Nelson Araujo's Resume {.detailed}

Nelson Araujo’s Resume

Head of Engineering

linkedin.com/in/nelsonjr

About Me

My best work is to make change happen. I change people’s minds, processes, and designs. Making change happen is my job.

I help companies solve complex problems.

At all times with a 3 to 5-year target horizon helping reimagine and deliver products and services.

Run large organizations, build and nurture teams, striving to improve team productivity and morale.

Highly technical and motivated, go-getter by nature. Build and nurture teams of Engineers, collaborating with all departments of the company. I quickly become the go-to person in the fields I’m an expert in and share my knowledge freely. I firmly believe that a strong team capable of delivering on its own is critical for company success.

Build, lead, and oversee the design and implementation of various large, complex systems throughout my career.

Striving to innovate and disrupt, I have 15 patents (various I am solo inventor.)

Highlights

Work Experience

Sourcegraph (2023 - present)

Head of Engineering, Core and Dev Infrastructure and Platforms

Engineering leader for the Infrastructure team, responsible for all aspects of Core Infrastructure and Developer Infrastructure and Platforms.

My responsibilities span across four primary areas:

  1. Improve and ship high-quality/secure/fast software
  2. Provide engineers with highly efficient developer workflow tooling and processes
  3. Management of our cloud infrastructure, budget, and operations
  4. Reimagine, develop and support our AI/ML infrastructure to power Cody (developer AI assistant)

Owner of Cloud Infrastructure:

  • GCP and AWS: responsible for all aspects of budgeting, provisioning, security, and deployment/operations.
  • Compute, Storage, Data: management of cloud-based customer environments, databases, and data storage.
  • Kubernetes: clusters responsible for all production environments.
  • Networking: inter-cloud connectivity, internal routing, CloudFlare, and customer private links.
  • Security: working closely with Security teams to achieve high-level of compliance for highly sensitive customer data handling, i.e., SOC 2.

Owner of Developer Infrastructure:

  • Build, test, release: Bazel, Redis, “sg tool” (internal tooling)
  • Automation, logging, operations: OpsGenie, Entitle
  • Deployment: Terraform, Buildkit, “executors” (customer-sandboxed [against evil code] source code analyzer)

Owner of AI Infrastructure:

  • Host/Deploy/Monitor/Audit Cody’s services
  • Expose API to third-party services, such as IntelliJ
  • Training and update of AI models
  • Integration with both third-party commercial and customer-owned LLM providers

Indeed (2020 - 2023)

Senior Director of Engineering: Candidates, Resume, Platform (2021-2023)

In November 2021 my responsibilities expanded to include Candidates Management, Interviews (online, phone, and in-person), Resume Search, Qualifications, Messaging, while continue leading the Platform group.

Organization of 300+ directs (500+ combined), responsible for $XB/year revenue generating products.

I delivered massive gains in Operational Excellence, revamped and improved the Candidate Management experience for Indeed’s employer customers, and unlocked new scenarios based on technologies envisioned.

Senior Director of Engineering: Platform (2020-2021)

My primary responsibilities as Sr. Director of Engineering are to reimagine how Indeed operates, improve its development practices, security, performance, reliability, and create the proper conditions to move Indeed to the public cloud.

Responsible for all Platform delivery for the SMB GM area (Small & Medium business customers), responsible for >50% of Indeed’s revenue.

Manager of a large organization (100+), my group designs and delivers the infrastructure that powers employers.indeed.com as well as its security policies and guidelines:

Security & Compliance

  • Security guidelines definition, detection, and prevention. Integration with various third-party systems (AWS Security Hub, LogicGate, Tenable)
  • Working in tandem with Indeed-wide security group, defining and applying security policies to SMB systems
  • Responsible for the certification of SMB with various regulatory bodies: CIS 20, GDPR, JSOX, and its parent company fiduciary requirements,

Developer Infrastructure

  • Front-end serving infrastructure services, libraries, build, testing, accessibility, and security.
  • Back-end serving infrastructure for employers.indeed.com
  • Creation, curation, and serving infrastructure of 1000’s content pages to marketing indeed.com/hire/resources, including workflows with third-party content creators.
  • Improvements of Indeed developer pipeline, reducing delivery time, and increasing developer NPS.
  • First-mover to public cloud at Indeed.

Data Infrastructure

  • Oversee the processing and delivery of business-critical data to senior leadership and partner teams
  • Deliver the workflow system to process large amounts of data from heterogeneous sources (HDFS, S3, MySQL, Aurora, Athena)

Grab (2018 - 2020)

Head of Engineering

Manager of managers. Manage teams (25+ Engineers) in two time zones (Seattle and Singapore), responsible for the online data stores, search, cache, DaaS (Data As A Service), and Data Governance.

My teams are responsible for various production systems at Grab. I have a deep understanding of production environments, deep cross-team collaboration with (all) product teams, and a grasp of all phases of the product development lifecycle. Work in close cooperation with the TPM team on production schedules and budget allocation.

  • Manager of the team responsible for producing online data stores of Grab, encompassing RDS, Cassandra, ScyllaDB, DynamoDB.
  • Manager of the team that owns the production search and cache for Grab for ElastiCache, Redis, ElasticSearch, and Amazon AES.
  • Architect and manager of the team provider of a unified abstraction for SQL and NoSQL stores to all company services and data science/processing. API capable of abstracting all data stores – both SQL, NoSQL, and object-store – focusing on increased security and developer productivity. Today its is hard to mix different environments, e.g., SQL + NoSQL and multiple cloud providers. This system allows developers to span across diverse technology stacks (both data platforms and cloud providers) seamlessly. System scales to xxM QPS.
  • Work closely with Information Security to define Grab’s Data Classification and Data Governance policies, ISO 27001, and online PCI compliance.
  • Saved $xxM/year by optimizing and rightsizing database resources

Member of Data Governance, Patent Counsel, and ArchCo (an 8-person virtual team responsible for company-wide architecture review and approval).

Current technologies on my day-to-day activities:

  • Kubernetes: EKS, kops, OpenShift
  • NoSQL: Cassandra, DynamoDB, ScyllaDB
  • SQL: RDS (MySQL, Aurora), PostgreSQL
  • Cloud stacks: AWS, Azure
  • Security: PCI, ISO 27001, Data Classification/Governance
  • Monitoring: Datadog, statsd
  • Load Balancers: ELB/NLB, Envoy

Google (2010 - 2018)

Technical Lead Staff Engineer

  • Lead Engineer / Third-Party OSS Relationship Manager: Worked on cloud Integration & Open Source, managing the relationship with Google cloud partners Terraform, Ansible, Puppet, Chef, and others. The project aims to cover 100% of the Google Cloud Platform (all products and services) and integrate them with popular open-source deployment tools. Work previewed at PuppetConf and ChefConf and released as open-source in Aug’17 on Google Cloud Platform’s Github and Puppet Forge, with Chef Supermarket to follow in Q3’17. (relevant links in Publications section).
  • Technical Lead / Architect: Worked four years designing and implementing the core system to deploy and manage 100M+ nodes across 10+ data centers. I lead the team that developed technology that powers both internally critical workflows and Firebase Test Lab for Android with 24x7x365 with 99.999% reliability SLA.
  • Developer: Implemented software drivers that interface with TPM chip and other kernel-level components to deliver full disk hardware encryption for ChromeOS installed in production Chromebooks. Identified and fixed a TPM key generation security vulnerability on openCryptoki that affected all Linux distributions. Implemented real-time packet filtering on Google Compute Engine to block traffic from export-controlled embargoed countries, and contributed to various open-source projects.

Microsoft (2002 - 2010)

Senior Technical Lead Engineer

  • Technical Lead | Microsoft System Center

  • Developer | Microsoft Security Business Unit

  • Researcher | Microsoft Research

    • Worked for three years on Microsoft Research on the eXtreme Computing Group in core technologies that eventually created Microsoft Azure and Microsoft SQL Azure.
    • Worked in collaboration with the University of Washington to create the Trident Computing Workflow system
    • Created a product for workflow versioning and reliable experiments reproduction

Modulo Security Solutions (1997 - 2001)

Senior Software Development Manager

Manager of managers. Head of Development, responsible for the development and deployment of the election software. I had teams in three geographic locations. Each team had a manager and Engineers reporting to them.

  • Engineering Manager
    • Managed a team of 27 engineers distributed across three sites
    • Drove the Electronic Presidental Elections development projects, working alongside government officials on requirements, execution, and delivery.
    • QA – Oversaw the ISO 9001 certification of the company’s software development, defined and achieved Capability Maturity Model (CMM) level 3, and created a long-term plan for achieving CMM level 4.
  • Senior Software Engineer
    • Architect of the Election security system, used in every voting booth across the country, the most extensive synchronized deployment system ever built at the time.
    • Developed various system-level software – device drivers, network filtering and transparent network encryption – for use by the company’s products, government, and military customers.
    • Cryptography: Worked with various cryptography systems and frameworks, including hardware-based HSM and smartcards. X.509 PKI Certificate Authority systems from eTrust and Verisign defining the protocol for ICP-Brasil – the Brazilian public-key infrastructure used to certify financial transactions and official government records.

Federal University of Rio de Janeiro (1993 - 1998)

Computer Science Department Administrator

I led the Computer Science Department laboratories, responsible for the management of its infrastructure, student authorization, computer protection, and licensing of equipment and software.

Technologies: IBM AIX, Novell Netware, SunOS, Solaris.

Freelance consultant to various departments and on-campus research institutions

Contracted by various departments across the university (Mathematics, Physics, Computer Science, and Engineering) I helped advance campus networking, regional file systems, and operation of Internet Brazil (routed via the university.)

Departments also contracted me to provide training to their staff on Unix administration, Novell Netware setup and operations, and help them bring up new labs.

Research Software Engineer

Worked as Engineer for the post-graduate department of Engineering developing systems to help fight malaria and other health issues. My work was awarded software of the year by the Education Ministry of Brazil for its innovation and public health advancements.

Technologies: C++, Unix, hardware interfaces, big data (well, big its the time)

Patents & Publications & Public Speaking

In observance of U.S. and international patent laws, please consult with your legal department before opening the patent documents below to avoid accidentally tainting your development process and exposing your company to possible punitive damages for patent violation.

Patents

US PTO ID Description
US 8161475 B2 Automatic Load And Balancing To Meet Resources Requirements
Patent Pending Automatic Retirement & Provisioning of Virtual Machines
US 20100295856 A1 Data Analysis and Visualization System and Techniques
US 8635331 B2 Distributed Workflow Framework
US 20110161391 A1 Federated Workflow Scheduling
US 8015563 B2 Managing Virtual Machine with System-Wide Policies
US 9213542 B2 Offline Preparation & Customization of Virtual Machines
US 8082459 B2 Power Management Based On Policy
US 7996834 B2 Virtual Machine Self-Service Restrictions
US 8806480 B2 Virtual Machine Smart Migration
US 9223596 B1 Virtual machine fast provisioning based on dynamic criterion
US 9639340 B2 System and Method for Loading Virtual Machines
WO 2017217988 A1 Secure Configuration of Cloud Computing Nodes
US 20160098286 A1 Creating templates of offline resources
DPub 219 Distributed Trusted Update Approval

Publications

Publication Published Work
Google Cloud Twitter We’ve released & open-sourced a set of modules to improve the ability for Puppet users to manage #GCP
Google Cloud Platform Introducing Puppet support for Google Cloud Platform (author)
Puppet Blog Announcing Puppet support for Google Cloud Platform (co-author)
IEEE The Trident Scientific Workflow Workbench eScience ’08. IEEE Fourth International Conference on eScience 12/07/2008
ResearchGate Workflow Evolution: TracingWorkflows Through Time [MSR-TR-2009-185] 12/07/2009
ResearchGate Building Reliable Data Pipelines in Pan-STARRS
Indiana University Versioning for Workflow Evolution (derivative Ph.D thesis)
Microsoft Research DryadLINQ for Scientific Analyses 12/08/2009
Microsoft Research Trident: Scientific Workflow Workbench for Oceanography [MSR-TR-2004-150] 01/01/2004
MSDN Blog Microsoft – MSDN Blog
Microsoft Technet Virtual Server 2005 – IDE to SCSI Virtual Machine Migration
Journal of the Brazilian
Computer Society		 MIDIZ: Content based indexing and retrieving MIDI files [alt. pt-BR version]
paho.org SIGEPI: Geographic Information Systems in Health (GIS-EPI)

Public Speaking

Event Date Published Work Video
PuppetConf 2017 Puppet & Google Cloud: From Nothing to Production in 10 min [video]
Webinar 2017 A hands on migration of your app to cloud with Puppet and Google Cloud Platform
PuppetConf 2016 Puppetize ALL the Things! (Google Cloud) [video]
ChefConf 2016 Chef Journey on Google Cloud [video]
PuppetConf 2015 Puppet & Google Cloud Platform [video]
Microsoft PDC 2007 Document not publicly available
Microsoft PDC 2006 Document not publicly available
Microsoft PDC 2005 Document not publicly available
Microsoft MGB 2004 Microsoft Global Briefing: Virtual Server Deployment Manager Document not publicly available

Entrepreneur Experiences

These are companies that I owned (over 50%) or had a considerable stake on (20% to 50%):

Lune Networks, LLC USA

Chief Architect

Mobile self-learning sports training software for Apple iOS (iPhone, iPad and iPod) and Android (phones and tablets)

  • Software Development
    • Android & iOS store approved consumer Apps
    • Video processing of training footage for optimized viewing experience based on device capabilities
    • Internal systems to manage company’s operations (billing & accounting, deployment)
    • Server-side components to operate and coordinate mobile device apps
    • Server-side code to interact with vendors’ marketplaces (Apple Store, Google Play Store, Amazon Marketplace), manage paid customer licenses, DRM authorizations, process payments, etc.
  • Business Management: Managed contracts with various third-parties to provide sports contents, e.g., soccer and baseball coaches

Lune Networks Brazil

Chief Architect

  • X.509 Certificate Authority: complete web-based infrastructure, with certificate management, issuance, renewal, revocation. CRL and LDAP. Enterprise management features.
  • Secure Version Control Infra-structure: repository, hosting and applications
  • Data Hosting
  • Internet Hosting
  • MetaDB – Meta Data Web Manager

3Elos Consulting Brazil

Development Manager

Security company focused on providing softwares and services to large financial institutions, government and military.

  • WebWatch – Internet Content and Availability Monitor
  • Intrusion Detection
  • Data Analysis
  • Firewall, VPN and Security Implementation
  • Security Software Development

Oba!Web Informatica Brazil

Architect

Provide internet access using prepaid cards. Similar to telephone systems where users can buy a card and scratch to reveal a code that grants them specific amount of money for calls. The internet system works in a similar way, by providing a code user can input on one of the stations spread around the city. Each code will give the user-specific amount of time to use the internet and can be used on different locations (if user does not use all credits at once, he can continue later, even from the other site).

  • Software to secure workstations against unauthorized use, using Windows DDK (kernel mode drivers)
  • Software to protect workstations against unauthorized modifications, software installs or settings changes, using Windows DDK and SDK (kernel mode and user mode drivers)
  • Develop software to generate, produce and manage scratch PIN cards

Technologies

Education

Leadership and Disruptive Technologies

Harvard Business School

  • Leadership
  • Disruptive Technologies
  • Work To Be Done

M.Sc. in Computer Science

UFRJ – Federal University of Rio de Janeiro Brazil

COPPE – Institute for Graduate Studies and Research in Engineering

Major: Databases | Minor: Computer Systems

Incomplete due to migration to the US (all but thesis complete)

Bachelor in Computer Science

UFRJ – Federal University of Rio de Janeiro Brazil

Major: Computer Science

Languages

  • English fluent
  • Portuguese fluent
  • Spanish intermediate
  • Mandarin beginner

Resumes

go.lunenetworks.com/nelson/resume/detailed

Mon Sep 9 16:39:43 PDT 2024 (hash: 7b6a76)