Skip to content

Yosef's Personal Site

Navigation

© 2026 Yosef Adi Sulistyo

Cloud-Agnostic EngineerIT Infrastructure ArchitectIoT Enthusiast

Platform Engineer & DevSecOps Lead | Hybrid Cloud-on-Premise Architecture | Production Networking

Platform Engineer and DevSecOps Lead with 3+ years of experience designing and operating IT infrastructure for production-grade environments. Currently leading the DevSecOps team at PT Synapsis Sinergi Digital — handling HCI-based infrastructure, multi-cloud platforms (AWS, GCP, AliCloud, Oracle Cloud, Huawei Cloud), bare-metal Kubernetes clusters, and developer experience improvements in agile settings.

downloadDownload Full CVGet in Touch
Yosef Adi Sulistyo

Yosef Adi Sulistyo

Expertise & Tooling

Skills & Technologies

layers

Infrastructure

Proxmox VECephKubernetes (K8s / GKE)DockerHCI (Hyper-Converged)
cloud

Cloud Platforms

GCP (GKE, GCE, Cloud SQL, Cloud NAT, Cloud IAP, KMS, Workload Identity)AWS (EKS, EC2, S3, RDS)Oracle CloudAliCloudHuawei Cloud
security

DevSecOps & IaC

OpenTofuTerragruntArgoCDGitLab CIGitHub ActionsSemaphoreHashiCorp VaultGrypeCrowdSec
widgets

Networking

SDNIPv6 / NAT64 / NAT44Site-to-Site VPNTraefikNginxCrowdSec IPSCloud Firewall
widgets

Programming & Databases

GoPythonBashAnsiblePostgreSQLQuestDBMongoDBRedis
widgets

Monitoring & Observability

GrafanaLokiELK StackGCP Managed PrometheusCloud Logging / Monitoring

Professional Experience

Work History

DevSecOps Engineer Lead

Sep 2024 – Present

PT Synapsis Sinergi Digital

Leading the DevSecOps team in architecting and maintaining hybrid-cloud and on-premise infrastructure for production-grade environments.

  • Designed HCI-based IT infrastructure using Proxmox VE and Ceph Distributed Storage.
  • Designed and provisioned end-to-end GCP infrastructure using OpenTofu + Terragrunt: multi-VPC topology (Database, App, Ingress-Egress VPCs with bidirectional peering), multi-cluster GKE (app, db, dms) with private nodes, Workload Identity, Shielded Nodes, Managed Prometheus; GCE instances (NAT gateway, GitLab Runner, FleetDM, Flipt); Cloud SQL; Google KMS for Vault auto-unseal; Cloud NAT; Cloud IAP for zero-public-IP SSH; and site-to-site VPN to on-premise.
  • Implemented company-wide SSO using Microsoft Entra ID.
  • Evaluated Oracle Cloud, AliCloud, and Huawei Cloud for client digital transformation projects.
  • Defined and led team implementation of SDN across company infrastructure.
  • Reduced operational costs by migrating dev infrastructure from cloud VMs to bare-metal Kubernetes and transitioning from IPv4 to IPv6 with Cloud NAT (NAT64/NAT44).
  • Developed internal tooling in Go and Python to optimize CI/CD pipelines and resolve infrastructure issues.
  • Built customized OCI container base images, reducing image size and improving security posture.
  • Defined KPIs, SOPs, and business processes for the DevSecOps team.

DevSecOps Engineer

May 2023 – Aug 2024

PT Synapsis Sinergi Digital

Led team GitOps implementation and migrated infrastructure from public cloud to colocated bare-metal to reduce operational costs.

  • Led DevSecOps team in implementing GitOps principles using Ansible, Semaphore, ArgoCD, and GitLab CI.
  • Migrated infrastructure from public cloud VM instances to colocated bare-metal servers via Proxmox VE.
  • Proposed and deployed production infrastructure on AWS (EKS, EC2 ARM, S3, RDS/PostgreSQL) in ap-southeast-1, optimizing cost-to-performance with ARM-based CPUs.
  • Maintained self-managed Kubernetes clusters for production deployments.

DevOps / Site Reliability Engineer

Dec 2022 – Apr 2023

PT Synapsis Sinergi Digital

Built CI/CD pipelines with integrated security scanning, deployed Kubernetes clusters, and established monitoring and security infrastructure.

  • Built CI/CD pipelines using GitLab CI with integrated vulnerability scanning (Grype) and automated release tagging.
  • Deployed and managed unmanaged Kubernetes clusters with Traefik Ingress Controller and ArgoCD.
  • Configured Loki + Grafana monitoring stack for a Golang (GoFiber) backend.
  • Set up Proxmox VE for bare-metal servers and configured NAT networking for VPS workloads.
  • Integrated HashiCorp Vault for secrets management; set up a multiprotocol VPN server.
  • Implemented an Intrusion Prevention System (IPS) using CrowdSec.
  • Conducted load testing with k6 to size Kubernetes production cluster nodes.

Education & Certifications

Background

Education

Bachelor of Electrical Engineering

Universitas Gadjah Mada (UGM)

Sep 2020 – Jul 2024

GPA: 3.72 / 4.00. Focused on embedded systems and computer networks.

Math and Science

SMA Negeri 3 Yogyakarta

2017 – 2020

Certifications

EF SET English Certificate — 76/100 (C2 Proficient)TOEFL ITP — 607/677 (C1, valid until Jun 2026)Hurricane Electric IPv6 Professional

Featured work

Recent Projects

Selected work from the portfolio.

OpenTofuTerragruntGCP (GKE, GCE, Cloud SQL, Cloud NAT, Cloud IAP, Google KMS)

GCP Multi-Cloud Infrastructure with OpenTofu + Terragrunt

Infrastructure Architecture + IaC

End-to-end GCP infrastructure provisioning using OpenTofu and Terragrunt — multi-VPC topology, multi-cluster GKE, Workload Identity, site-to-site VPN, and zero-public-IP access via Cloud IAP.

January 1, 2025

View project
Proxmox VECephKubernetes

Bare-Metal HCI & GitOps Platform

Infrastructure + DevSecOps

Hyper-Converged Infrastructure built on Proxmox VE and Ceph, running self-managed Kubernetes clusters with GitOps delivery via ArgoCD — replacing costly cloud VMs while maintaining production-grade reliability.

January 1, 2024

View project

Latest writing

From the Blog

Recent articles and notes.

kubernetesgitopsargocd

GitOps with ArgoCD on Self-Managed Kubernetes

3 min read

A practical account of adopting GitOps principles on bare-metal Kubernetes using ArgoCD, GitLab CI, and Ansible — and why the discipline matters more than the tooling.

April 10, 2026

Read article
networkingipv6gcp

IPv6-First Infrastructure with NAT64/NAT44 on GCP

2 min read

How switching from IPv4 subscriptions to an IPv6-native model with Cloud NAT (NAT64/NAT44) cut infrastructure costs and simplified the network — without breaking IPv4 reachability.

April 1, 2026

Read article

Let's build something together.

Reach out for project inquiries, technical collaborations, or just a coffee chat.

Get in touchRead the blog