Matthew DuncanPlatform Engineer
Profile

Site Reliability Engineer (SRE) / Platform Engineer Specialized in Automation and Infrastructure as Code with a track record of managing multi-cloud environments (AWS, Azure, Nutanix).

Deep expertise in Kubernetes orchestration, CI/CD pipelines, GitOps, and system hardening.

Actively bridging the gap between Web2 and Web3 by developing high-performance edge solutions using Rust, Motoko, and Cloudflare Workers.

Committed to open-source innovation, with active contributions in NixOS flakes, tooling, secure container images, and AI-driven chatbots.

Dedicated to reducing operational toil and optimizing cost-efficiency through rigorous engineering standards.

Work Experience

Confidential Federal Client (Cyber Security)

Senior Platform Engineer (Contract)
07/2023 – Present | Remote (APAC)
  • Deployed to a high-security federal agency to engineer the foundation of a private cloud platform, working within strict compliance and air-gapped constraints.
  • Architected a private cloud Kubernetes Platform as a Service (PaaS) for a federal client, leading a critical migration from legacy VMware infrastructure to Nutanix Cloud Platform (NCP).
  • Engineered immutable infrastructure solutions using Talos Linux and Cilium (eBPF), establishing a hardened, secure-by-default environment suitable for high-compliance workloads.
  • Developed custom automation tooling and CLI utilities using Rust and Python to streamline cluster bootstrapping and reduce deployment times.
  • Tech Lead for the Modernisation "Skunkworks" team, evaluating emerging technologies to define the organization's strategic 3-year technical roadmap.
  • Implemented a comprehensive Infrastructure-as-Code (IaC) library using Terraform and Pulumi, creating reusable "Landing Zones" for Nutanix and automated provisioning for GitHub Enterprise and Artifactory.
  • Created automation for reproducible Ping Identity environments empowering developers to test changes rapidly.

    • Tech Stack: Kubernetes (Talos/​Tanzu/​NKP), Rust, Nutanix (AHV/​NCP), Talos Linux, Cilium, Terraform, Pulumi, Python.

    1 / 5

    VMware⁠

    Tanzu Kubernetes Specialist (Contract)
    01/2023 – 07/2023 | Remote (APAC)
  • Designed and implemented a greenfield Enterprise Kubernetes PaaS (Tanzu) for a federal client, translating ambiguous requirements into a production-ready architecture.
  • Engineered an Internal Developer Platform (IDP) to empower low-code teams, reducing deployment friction and enabling self-service application management.
  • Developed custom automation and operational tooling using Rust and Python, bridging gaps in the native toolchain to streamline cluster lifecycle management.
  • Integrated the full Tanzu suite (TKG, Aria) with NSX Advanced Load Balancer, creating a seamless networking layer for containerized workloads.
  • Delivered immediate value and platform stability, resulting in a direct contract offer from the federal client to continue leading the modernization initiative.

    • Tech Stack: Tanzu Kubernetes Grid (TKG), Aria Automation, NSX Advanced Load Balancer (Avi), Rust, Python, Carvel, Linux.

    DXC

    Site Reliability Engineer (Contract)
    01/2022 – 12/2022 | Remote (APAC)
  • Architected and maintained the core automation framework for a "VMware on AWS" hybrid cloud solution, serving as the sole engineer responsible for the CI/​CD pipelines and Ansible templating engine.
  • Engineered a "meta-automation" strategy for Ansible Automation Platform (Tower), writing reusable roles and playbooks that standardized infrastructure deployment for the wider engineering team.
  • Developed a custom Python API middleware to bridge a critical gap between VMware vRealize Automation (vRA) and GitLab, enabling event-driven provisioning where no native solution existed.
  • Led the technical execution of a strategic platform pivot, refactoring the entire Kubernetes infrastructure stack from scratch mid-project to meet evolving client security and architecture requirements.
  • Partnered closely with VMware Professional Services to optimize the Tanzu deployment, resulting in a direct recruitment offer from VMware for the subsequent engagement.
  • Standardized application delivery by implementing Semantic Versioning and Carvel packaging, reducing deployment failure rates by 30%.

    • Tech Stack: Ansible Automation Platform (AAP), Python, VMware vRA, GitLab CI, Amazon EKS, VMware Tanzu (TKG), Terraform, Carvel.

    Red Hat

    Senior Site Reliability Engineer (Contract)
    05/2021 – 12/2021 | Remote (APAC)
  • Served as a Core Backend Engineer for Open Innovation Labs, developing the "LodeStar" engagement platform—a mission-critical Internal Developer Platform (IDP) for global field consultants.
  • Engineered the automated provisioning logic for ephemeral OpenShift clusters, enabling Professional Services teams to spin up fully configured "SRE-in-a-box" training environments on demand.
  • Developed custom backend features in Python/​Ansible to automate the lifecycle of complex distributed systems, reducing cluster setup time from days to minutes.
  • Implemented a GitOps-driven delivery model using ArgoCD and Kustomize, ensuring that client-facing training environments were reproducible, version-controlled, and self-healing.
  • Maintained the reliability and scalability of the internal tooling suite, directly supporting the delivery of high-value DevOps transformation residencies for enterprise customers.

    • 2 / 5

    Tech Stack: Red Hat OpenShift, OpenStack, Ansible, Jinja, Python, AWS, ArgoCD, Kustomize, GitOps.

    DXC

    Senior Site Reliability Engineer (Contract)
    02/2021 – 04/2021Canberra, Australia (Hybrid)
  • Architected the Infrastructure-as-Code (IaC) foundation for a secure Azure Stack Hub platform, designing reusable Terraform Landing Zones to support compliant government workloads.
  • Engineered a "Docs-as-Code" knowledge platform to host the "SysAdmin to DevOps" curriculum, utilizing Hugo and GitHub Pages to deliver high-availability technical documentation to internal teams.
  • Led a technical upskilling initiative, using the custom documentation platform to transition legacy operations teams toward modern CI/​CD, Git-based workflows, and automation practices.
  • Delivered a comprehensive Azure Kubernetes Service (AKS) Proof-of-Concept (PoC), technically validating the feasibility of hybrid-cloud container orchestration for secure environments.
  • Note: Re-engaged by DXC for a lead role in 2022 based on performance during this initial contract, which ended early due to client funding shifts.

    • Tech Stack: Azure Stack Hub, Azure Kubernetes Service (AKS), Terraform, Hugo, GitHub Pages, Docs-as-Code.

    Auth0

    Senior Systems Engineer (Contract)
    09/2020 – 01/2021 | Remote (APAC)
  • Recruited to a specialized infrastructure squad to execute critical stability and upgrade initiatives for the Auth0 Platform-as-a-Service (PSaaS) ahead of the company's acquisition by Okta.
  • Engineered automation workflows using SaltStack and created custom internal tooling with Golang.
  • Executed complex, zero-downtime infrastructure upgrades for live enterprise tenants, directly supporting the "Acquisition Readiness" technical roadmap.
  • Standardized operational rigor by authoring definitive runbooks for Managed Systems Engineers (MSEs) and serving in the global Site Reliability Engineering (SRE) on-call rotation.
  • Note: Successfully concluded the contract objectives to stabilize the environment prior to the finalized integration with Okta.

    • Tech Stack: Auth0, Golang, AWS, Terraform, Kubernetes, Datadog, PagerDuty, RabbitMQ.

    GitHub⁠

    Advanced Security Platform Engineer (Permanent)
    04/2020 – 09/2020Remote (APAC)
  • Engineered platform reliability solutions for the LGTM Enterprise suite, the core static analysis engine that evolved into GitHub Advanced Security (Code Scanning).
  • Developed high-fidelity issue replication tooling using Golang and Pulumi, enabling the engineering team to isolate complex CodeQL query failures in customer-simulated environments.
  • Architected the operational support framework for the newly formed Advanced Security vertical, mentoring Enterprise Support Engineers on Kubernetes-based deployment debugging.
  • Optimized the storage layer for code analysis utilizing MinIO and RabbitMQ, ensuring scalable processing of large monolithic repositories.
    • 3 / 5
  • Note: The LGTM product was strategically sunsetted to integrate its core technology directly into GitHub.com (Code Scanning), concluding the team's mandate.

    • Tech Stack: GitHub Enterprise, Golang, CodeQL, Kubernetes, Pulumi, MinIO, RabbitMQ, Debian, Rust.

    07/2019 – 03/2020Canberra, Australia (Onsite)
  • Deployed to a high-security federal agency to engineer the foundation of a private cloud platform, working within strict compliance and air-gapped constraints.
  • Led the technical evaluation and Proof-of-Concept (PoC) for Kubernetes adoption, specifically assessing VMware Project Pacific (pre-Tanzu) to define the agency's future containerization strategy.
  • Engineered automated configuration management pipelines using Ansible and Ansible Tower, standardizing server hardening and application deployment across the fleet.
  • Architected and managed MinIO object storage clusters, providing a scalable, S3-compatible storage layer for internal development teams.
  • Developed custom automation using Python and Shell scripting to bridge gaps between legacy infrastructure and modern CI/​CD tooling like Rancher and Artifactory.

    • Tech Stack: VMware vSphere, Ansible Tower, Kubernetes, Rancher, MinIO, Python, Red Hat Enterprise Linux (RHEL), Artifactory.

    4 / 5
    Skills
    Cloud & Virtualization
    • AWS, Azure, Nutanix (AHV/​NCP), VMware (vSphere/​vCF).
    Infrastructure as Code
    • Terraform, Pulumi, SaltStack, Nix/​NixOS, Ansible, Ansible Automation Platform (Tower).
    Containerization
    • Kubernetes (Tanzu, EKS, AKS, Talos), Docker, Cilium (eBPF), Helm, ArgoCD.
    CI/CD Release Engineering
    • GitLab CI, GitHub Actions, Jenkins, Carvel (ytt/​kapp), Semantic Versioning (semver) and Calendar Versioning (calver).
    Development
    • Go (Golang), Rust (Tokio/​Actix), Python, WebAssembly (Wasm), Motoko, Bash/​Shell Scripting.
    Observability & Monitoring
    • Datadog, Splunk, Prometheus, Grafana, PagerDuty, Fluent-bit.
    Identity & Security
    • Authentik, Keycloak, Auth0, Workspace ONE, OIDC/​SAML, CodeQL, Trivy, Sysdig.
    Blockchain
    • Prototyped DApps on the Internet Computer (ICP)
    • Node operator for Avalanche, Chia, StorJ and ThreeFold Networks
    Certifications and Professional Development

    Web3 & Blockchain

    Code and State
    2022 – 2023 | Remote
  • Motoko Bootcamp (Internet Computer /​ Wasm) - Code and State

    • Kubernetes

    Linux Foundation
    2019 – 2023 | Remote
  • Certified Kubernetes Administrator (CKA)
  • Certified Kubernetes Application Developer (CKAD)
    • 2018 – 2019 | Remote
  • SaltStack Engineering at Scale
  • SaltStack Open Source Foundation and Best Practices

    • Development

    Udemy
    2020 – 2020 | Remote
  • Advanced Rust Programming & Systems Engineering Training
  • Ultimate Rust Programming
    • 5 / 5