Available for Senior Roles · B2B Contractor

Bojan
Djokić

Cloud Security Architect  ·  SecOps  ·  DevOps Engineer Expert

18+ years of international experience (Iceland, Norway, Serbia) designing, deploying, and governing secure Azure-based platforms across regulated industries — banking, healthcare, energy, insurance, retail, and defense.

View Projects → Let's Talk
Azure Solutions Architect Expert (AZ-305) Azure DevOps Engineer Expert (AZ-400) CKS Advanced Training Niš, Serbia · CET
Bojan Djokić
Bojan Djokić
AetherOps Technologies · Niš, Serbia
AZ-305 Expert AZ-400 Expert AZ-104 Associate MCSE: Cloud 2016 CKS Training Big Data 2018
18+
Yrs Exp.
2.4K+
Azure Subs.
20+
Clients
🇬🇧 English — Native 🇳🇴 Norwegian — B2 🇷🇸 Serbian — Native
Bojan Djokić
Based in
Niš, Serbia
About Me

Security-first. Architecture-driven. Results-obsessed.

I'm a Microsoft-certified Cloud Security Architect and DevOps Engineer Expert with 18+ years of international experience across Iceland, Norway, and Serbia. I specialize in designing, deploying, and governing secure Azure platforms for regulated industries where failure isn't an option.

My expertise spans Zero Trust security architecture, multi-tenant identity federation, fine-grained RBAC, managed identity patterns, Key Vault CMK lifecycle management, WAF and API gateway security, container security on AKS, and SIEM-driven audit and compliance.

I consistently deliver formal security architecture deliverables — threat models, HLD/LLD, network topology diagrams, data flow diagrams, and security control matrices — aligned with the Azure Well-Architected Framework, NIST CSF, CIS Benchmarks, HIPAA, and ISO 27001.

Beyond technical delivery, I lead cross-functional teams, engage enterprise stakeholders, and provide pre-sales security architecture guidance for large enterprise bids. I'm currently running AetherOps Technologies, my independent consulting practice, and conducting research on AI workload security architecture for multi-tenant platforms.

Notable Clients
OptumAhold Delhaize Willis Towers WatsonErste Bank Maersk TankersRSA Ireland NATOEquinor DNB BankSpareBank1 UnilevereasyJet Anglo-AmericanUPM LEO PharmaNilfisk COOP DenmarkFujitsu London PetoroRogaland Gov.
Frameworks & Standards
NIST CSFCIS Benchmarks ISO 27001HIPAA SOC 2GDPR Azure Well-ArchitectedZero Trust OWASP Top 10Azure CAF
Experience

Career Timeline

18 years of hands-on delivery across Iceland, Norway, and Serbia — government PKI to enterprise-scale cloud security architecture.

June 2025 – Present Independent · Remote
Independent Cloud Security Architect
AetherOps Technologies

Cloud security architecture and enterprise integration consulting for international clients. Security architecture reviews using Azure Security Benchmark and CIS Azure Foundations. Designing secure landing zones with integrated Azure Policy, RBAC, and network segmentation. Delivering threat models, security control matrices, HLD/LLD aligned with NIST CSF and Azure Well-Architected Framework. Currently conducting PoC on AI workload security: agent isolation, AKS micro-segmentation, prompt injection detection, PII redaction, and OPA-based policy engines for LLM agent deployments.

Azure Security BenchmarkCIS Azure Foundations Landing ZonesAKS OPATerraform AI Security PoCPre-Sales Architecture
Feb 2025 – May 2025 Full-time · Belgrade
Lead DevOps Engineer
Luxoft (via DXL Technology)
Client: Optum — U.S. Healthcare (HIPAA Regulated)

Enterprise-scale security for healthcare applications across 2,400+ Azure subscriptions. Implemented Azure WAF policies defending against OWASP Top 10. Designed Ingress-as-a-Service security architecture for consistent AKS controls at scale. Security analysis identifying HIPAA compliance gaps. Security automation scripts with GitHub Actions GHE pipelines. Secure containerisation with Podman including vulnerability scanning and image hardening.

Azure WAFAKS Security GitHub Actions GHETerraform GolangPodman HIPAAOWASP Top 10
Sep 2023 – Feb 2025 Full-time · Belgrade
Lead System Engineer / Architect & DevOps Engineer
EPAM Systems
Clients: Ahold Delhaize (Retail) · Willis Towers Watson (Insurance)

Ahold Delhaize — Secure-by-design architecture per Azure Well-Architected Framework. Azure API Management (OAuth 2.0, rate limiting, threat protection). CI/CD with Key Vault secrets management — deployment time ↓30%. RBAC and least privilege — security exposure ↓40%. Security-focused HLD, LLD, threat models.

Willis Towers Watson — Azure Managed Applications with Pulumi IaC security controls. AKS: network policies, pod security standards, RBAC. Azure Key Vault secrets management. Azure Monitor and Log Analytics for security event tracking.

Azure API ManagementOAuth 2.0 AKSKey Vault PulumiGitHub Actions Azure DevOpsTerraformC#
Sep 2022 – Sep 2023 Full-time · Belgrade
Senior Microsoft Cloud Engineer / Technical Architect
Mainstream
Clients: Erste Bank (Banking) · Vivanco (Manufacturing) · Telco

Erste Bank — AD security assessment and remediation, CIS Benchmark server hardening, RBAC/MFA/Conditional Access, security logging for regulatory compliance, SCCM patch management.

Vivanco & Telco — Fault-tolerant DRaaS architecture, Azure Backup (BaaS) with encryption controls, retention policies, risk analysis, comprehensive HLD/LLD documentation.

AD SecurityCIS Benchmarks Conditional AccessMFA Azure BackupAzure Site Recovery SCCMDRaaS
Mar 2021 – Jul 2022 Hybrid · Belgrade
Customer Solutions Architect (CSA)
GDC Services (ICL / Fujitsu)
Clients: Maersk Tankers · RSA Ireland · COOP Denmark · Hartmann · Nilfisk · Fujitsu London

Maersk Tankers — ADFS to PTA migration, MFA, Conditional Access, secure API auth, threat models/HLD/LLD.
RSA Ireland — Azure CAF, Enterprise-Scale Landing Zones, Azure Policy enforcement, Azure Blueprints (ISO compliance), Azure DevOps YAML pipelines.
COOP Denmark — PKI assessment, certificate management, hybrid integration, server hardening (2012 R2 → 2019).
Fujitsu London — MSSP architecture, security governance for multi-tenant environments.

ADFS → PTAEntra ID Landing ZonesAzure Policy Azure BlueprintsISO 27001 PKIYAML Pipelines
Mar 2018 – Mar 2021 On-site · Stavanger, Norway
Lead Technical Architect
HCL Technologies
Clients: Equinor · DNB Bank · UPM · Anglo-American · easyJet · Unilever · EDF Luminus · LEO Pharma

UPM — Zero Trust: Azure AD, PIM, RBAC, Conditional Access, PAM, Rights Management Services (RMS), HLD/LLD.
DNB Bank — Database encryption, HA DHCP Failover Cluster, AD IAM with RBAC and GPO hardening.
Anglo-American — Azure AD SSO, Application Proxy for secure remote access, PIM governance.
Unilever — AD DS LLD for 5-forest Azure AD integration.
Equinor — Azure SQL encryption, SCCM Technical Lead.
easyJet — Windows Autopilot, M365, ADFS, SCCM, GPO hardening.

Zero TrustAzure PIM PAMRMS Azure AD App ProxyDatabase Encryption ADFSPKISCCM
Feb 2016 – Mar 2018 On-site · Stavanger, Norway
Active Directory Specialist – Architect
Rogaland County Council (Government)

Secure infrastructure for Norwegian government. Architected AD with hardening and access controls. PKI design for certificate-based authentication. DirectAccess always-on VPN with device authentication. Hybrid cloud architecture combining on-premises and Azure (IaaS/PaaS/SaaS). PoC: Azure Data Lake, Azure Stream Analytics, Azure SQL Elastic Pools with encryption and RBAC.

Active DirectoryPKI DirectAccessHybrid Cloud Azure Data LakeAzure Stream AnalyticsAzure SQL
Jan 2012 – Nov 2015 On-site · Stavanger, Norway
Senior IT Consultant – Enterprise Security Architect
EVRY
Clients: DNB Bank · SpareBank1 · NATO · Petoro · Gjensidige · Storebrand · Oljedirektoratet · UiS

Designed PKI for NATO, Petoro, University of Stavanger, and Premier Oil. Secure authentication: DirectAccess, RADIUS, certificate-based. SQL encryption and Failover Clustering for DNB and SpareBank1. High-availability datacentre achieving 4–5 nines uptime. Pre-sales security architecture for enterprise bids, HLD/LLD, and architecture design sessions with C-level stakeholders.

PKI / CANATO DirectAccessADFS SQL EncryptionFailover Clustering System Center 20124–5 Nines HA
Jan 2007 – Oct 2011 On-site · Reykjavik, Iceland
Information Technology Specialist
Tölvulistinn

Full-time IT specialist delivering Windows Server and AD administration, Exchange Server maintenance, VPN administration, and pre-sales technical assistance for SMB and enterprise clients across Iceland. Foundations in infrastructure engineering that underpin 18 years of career growth.

Windows Server 2003/2008Active Directory Exchange Server 2003SCCM 2007VPN
Technologies

Technical Stack

Deep expertise across the full Azure security and cloud-native toolchain, with 18 years of delivery from PKI to Zero Trust to AKS.

Expert
Advanced
Proficient
Security Architecture
Zero Trust Architecture
Threat Modelling
HLD / LLD
Security Control Matrices
Azure Security Benchmark
CIS Benchmarks
Pre-Sales Architecture
NIST CSF
Network Topology Diagrams
Identity & Access Management
Microsoft Entra ID
Conditional Access
MFA / PIM
RBAC (Row & Column Level)
Managed Identities
ADFS / PTA Migration
PKI / Certificate Authority
Cross-Tenant Federation
Workload Identity / OIDC
Azure AD App Proxy
Rights Management (RMS)
Data Protection & Key Management
Azure Key Vault
Customer-Managed Keys (CMK)
TLS 1.3
Encryption at Rest / In Transit
TDE (Transparent Data Encryption)
Dynamic Data Masking
DLP
WORM Immutable Audit Logs
Network & Infrastructure Security
Azure Firewall
Private Endpoints
NSG (Deny-by-Default)
VNet Segmentation
WAF (OWASP CRS)
Application Gateway
DDoS Standard
DNS Private Zones
Micro-segmentation
ExpressRoute / VPN Gateway
Geo-blocking
Container & Application Security
AKS Security
Kubernetes Network Policies
Pod Security Standards
OPA / Gatekeeper
Azure API Management
Image Scanning & Signing
Falco / Defender for Containers
Podman
Helm
SIEM, Monitoring & Compliance
Microsoft Sentinel
Log Analytics
Azure Monitor
Application Insights
Prometheus
Incident Response Playbooks
Defender for Cloud
IaC, DevOps & CI/CD
Terraform
Azure DevOps YAML Pipelines
GitHub Actions
Enterprise-Scale Landing Zones
ARM Templates
Bicep
Pulumi
Argo CD / GitOps
DevSecOps Automation
CI/CD Security Gates
Databases, Cloud & Programming
Azure SQL (Security & Encryption)
Azure PostgreSQL (Security)
PowerShell
Python
C#
Golang
Business Continuity & Disaster Recovery
Azure Site Recovery
Azure Backup (BaaS)
RTO / RPO Design
DRaaS Architecture
Geo-Redundant Storage
Automated Failover
Projects

Selected Work

Architecture, security engineering, and DevSecOps delivery across Fortune 500, banking, healthcare, and government clients.

Featured · Healthcare Security at Scale
Cloud Security Across 2,400+ Azure Subscriptions
Optum (U.S. Healthcare) via Luxoft · Feb–May 2025 · HIPAA Regulated

Enterprise-scale security engineering for a major US healthcare platform. Implemented Azure WAF defending against OWASP Top 10 threats. Designed Ingress-as-a-Service architecture for consistent AKS security controls at subscription scale. Security analysis across 2,400+ subscriptions identifying HIPAA compliance gaps. Security automation integrated into GitHub Actions GHE pipelines. Secure containerisation with Podman: vulnerability scanning and image hardening.

Azure WAFAKS Security HIPAAOWASP Top 10 GitHub Actions GHETerraform PodmanGolang 2,400+ Subscriptions
Offer Engine Ecosystem — Secure-by-Design
Ahold Delhaize (Fortune 500 Retail) via EPAM · 2023–2025

Azure Well-Architected Framework security pillar. Azure API Management (OAuth 2.0, rate limiting, threat protection). CI/CD + Key Vault secrets — deployment time ↓30%. RBAC and least privilege — security exposure ↓40%. HLD, LLD, threat models for REST API integration patterns.

Azure API ManagementOAuth 2.0 Key VaultRBACAzure DevOps
Azure Managed Applications Security
Willis Towers Watson (Insurance) via EPAM · 2023–2025

Azure Managed Applications with Pulumi IaC security controls. AKS: network policies, pod security standards, RBAC. Azure Key Vault secrets management. Azure Monitor and Log Analytics for security event tracking and alerting.

PulumiAKS Pod Security StandardsKey VaultLog Analytics
Enterprise-Scale Landing Zones — Insurance
RSA Ireland via GDC Services / Fujitsu · 2021–2022

Azure Cloud Adoption Framework with enterprise-scale Landing Zones, security baselines, and Azure Policy enforcement. Azure Blueprints with embedded ISO 27001 compliance validation. Azure DevOps YAML pipelines for governed CI/CD.

Landing ZonesAzure Policy Azure BlueprintsISO 27001YAML Pipelines
ADFS to Entra ID/PTA Migration
Maersk Tankers (Shipping) via GDC Services · 2021–2022

Migrated ADFS to Pass-Through Authentication (PTA) improving security posture. MFA and Conditional Access policy design. Secure API integrations. Threat model, HLD, and LLD for complete authentication architecture.

ADFS → PTAEntra ID MFAConditional AccessThreat Model
Zero Trust Implementation — Manufacturing
UPM (Finland) via HCL Technologies · 2018–2021

Zero Trust architecture using Azure AD, PIM, RBAC, Conditional Access. AD security assessment identifying critical vulnerabilities. Identity governance with PAM. Rights Management Services (RMS) for data protection. HLD/LLD documentation.

Zero TrustAzure PIM PAMRMSConditional Access
PKI Architecture for NATO & Norwegian Government
NATO · Petoro · UiS via EVRY · 2012–2015

PKI solutions for NATO, Petoro, University of Stavanger, and Premier Oil. DirectAccess, RADIUS, certificate-based authentication. SQL encryption and Failover Clustering for DNB and SpareBank1. High-availability datacentre infrastructure: 4–5 nines uptime.

PKI / CANATO DirectAccessSQL Encryption4–5 Nines HA
Banking Security Hardening & Governance
Erste Bank (Banking) via Mainstream · 2022–2023

AD security assessment and remediation. CIS Benchmark server hardening. RBAC, MFA, Conditional Access. Security logging for regulatory compliance auditing. SCCM patch management workflows. Full compliance with banking regulatory requirements.

AD SecurityCIS Benchmarks MFAConditional AccessBanking Compliance
Publications

Technical Articles

In-depth articles published on LinkedIn, covering cloud security architecture, Azure governance, and enterprise engineering.

🏗️
Architecture · Azure
Azure Well-Architected Framework: Practical Use Cases

Applying all five pillars of the Azure Well-Architected Framework in real-world enterprise scenarios — from security to cost optimization.

LinkedIn Article
🏢
Architecture · Governance
Implementing Enterprise-Scale Landing Zones

Step-by-step guide to deploying Enterprise-Scale Landing Zones with security baselines, Azure Policy governance, and network topology design.

LinkedIn Article
🛡️
Security · Identity
Zero Trust Security Model in Azure

Practical Zero Trust on Azure: identity, network segmentation, Conditional Access, PIM, and audit logging across regulated environments.

LinkedIn Article
☸️
Containers · DevOps
Containerized Deployments with Kubernetes

Production-grade Kubernetes deployments: pod security standards, network policies, image scanning, and GitOps-driven delivery.

LinkedIn Article
🔌
API Security · Architecture
Optimizing Azure API Management in Microservices

API gateway security patterns: OAuth 2.0, rate limiting, threat protection, CSRF defence, and input validation across microservices architectures.

LinkedIn Article
🔬
Research · AI Security
AI Workload Security on AKS — PoC Research

Ongoing research: agent isolation, AKS micro-segmentation, prompt injection detection, PII redaction, and OPA policy engines for LLM deployments.

In Progress · 2025

More publications available on LinkedIn Articles →

Contact

Let's Work Together

Available for senior contractor roles in cloud security architecture, Azure DevOps engineering, and enterprise security consulting. B2B · Remote · CET.

Get in touch

bojandjokic74@hotmail.com
+381 64 28 72 717

AZ-305 Expert · AZ-400 Expert · 18 years of international delivery across 20+ enterprise clients.

LinkedIn GitHub Download CV