Senior DevOps consulting for European startups and SMBs. Azure platforms, secured and automated — written reviews and shipped PRs, not slide decks.
A pragmatic posture review of your Azure estate: IAM and RBAC, Key Vault and secrets, network segmentation, and Policy alignment with Microsoft's Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF). Delivered as a prioritised written review with concrete remediation paths.
Line-by-line review of your Terraform, with Checkov policy-as-code layered on top. Module structure, state and drift, secret handling, CI integration. Delivered as a written review plus fix PRs against your repo — including custom policies tuned to your conventions.
End-to-end pipeline build on Azure DevOps or GitHub Actions: static analysis (SAST), dependency scanning (SCA), secret scanning, and environment promotion. Built around GitHub Advanced Security, CodeQL, SonarQube, and Mend.io. Delivered as a working pipeline plus a runbook your team can maintain.
Designed and built a Checkov-based IaC security framework deployed across multiple member firms in different countries. 40+ custom Azure security policies covering Data Factory, SQL Managed Instance, Redis, ACR, AKS, Databricks, and Container Apps. Distributed from GitHub to consuming Azure DevOps projects via OpenID Connect (OIDC) federation — no long-lived secrets across organisations.
Implemented CAF/WAF-aligned Landing Zones across 17+ subscriptions, organised into corp, online, sandbox, and platform management groups. Hub-spoke networking, Azure Arc for hybrid governance, and a custom monitoring stack across Azure and on-premises. Terraform + Terragrunt + Atlantis for PR-driven IaC.
Replaced an enterprise SQL monitoring product (~$30K/year licensing) across 20 servers with native Azure Monitor, Log Analytics, and Data Collection Rules. Adopted by the German entity, then rolled out organisation-wide — leading a small team of engineers through delivery.
30-minute call to understand your stack, the problem, and your goals. No commitment.
Written scope, deliverables, timeline, and fee within three business days. Fixed-price where it makes sense.
Reviews, fixes, and PRs against your repos. Async written progress; no daily standups required.
Final writeup, a runbook your team owns, and a follow-up call after sign-off.
Evolvex is a one-person consultancy run by a senior DevOps engineer with six years of experience, the last three focused on Azure platform engineering and IaC security in enterprise and Big 4 environments. Recent work spans Checkov-based policy-as-code distributed across multi-country member firms, CAF/WAF Landing Zones across 17+ subscriptions, and a native Azure Monitor stack that replaced ~$30K/year of third-party SQL monitoring tooling.
Engagements range from focused security reviews to long-term embedded work. The same engineer who reviews your code writes the fix PRs — no handoffs, no junior shadowing. Fixed scope, written deliverables, and a runbook your team owns at the end.
Send a brief about your stack, the problem, and your timeline. Replies within two business days.
hello@evolvex.ltd