Alex Wicks

• Own an internal platform spanning Kubernetes, identity, data, and developer tooling for ~100 engineers.
• Ran in-house training courses for our engineers on Kubernetes and our platform, helping them onboard and self-serve.
• Implemented automated internal PKI with ACME and step-ca, establishing TLS for hundreds of applications outside Kubernetes and eliminating manual certificate renewals.
• Migrated Kafka-based logging pipelines onto Kubernetes with Strimzi, cutting ingestion lag from hours to minutes and eliminating node and disk pressure.
• Deployed an on-premises data platform (VAST S3, Hive, Lakekeeper, Trino), replacing Athena to save $200k+/year and improve query performance on exchange data.
• Extended internal Kotlin-based TeamCity CI tooling to standardise delivery for Python and Docker services, reducing boilerplate and adding delivery guardrails.

• Built high-performance bare-metal GPU clusters using NVIDIA H100 and A100 systems for AI training workloads, which included patching Sun Grid Engine for Ubuntu 22.04 compatibility.
• Replaced manual SaaS release processes with a GitOps pipeline supporting blue/green and canary deployments across multiple clusters, reducing release time from days to hours.
• Led a datacentre migration to a new colocation, coordinating infrastructure changes while maintaining service continuity and unlocking power and cooling capacity for newer GPU clusters.
• Designed and implemented hybrid networking from scratch using Megaport and ExpressRoute, alongside split-horizon DNS, to connect cloud and on-premises environments.

• Supported internal AI research and training platforms used by ~50 engineers and ML researchers.
• Managed infrastructure with GitLab CI and Terraform, building reusable modules and Terratest conformance checks for self-service changes.
• Built and operated observability and network diagnostics tooling, including blackbox monitoring, SNMP, and LLDP, improving fault detection and troubleshooting.
• Defined SLIs and SLOs for internal platform components, enabling better on-call prioritisation.

• Created bare-metal Kubernetes clusters with PXE automation and migrated CI/CD workloads to Kubernetes, reducing build times by 40%.
• Designed a Jenkins and Python continuous delivery system that automated previously manual releases and improved repeatability.
• Participated in 24/7/365 on-call and incident response for networking, VMware, Windows, and Linux infrastructure across systems used by ~300 engineers, later transitioning to a follow-the-sun rotation model.

Built an internal Kubernetes operator for declarative management of Keycloak clients, scopes, and AD group mappings — modernising a legacy non-HA Keycloak onto CloudNativePG, Keycloak Operator, Envoy Gateway, and Kerberos/SPNEGO integration.

• Rewrote the operator from Go to Rust — stronger type safety catches configuration errors at compile time, making the codebase safer to evolve.
• Eliminated manual identity configuration through declarative client, scope, and AD group mapping management.
• Automated AD group creation and mapping, replacing ad-hoc scripts with version-controlled configuration.

Python-based golden image pipeline replacing Packer for internal image builds.

• Cut build times from about an hour to five minutes using Ubuntu cloud images and a thin customisation pass.
• Added pytest-based validation to make image builds faster and more reliable.

Dockerized AnyConnect VPN client with automated OTP support, multi-arch images, and CI/CD publishing to three container registries.

• 131 GitHub stars, solving a common pain point for AnyConnect users.
• Multi-arch images (amd64 + arm64) built and published to Docker Hub, GHCR, and Quay.io via automated CI/CD.