly with customers to capture their requirements and build an appropriate and viable hosting strategy.Product Architect for the incubation and 1st release of a green field cloud native mobile network service:- Product architecture and design, based on AWS EKS, AWS DynamoDB and AWS KMS- Leading technical exchanges with OEMs (Apple, Samsung)- Technical presales, answering RFPs and supporting commercial offers and orals Show less

R&D Architect

• Jul 2013 - Dec 2015

Re-architecting IDEMIA flagship digital payment and telco products to: 1. Improve availability up to contractual requirements (typically 3-9s + disaster recovery) 2. Ease validation, operations and certification through architecture and dependencies simplification 3. Modernize and reduce cost of dependencies 4. Greatly reduce certification risks and cost by isolating the certifiable scope 5. Challenge bodies in charge (PCI and GSMA) of the standards to allow the use of modern technologies (ex: virtualization, VLANs) Green-field architecture of the new generation of eSIM remote management system. Coordinating and validating the architecture of the physical product and digital product teams. Enforcing design and architecture practices aligned with business, compliance and regulatory requirements. Show less

Solution Architect and Software Engineer Team Leader

• Sep 2011 - Jul 2013

Senior Software Architect & Engineer, Software Engineer Team Leader

• 2008 - Nov 2011

Senior Software Engineer, Software Engineer Team Leader, SCRUM master

• 2007 - 2008

Senior Software Engineer

• 2004 - 2007

Software Engineer

• 2000 - 2004

Software Developer

• Sep 1998 - Aug 2000