s34nj0hn.dev

Sean Johnson

Platform Engineer focused on DevOps, DevSecOps, and Kubernetes platform engineering. Currently building secure multi-cloud delivery paths at F5.

This portfolio is a live window into my Kubernetes reference cluster. Metrics are pulled in real-time through a Cloudflare Worker, demonstrating the observability and security boundaries of a rebuildable GitOps platform.

Live SignalGitOps Source

Cluster Heartbeat

Connecting...

Nodes

Pod Status

CPU

Memory

Cluster Uptime

Policies

Violations

Infrastructure Map

Interactive view of the reference platform from Git commit to public telemetry.

CONTROL →SIGNAL →GHGitHub RepoFXFluxCDK3sK3s ReferenceOPAGatekeeperPRPrometheusGFGrafanaTUNCF TunnelAPIWorker API

Security Architecture

A narrow public telemetry path: GitOps controls the platform, policy guards the cluster, and the browser only sees sanitized aggregate health.

Public Git Source

L1

Reference platform state is reviewed and rebuilt from GitHub

Flux Reconciliation

L2

Cluster controllers apply only the declared GitOps state

OPA Gatekeeper

L3

Admission policies enforce labels and privileged-container guardrails

Private Metrics Backend

L4

Prometheus and Grafana stay internal behind a Cloudflare Tunnel

Sanitized Worker API

L5

The browser receives aggregate JSON, never raw PromQL or inventory

Experience

Cloud Security Engineer

Aug 2024 — Present
F5 Distributed Cloud | Seattle, WA
  • Manage WAF and identity policies (SAML, OAuth) for 100+ enterprise customers across multi-cloud environments.
  • Drive programmatic policy changes via API for auditable, consistent security configurations.
  • Design secure delivery architectures translating compliance requirements like NIST and FedRAMP into deployable controls.
  • Lead incident response for managed security controls, strengthening policy via cross-environment attack pattern analysis.

Security Engineer, App Delivery & Identity

Oct 2016 — Aug 2024
F5 | Seattle, WA
  • Engineered SAML, OAuth, and Kerberos federation on F5 APM as a zero-trust gateway with adaptive MFA.
  • Designed Advanced WAF policies covering OWASP Top 10, bot defense, and behavioral analysis.
  • Authored 100+ KCS articles deflecting 20,000+ support cases (estimated $12M in savings).
  • Early adopter for BIG-IP Next (Kubernetes) and r-Series, maintaining full operational workload.

Infrastructure Operations Engineer

Jan 2014 — Mar 2016
Covestic (Microsoft) | Redmond, WA
  • Provided Tier 2–3 infrastructure support for Xbox Operations Center.
  • Maintained global service availability for Xbox Live serving millions of users.

Technical Stack

Identity & Access

SAMLOAuth/OIDCKerberosActive DirectoryAzure ADOktaRBAC

DevSecOps

AWSAzureGCPWAFMulti-cloud ArchitectureVPC DesignSecurity Groups

Infrastructure

KubernetesK3sDockerTerraformHelmGitOps/FluxCDCI/CDCloudflare TunnelsOPA Gatekeeper

Security Operations

SIEMIDS/IPSIncident ResponseVulnerability AssessmentThreat Analysis

Observability

PrometheusGrafanaCloudflare WorkersPublic Telemetry

Compliance

SOC 2PCI DSSNISTISO 27001FedRAMP