Stepan Stipl

Principal-level Cloud Architect and Platform Engineer with 15+ years of experience and focus on designing and building secure cloud environments at scale. Deep hands-on expertise in Kubernetes and DevSecOps, designing and building CI/CD pipelines and integrating security practices and tooling into SDLC. Certified GCP/AWS Cloud Architect and Kubernetes Security Specialist (CKS) with a proven track record of hardening clusters in regulated financial environments and leading incident response.

Principal Cloud & AI Architect at Analog Future (2024-01 – Present)

Principal-level architecture and leadership for GCP/AWS/GKE/Kubernetes platforms with focus on security, reliability, and scalability.

• Led GCP/AWS/GKE/Kubernetes architecture and production readiness reviews, identifying and remediating security, reliability, and scalability gaps in customer environments. Cost Optimization (FinOps).
• Developed and integrated AI coding agents into CI/CD pipelines, automating infrastructure reviews and quality checks, developed ML-based tools for security monitoring.
• Designed and delivered bespoke trainings on GCP, GKE, Kubernetes and Terraform.
• Led design and development of production-grade Generative AI platforms and agentic workflows using Vertex AI and Gemini, built multi-agent systems and MCP protocol servers.

Senior Cloud Architect at DoiT International (2020-01 – 2023-12)

Architecture and security reviews for enterprise customers on GCP and AWS with focus on hardening multitenant Kubernetes clusters.

• Led architecture and security reviews for enterprise customers on GCP and AWS, hardening multitenant Kubernetes clusters and identifying critical security gaps.
• Provided hands-on deep technical support and led incident response for complex security and scalability issues on GKE, performing root cause analysis and implementing preventative controls.
• Designed and implemented Terraform-based standards framework for cloud infrastructure, ensuring consistent application of IAM, RBAC, and network isolation policies across hundreds of projects.
• Developed automated security scanning and cost optimization tools for cloud-native environments, reducing operational risk and spend for high-growth startups.
• Consulted on deployment and operations of multi-cloud and multi-cluster service mesh connectivity, on-prem K8s deployments, use of CDN and Cloud Armor.
• Introduced and developed tooling for just-in-time least privilege access to customer environments, improved security of DoiT support platform.

Senior Google Cloud Architect at MediaMarktSaturn Retail Group (2018-09 – 2019-08)

Lead GCP architect for enterprise cloud adoption with security governance focus for multi-tenant platform.

• Lead GCP architect for enterprise cloud adoption, defining security governance and architecture best practices for a multi-tenant platform spanning hundreds of projects.
• Established architecture forums and mentored teams on secure GCP adoption, focusing on IAM least-privilege, VPC Service Controls, and GKE hardening.
• In collaboration with security teams, designed and deployed multi-cloud Forseti-based security platform.
• Optimized cloud telemetry and observability, reducing operational spend by 30% through improved resource utilization.

Cloud Architect at Lloyds Banking Group (2018-01 – 2018-06)

Architected and led delivery of multi-region Kubernetes platform for regulated financial workloads.

• Architected and led the delivery of a multi-region Kubernetes platform for regulated financial workloads, adhering to strict banking security standards and PCI-DSS requirements.
• Implemented multi-tenant security through network policies, RBAC, and automated safety checks within CI/CD pipelines, ensuring high-frequency deployments remained secure.
• Guided engineering teams through containerization and cloud-native transformation, focusing on secure networking and identity management in a hybrid-cloud environment.

Head of Infrastructure at CheckRecipient (2017-06 – 2017-12)

End-to-end infrastructure and security operations for AI-driven email security platform.

• Owned end-to-end infrastructure and security operations for an AI-driven email security platform.
• Led the migration from Heroku to AWS (ECS) using fully codified infrastructure (IaC), implementing robust monitoring, alerting, and incident-response processes.
• Built the DevOps team and established operational security standards for protecting highly sensitive customer data.

Selected senior contracts (summary) at Multiple (Tesco, Sky, Solera, Yoti) (2015-01 – 2017-05)

Various senior infrastructure and platform engineering contracts.

• Designed and implemented scalable, secure infrastructure for high-volume platforms (500k+ tx/min), ensuring minimal downtime and robust data protection.
• Built MLOps and data pipelines for distributed applications, ensuring secure model retraining and inference at scale and reduced cycle time from weeks to hours.
• Architected and implemented on-prem, multi-cluster Kubernetes-based platforms.

Administration & Operations at Sun Microsystems, Hewlett-Packard, Probability Systems (2006-01 – 2014-12)

Early career infrastructure and operations roles across media, finance, and enterprise IT environments.

• Administration & Operations roles across media, finance, and enterprise IT environments.
• Developed strong foundations in Linux, networking, and production operations that underpin current Kubernetes security and platform architecture work.

Bachelor of Science (B.Sc.) in Computer Engineering & Software Technology – Czech Technical University in Prague (2006-01 – 2010-12)