Luke Brewerton

Senior Cloud Platform Engineer · East Sussex, UK · luke@brewerton.me

Full CV with references available on request.

profile

Senior Cloud Platform Engineer with over a decade in IT and close to eight years across DevOps, SRE and platform engineering — specialising in AWS, infrastructure as code, and secure, self-service developer platforms. Track record of leading platform-wide initiatives end to end: replacing enterprise PAM tooling, building GitOps-driven access models, and re-platforming workloads onto ECS, across large multi-account AWS estates — owning everything from architecture and sign-off through to delivery and stakeholder management up to director level. Comfortable hands-on while leading engineers and projects, and growing towards a lead or principal platform role.

core skills

cloud & platform: AWS — Organizations, Control Tower, Account Factory for Terraform, IAM Identity Center, EC2, EKS, ECS, Step Functions, CloudWatch, Route 53, API Gateway, S3, CloudFront, SQS, SES, VPC
infrastructure as code: Terraform, Ansible, Packer
containers & orchestration: Docker, Kubernetes (EKS), ECS
ci/cd & source control: GitLab & GitLab CI, GitHub, Git, Jenkins, Nexus, SonarQube
identity, access & security: Microsoft Entra ID, AWS IAM (workforce & workload), StrongDM (PAM), HashiCorp Vault & Consul
networking: VPC networking, NACLs / security groups, reverse & forward proxies, IDS/IPS
languages & scripting: Python, Bash
operating systems: Linux — RHEL / CentOS, Debian / Ubuntu

experience

Cloud Platform Engineer · ComparetheMarket

Nov 2022 – Present

Own the day-to-day operation of the AWS platform underpinning the business — a large multi-account estate across separate AWS Organizations, provisioned and governed through Account Factory for Terraform (AFT).
Led the migration of source control and CI/CD onto GitLab and drove an infrastructure-as-code-first approach across the estate.
Manage IAM across both workforce and workload / automation identities, designing scalable, least-privilege access patterns.
Led the end-to-end replacement of the enterprise PAM solution with StrongDM, serving the entire engineering workforce — owning both the technical design and the delivery: architecture, Key Design Decision documents, and sign-off from Staff and Principal engineers, while managing a team of 4 and reporting to directors and stakeholders.
Designed the access model around identity and existing single sign-on, turning privileged-access provisioning into a self-service, GitOps-driven workflow integrated with account provisioning.
Subsequently led the migration of StrongDM from EC2 to a containerised ECS deployment — again owning the Epic, architecture and Staff / Principal sign-off — improving resilience and removing long-lived instance maintenance.
Built the team’s shared GitLab CI templates and CI images, now used by 50+ repositories, eliminating pipeline duplication — including a Terraform version-agnostic image using tfswitch so each repo pins its own version from a single shared tag.
Ran knowledge-transfer and enablement sessions across engineering teams throughout both rollouts, driving smooth, self-sufficient adoption of the new tooling.

Platform Engineer · Capgemini

Jul 2019 – Nov 2022

Led and managed a team of 8 on a greenfield public-sector programme, building the platform that supported the applications, using DevOps and Scrum — alongside application development, SRE, on-premise infrastructure and senior management.
Built and maintained a large-scale, secure, multi-tenant AWS platform for internal application teams to deploy into production, using EC2, EKS, Route 53, API Gateway, CloudWatch, SQS, SES, Control Tower, S3 and CloudFront — with Terraform, Vault, Consul, Jenkins and Kubernetes.
Built an internal tenant’s infrastructure from scratch — from the network foundation through a controlled, inspected ingress/egress layer to the Kubernetes clusters hosting the applications.
Acted as Scrum Master and Tech Lead before moving into a consultative / SME role — the point of contact for 30+ engineers on technical direction, a key approver of architecture designs, and responsible for onboarding new colleagues.
Added a reusable Terraform pattern for common network-ACL rules, keeping the codebase DRY, cleaner and easier for other engineers to consume.

DevOps Engineer · PeopleFluent

Aug 2018 – Jul 2019

Configured and maintained CI/CD pipelines from development through to production, and cut nightly build times from 16 hours to 4.
Wrote Terraform for all infrastructure and integrated it into the pipelines, setting up AWS accounts to business security requirements.
Introduced Kubernetes on AWS EKS, migrating applications from ECS, and took an on-premise application to a cloud SaaS offering.
Refactored the DevOps codebase into a shared library of reusable modules used across all products and teams.
Led a team of 5 and contributed to the Architecture team, building proofs of concept for new technologies.

Systems Engineer / Infrastructure Manager · Hyve

Nov 2016 – Aug 2018

Designed, configured and installed public and private cloud platforms, and built servers (VMware and physical) to customer requirements.
Implemented an Ansible-based automation platform for tasks including monthly patching, and wrote a firmware / software vulnerability-checking system in Python and Ruby.
Managed a team of 4 Infrastructure Engineers, tracking progress against company objectives and improving ticketing workflows.

earlier career

Technical Support Engineer — Computer & Network Consultants (2014–2016): onsite support and VMware / Hyper-V virtualisation projects across the south coast and London.
IT Technician — JSPC Computer Services (2014): onsite support and infrastructure upgrades for education-sector clients.
Technical Consultant — Trident Professional IT Services (2012–2014): ITIL-based support and early Office 365 rollouts, 10 to 3,000-employee organisations.