Hilman Kurniawan

Responsibilities:

As OVO Migration Buddy:

• Supporting service owner for AWS to GCP cloud migration:
  • Guiding and gathering all the pre-requisite for migration
    • Service discovery documents
    • Network connectivity
    • Identifying possible blockers and provide AIs
  • Guiding the service owner to adopt all Grab Tech Infra Tech Stack
    • Config / Secret Management
    • AWS EKS
    • Istio Service Mesh
  • Supporting Migration Cutoff
    • Suppporting stateful component (SQL, NoSQL DB) cutoff
    • E-W traffic switch/cutoff with Istio Service Mesh
    • N-S traffic switch/cutoff with Cloudflare Load Balancer
    • Idenfying missing downstreams that need to switch/cutoff
    • Cleanup old GCP resources
• Supporting all other migration buddies for their queries

As Service Mesh Platform Engineer

• Building Gitlab pipeline for automated Istio service mesh CRDs generation
• Onboard GKE as istio remote clusters
• First level escalation for all E/W traffic cutoff / Istio related issue in OVO / OVO Financial

Achievements:

• Awarded Grab 2025Q2 CEO Award

Responsibilities:

• Managed 30+ GKE Clusters
• CI/CD with Jenkins, Gitlab, FluxCD
• Config and Secret management with Consul, Google Secret Manager

Achievements:

• Adviced and planned for fixing repeadte GKE IP Exhausted issue
• Reduced GCP Cloud Logging Cost with Cloud Logging Sink Exclusion

Responsibilities:

• Developing Backend for Frontend for Gopay Merchant App using Kotlin and Springboot WebFlux
• Developing Backend for Gopay Merchant App with Kotlin and Springboot WebFlux
• Developing Gopay Merchant App API Client libraries in Java

Projects

• May 2024 - Now

  Enabled Gopay Merchant QRIS generation automation for every merchant name update (Elixir with Exq)

• Jan 2024 - Mar 2024

  Expanded Gopay Spiker order serviceability area with Cartography service

Responsibilities:

• Individual Contributor and lead of a team of 3 junior-mid engineers
• Managed Kong API Gateway ACLs
• Centralized infrastructure as code with Terraform using GitOps for:
  • DNS records management
  • Cloud infrastructure (AWS & GCP)
• Managed CloudFlare products, including CloudFlare Zero Trust, DNS, and WAF
• Standardized golden image creation for VM-based workloads using Ansible and Hasicorp Packer
• Standardized CI/CD pipelines for Jenkins/Gitlab CI:
  • Created reusable CI templates and trunk-based development pipeline stages across the Offline Merchant Services division
  • Developed helm chart templates for CD
• Managed over 10 Kubernetes clusters (KOPS, EKS, GKE) with:
  • Infrastructure observability and monitoring using kube-prometheus-stack (alertmanager, prometheus, grafana, prometheus-operator)
  • Centralized SSL certificate creation and renewal with cert-manager & kubed
  • Centralized application secret management with Vault & Vault Secrets Operator
  • Managed stateful stacks such as Redis and PostgreSQL clusters with Patroni operator
  • Ingress management with ingress-nginx
  • Managed stateful components such as RabbitMQ, Kafka, PostgreSQL, ElasticSearch, and MongoDB

Achievements:

• Migrated Kubernetes clusters from KOPS 1.15 to GKE 1.24
• Awarded GoTo Financial Rising Star (2021)
• Reduced cloud costs by 50% using spot instances
• Migrated all MokaPOS data workloads to AWS EKS Cluster (Elastic Kubernetes Cluster)
• Led infrastructure and application migration to Google Cloud Platform for MokaPOS, including strategy, timelines, implementation documents, CI/CD pipeline templates, helm charts, site-to-site VPN tunnels, and end-to-end visibility for cloud migration
• Acted as a single individual contributor for MokaPOS application migration to Istio stacks and migration to Zero Trust Network Access for internal application access with Teleport, replacing OpenVPN

Responsibilities:

• Prioritized and planned stories for near and long-term tasks
• Interviewed DevOps candidates
• Managed ActiveDirectory and DNS (Windows DNS, Route53)
• Managed AWS Infrastructure

Achievements:

• Centralized AWS IAM changes with GitOps
• Defined and reviewed DevOps hiring processes, including technical interview questions and tests

Responsibilities:

• Managed AWS cloud infrastructure
• Automated CI/CD using Jenkins
• Managed Kubernetes Clusters (AWS EKS)
• Implemented infrastructure as code with Terraform (using Terragrunt as a wrapper)
• Managed Data Pipelines using AWS DMS, S3, RDS, DataStudio to Datalake
• Handled logging with the ELK stack (ElasticSearch, Logstash, Kibana)

Achievements:

• Initiated, designed, and implemented AWS Datalake project (Ms. SQL, DMS, S3, Athena)
• Initiated infrastructure as code with Terraform
• Migrated Fortinet SSL VPN to pfSense OpenVPN

Responsibilities:

• Managed AWS cloud infrastructure
• Automated CI/CD using Jenkins/GoCD
• Managed GitLab and Kubernetes Clusters (AWS EKS, OpenShift)
• Implemented infrastructure as code with Terraform

Achievements:

• Designed and integrated AWS with existing infrastructure (hybrid DNS resolution, VPCs, subnets, NAT gateways, bastion hosts, etc.)
• Upgraded GitLab versions three times

Responsibilities:

• Managed GCP infrastructure
• Automated CI/CD with Jenkins using Ansible
• Automated repetitive tasks with Python/Bash (such as SSH access and firewall management)
• Maintained legacy code
• Reduced infrastructure costs

Achievements:

• Awarded Weekly Hero for identifying and resolving a bug in legacy code

Responsibilities:

• Collaborated with devs and QAs to define SLIs & SLOs for microservices before production
• Wrote custom scripts (Bash, Python) for custom metrics collection
• Configured monitoring agents for over 5000 VMs
• Managed over 1500 SLO monitors with Datadog
• Managed over 300 dashboards for devs and QAs
• Evaluated service descriptions and production readiness of micro-services
• Acted as the first level of escalation for alerts/incidents and prepared post-mortem documentation

Achievements:

• Awarded Weekly Hero for reducing monitoring costs by moving alert notifications to Google Chat

Responsibilities:

• Created ActiveDirectory and Exchange users
• Managed over 2000 antivirus agents across head office and all stores/merchants in Indonesia
• Regularly patched OS/software vulnerabilities
• Managed SMB & NFS shares
• Managed LimeSurvey and NextCloud users & NAS storage
• Managed proxy policies, DNS, and DHCP server
• Conducted physical server upgrades
• Provisioned VMs for developers

Achievements:

• Automated ActiveDirectory and Exchange user creation with PowerShell
• Reduced server costs for local antivirus server updater for all stores/merchants across Indonesia