Skip to content

Instantly share code, notes, and snippets.

@matthenry87

matthenry87/matthenry-resume.md

Last active April 26, 2026 22:45
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save matthenry87/7e7af8d6bcdb568bcf12baf1984457e2 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save matthenry87/7e7af8d6bcdb568bcf12baf1984457e2 to your computer and use it in GitHub Desktop.
Download ZIP
Matt Henry
Raw
matthenry-resume.md

Matt Henry

matthenry87@gmail.com | 303-800-7215 | Highlands Ranch, CO | github.com/matthenry87

Summary

Multi-disciplinary technical leader with 13 years of experience spanning cloud & container security, Kubernetes at scale, observability, software engineering, data infrastructure, and platform architecture. Currently operating hands-on across 10+ disciplines in a single role — from CVE triage and exploitability analysis down to the code path, to production application development, to agentic SDLC design. This breadth of hands-on depth across the full stack is what makes security judgment accurate and actionable — and what enables effective technical leadership across organizational boundaries.

Core Competencies

Cloud & Container Security: Wiz, Sysdig, Snyk, CVE triage & exploitability analysis, secure container supply chain, golden base image management, secure coding practices, principle of least privilege, IAM privilege escalation prevention via service boundaries, cert-manager (full certificate automation with ACME)

Kubernetes & Cloud Platform: 200+ EKS clusters (US & UK), ArgoCD (cluster bootstrapping & app delivery), Cloud Native Buildpacks / kpack, VPC design with transit gateway-worthy security postures, IAM Roles for Service Accounts, Velero backups, custom controllers (CPU Boost for JVM startup)

Observability: Grafana Cloud administration, 200+ OTEL Collectors, OpenTelemetry (app-level & zero-code instrumentation), Splunk O11y, Instana, dashboarding & alerting best practices, custom business key enrichment, Grafana AI assistant & MCP server guidance

Software Engineering: Java 8–25, Spring Boot 4 / Spring Framework 7 (Pivotal/VMware certified), Spring MVC, Spring WebFlux, Spring Security, Spring Data JPA, MapStruct, Kafka, PostgreSQL, GraalVM Native Image, TDD, JUnit 6, Mockito, AssertJ

DevOps & CI/CD: GitHub Actions (custom actions, self-hosted runners without Docker daemon in K8s), Jenkins (custom Groovy), Terraform, kpack image builds, GitOps workflows, SonarQube, container image layering & caching optimization

Data Infrastructure: Apache Kafka (self-hosted, MSK, K8s-hosted; SASL & IAM auth; Kafka Connect & Debezium; non-blocking retry topics; native image Kafka apps; workload autoscaling on topic lag), PostgreSQL DBA (self-hosted, RDS, K8s-hosted; ByteBase GitOps DB automation)

Networking: IPv4/IPv6 subnetting, security groups, ACLs, route tables, DHCP, DNS, Kubernetes NetworkPolicies, CoreDNS, netcat, dig, nslookup, nmap

Architecture: AWS VPC design, transit gateway integration, enterprise system design, architectural standards governance, cross-team technical guidance

AI & Agentic Engineering: Agentic SDLC design, AI-powered security investigations, reusable AI skills authoring, AI code agents, Grafana Cloud MCP server, MCP integrations

Employment

IT Architect Specialist, Global Payments (formerly Worldpay), Denver CO

November 2021 to Present

Single title, 10+ technical disciplines daily — security, Kubernetes, containers, observability, software engineering, DevOps, Kafka, Postgres, networking, cloud architecture, and AI — operating at a depth in each that typically warrants a dedicated team.

Cloud & Container Security

  • Control the container supply chain end-to-end: centrally managed golden base images built with Cloud Native Buildpacks (kpack), Sysdig-scanned for vulnerabilities, with no Dockerfiles in developer hands.
  • Eliminated the Docker daemon from CI runners in Kubernetes, removing a significant container-escape attack surface from the build environment.
  • Fully automated certificate lifecycle across all cloud environments using cert-manager with ACME, backed by complete metrics, dashboarding, and alerting.
  • Hands-on with Wiz, Sysdig, and Snyk — able to quickly determine if CVEs and vulnerabilities are applicable or exploitable given deep familiarity with our systems down to the code level.
  • Perform security investigations and hands-on mitigations without relying on other teams.
  • Prevent IAM privilege escalation in systems that create principals dynamically using service boundaries.
  • Champion and enforce the principle of least privilege across IAM policies, security groups, network ACLs, and Kubernetes RBAC.
  • Leading Wiz rollout via ArgoCD across the Kubernetes fleet.
  • Deep understanding of secure coding practices including log sanitization and proper usage of output encoders.

Kubernetes Administration

  • Manage and maintain over 200 EKS clusters across US and UK regions.
  • Bootstrap clusters via ArgoCD with infrastructure components including ingress controllers, Velero backups, Wiz security agents, and more.
  • Wrote a custom CPU Boost Controller that adjusts CPU requests in-place (without triggering new pods) during JVM startup, solving a problem where unaccounted-for CPU spikes from multiple pods starting simultaneously would compromise node stability and starve existing workloads.
  • Promote and enforce heavy usage of IAM Roles for Service Accounts across all workloads.

AI & Agentic Engineering

  • Member of the Agentic Practices - Engineering team, defining the organization's agentic SDLC with a target of 80% of code written by AI agents.
  • Perform AI-powered security investigations, using agents to accelerate CVE triage, exploitability analysis, code-level root cause identification, and remediation.
  • Author reusable AI skills and agent instructions that codify engineering best practices, enabling other engineers to consistently replicate agentic workflows at scale.
  • Guide adoption of Grafana Cloud MCP server and AI assistant for AI-assisted observability operations.

Observability

  • Administrate Grafana Cloud (migrated from self-hosted Grafana + Prometheus).
  • Deploy and manage over 200 OTEL Collectors across the Kubernetes fleet, shipping telemetry data to Grafana Cloud, Splunk O11y, and Instana.
  • Guide SRE/SRO teams on dashboarding, alerting best practices, and usage of Grafana Cloud AI assistant and MCP server for AI agents.
  • Expert in both application-level and zero-code OpenTelemetry instrumentation, with guidance on enriching metrics and traces with custom business keys.

DevOps & CI/CD

  • Administrate self-hosted GitHub Actions runners in Kubernetes; runner images are self-service via GitOps and automatically kept current with GitHub Actions releases.
  • Developed custom GitHub Actions for kpack image builds and Snyk security scans.
  • Custom Jenkins Groovy scripts for container image build pipelines.
  • Leverage Terraform for infrastructure-as-code provisioning and management.
  • Provide mentorship and technical guidance to DevOps team members.

Software Engineering & Architecture

  • Pivotal/VMware certified Spring Professional Developer. Facilitate development best practices across teams, enabling them to deliver value faster while writing a fraction of the code.
  • Developed custom Spring Boot starters that automatically enact enterprise standards around logging and exception handling — adopted by Enterprise API, Launchpad, Payfac, iQ, Disputes, and other teams.
  • Built FX Trade Service — delivered ahead of schedule in Q1 2026 with a team of 3 developers. Re-wrote Payfac Submerchant Boarding API. Worked on Disputes APIs (chargebacks, Mastercom integration) and Launchpad APIs.
  • Re-wrote BEN (Business Event Notification) framework and migrated to AWS. Built Kafka-powered self-certification back-end.
  • Created IP Boarding business process orchestration POC with Flowable.
  • Keeping current with GraalVM Native Image and emerging JVM technologies.

Kafka Administration

  • Administrate self-hosted, MSK, and Kubernetes-hosted Kafka clusters with SASL and IAM authentication.
  • Advanced administration including partition rearrangement, cluster resizing, and consumer tuning.
  • Expert in Kafka Connect and Debezium ecosystem. Pioneered native image Kafka applications and non-blocking retry topics.
  • Provide technical guidance to EDIA Kafka project on proper use of logical types and best practices.
  • Full observability on brokers and Kafka applications with workload autoscaling driven by topic lag.

Postgres DBA

  • Administrate self-hosted, RDS, and Kubernetes-hosted PostgreSQL databases.
  • Deployed ByteBase for database change automation via GitOps.

Networking

  • Design and construct AWS VPCs with security postures suitable for transit gateway attachments.
  • Manage security groups, ACLs, route tables, Kubernetes NetworkPolicies, and CoreDNS configuration.

Architecture & Leadership

  • Oversaw EFOS buildout in collaboration with McKinsey consultants.
  • Participate in architectural standards discussions, providing the voice of the hands-on engineer to minimize decisions that negatively impact code quality and maintainability.
  • Provide general technical guidance to all teams supported.

Sr. Software Engineer, GutCheck, Denver CO

December 2019 to November 2021

  • Implemented microservices back-end for single page application deployed in AWS.
  • Implemented dynamic authorization based on role/access data using Spring Security and AOP.
  • Implemented search engine using ElasticSearch and Apache Kafka with Connectors.
  • Taught Spring/Spring Boot best practices, maximizing framework leverage to allow developers to focus on business logic.
  • Practiced and taught TDD using red/green/refactor pattern. Promoted continuous refactoring enabled by strong test coverage.
  • Mentored developers through pair programming and meticulous pull request reviews.

Sr. Software Engineer/Lead, Worldpay, Denver CO

October 2018 to November 2019

  • Containerized applications, moving the team away from WebSphere and stand-alone Tomcat. Drove adoption of OpenShift (OKD) and Private Cloud on OpenStack.
  • Built CI/CD pipelines using OpenShift, Jenkins Pipelines, SonarQube, and Newman.
  • Developed custom Spring Security implementation for bearer token authentication using SAML assertions.
  • Led team in designing decoupled RESTful APIs, adopting paired programming, and achieving 80% test coverage across multiple projects.
  • Implemented and demoed Spring Cloud Config and Spring Cloud Contract to other teams.

Sr. Software Engineer, PipelineRx (Bridgeview IT), Denver CO

April 2018 to September 2018

  • Led Microsoft SQL Server to AWS RDS PostgreSQL migration.
  • Created Spring Boot microservices and maintained microservice Maven archetype.
  • Administrated development AWS infrastructure. Full-stack delivery including React/Redux front-end work.

Software Engineer, Sykes Enterprises, Denver CO

July 2014 to April 2018

  • Developed and maintained Struts 2 web application, in-house Softphone Java Applet, and Bash/Perl back-end processing scripts.
  • Led development team in creation of new payroll portal application.

Associate Consultant, Intelenex, Denver CO

July 2013 to July 2014

  • Java and .NET integration development. Developed first-ever Taleo to Fusion HCM integration.
  • Gathered client requirements and maintained documentation.

Education & Certifications

Metropolitan State University of Denver Bachelor of Science, Computer Science, Mathematics Minor — May 2014

Pivotal/VMware Spring Professional Certification — November 2020 Credly Badge

Pivotal/VMware Spring Cloud Developer Training — October 2019 Completed during SpringOne Platform Conference

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment