Ionut Gavrilut

DevOps

• Github

SAP Commerce Cloud (SAP Hybris) - 9+ Years

• Administered B2C and B2B storefronts for retail companies, ensuring scalability, high availability, and resilience during peak traffic periods such as Black Friday, including bot and crawler management
• Administered, maintained, and optimized SAP Commerce Cloud (Hybris) environments across Development, QA, Staging, and Production
• Managed deployments on private cloud and AWS Linux-based infrastructure, including full platform and Java version upgrades
• Handled build processes using Ant, including deployment management, clustering configurations, and platform properties
• Performed Tomcat tuning and JVM-level optimizations (heap memory, thread pools, GC settings)
• Executed migrations from private cloud to AWS and from on-premise infrastructure to SAP Commerce Cloud (CCv2)

DevOps Technical Skills - 10+ Years

• Administered and maintained Linux/Unix (AL2, AL2023, CentOS, Ubuntu etc) and Windows environments, ensuring system stability, security, and reliability
• Performed operating system and software upgrades while maintaining platform integrity and minimizing service disruptions
• Designed, deployed, and managed AWS cloud infrastructure, including EC2, S3, EFS, RDS, and related services
• Built and maintained CI/CD pipelines using Jenkins, AWS CodePipeline, GitHub Actions, and GitLab CI
• Managed Git-based development workflows, including GitHub and GitLab runners
• Configured and optimized web infrastructure, including Nginx, Apache, reverse proxies, and load balancing solutions
• Implemented and managed CDN integrations using AWS CloudFront and Cloudflare to improve performance and global content delivery
• Developed backup and disaster recovery solutions using AWS Backup, automated snapshots, AMIs, and rsnapshot
• Built monitoring, alerting, and observability platforms using Prometheus, Grafana, Nagios, CloudWatch, ELK Stack, PagerDuty, and CloudWatch Logs
• Automated operational tasks and infrastructure management through Bash, Python, PowerShell scripting and AWS Lambda
• Containerized applications with Docker and managed Kubernetes workloads using EKS, ECS, and Argo CD
• Provisioned and managed cloud infrastructure using Terraform and Infrastructure as Code (IaC) principles
• Configured and maintained secure VPN solutions, including OpenVPN and WireGuard
• Administered MySQL, PostgreSQL, and MongoDB databases, including performance optimization and maintenance
• Supported Java and Node.js microservices using Maven, AWS CodeArtifact, and AWS CodeBuild
• Implemented static code analysis and quality checks using SonarQube
• Configured and maintained integrations with Solr, Kafka (Amazon MSK), Redis, and third-party platforms
• Implemented AWS WAF protections, including anti-bot and anti-crawling mechanisms for public-facing applications
• Performed technical SEO optimizations and web performance improvements
• Administered and maintained WordPress environments and related infrastructure

Certifications

• AWS - Certified DevOps Engineer – Professional (2026) - Credly

• The Linux Foundation - Certified Kubernetes Administrator (2021) - Credly

• CloudBees - Certified Jenkins Engineer (2018) - CloudBees

Security

• Reported critical security vulnerabilities on web applications to over 100 organizations, including companies listed in Forbes 100 (such as Walmart, Nestlé, Sony) and government institutions, through responsible disclosure and bug bounty programs
• Conducted web application security assessments using Burp Suite Professional, identifying vulnerabilities such as XSS, IDOR, authentication weaknesses, and access control issues
• Performed manual penetration testing of web applications following OWASP Top 10
• Performed vulnerability assessments, attack surface analysis, and security validation using Nessus and custom security testing methodologies
• Performed reconnaissance and attack surface mapping to identify exposed assets, hidden endpoints, and potential attack vectors using industry-standard tools such as Nmap, ffuf, and Subfinder

Certifications

• Hack The Box - Certified Web Exploitation Specialist (2025) - Credly - Achieved a score of 100/100 in a 7-day hands-on web exploitation assessment and delivered a 90-page professional penetration testing report

• Halls of Fame
• Rewards

Platforms

Halls of Fame & Acknowledgements

A selection of public acknowledgments I've received from companies for identifying and reporting security vulnerabilities as part of responsible disclosure programs

Medtronic (2025)

SAP (July 2025, March 2025)

Philips (2025)

Bosch Websites (2025)

PostNL (2025)

Honeywell (2025)

Ericsson (2025)