SN/profilestatus = profile reviewed · self-attesteddomain = sergeinaumov.dev

Backend &
security platform
engineering,
at infrastructure scale.

I build infrastructure and security platforms around secrets management, PKI/TLS automation, Kubernetes, and Go backend systems.

Focused on reducing operational risk, automating certificate lifecycle management, and building reliable internal platforms for engineering organizations.

professional · profile record
v1.0
subject
Sergei Naumov
Backend / Platform Security
basis
Self-attested professional profile
timeline
active_from = 2017-10·status_until = ongoing
focus
backend systems · platform security · infrastructure
eng_focus
Vault · PKI/TLS automation · Kubernetes · Go
evidence
public links and writing where available
profile reviewedNot a cryptographic certificate.
stackdomain = backend / platform-securitysecrets = hashicorp/vaultpki = internal-ca · mtls · short-ttlcompute = kuberneteslang = goregion = us-aligned
§ 01Expertise

Core engineering areas.

Four overlapping disciplines. The common thread is reducing operational risk and making security mechanisms practical for the engineers who depend on them. Each entry below documents what I treat as the interface to that area.

§ 01

Secrets Management

HashiCorp Vault-based access models, service secrets, Kubernetes authentication, AppRole, and LDAP integrations. Ownership-based access where teams and services are the unit of trust — not individual people.

interface
engine=kv-v2 · pki · transit
auth=kubernetes · approle · ldap
policy=ownership · path-scoped
audit=file · syslog · siem
§ 02

PKI / TLS Automation

Certificate lifecycle automation, internal CA integrations, service identity, renewal flows, and production-grade TLS operations. Short-lived certificates as a forcing function for healthy operations.

interface
issuance=short-ttl · per-service
renewal=auto · pre-expiry
identity=spiffe-aligned
transport=tls1.3 · mtls
§ 03

Kubernetes Infrastructure

Platform integrations for Kubernetes-based environments, service authentication, automation workflows, and infrastructure reliability. Designed so workloads inherit identity and secrets without bespoke wiring.

interface
auth=service-account · jwt
delivery=controllers · operators
secrets=csi · injector · ssa
posture=rbac · psa · network
§ 04

Backend Systems in Go

Backend services, internal developer platforms, and security automation tools. Boring, observable, low-blast-radius services that the rest of the platform can quietly depend on.

interface
runtime=go · grpc · http/2
storage=postgres · object
obs=otel · prometheus
style=small · composable
§ 03About

About.

I am a backend and security platform engineer focused on infrastructure systems that make engineering organizations safer and more reliable.

My work sits at the intersection of backend development, platform engineering, secrets management, PKI/TLS automation, Kubernetes infrastructure, and internal security tooling.

I am especially interested in systems that reduce manual operational work, improve service ownership, and make security mechanisms practical for engineering teams.

operating principles
  1. 01Short-lived credentials are a forcing function for healthy operations.
  2. 02Ownership belongs to teams and services — not individual people.
  3. 03A clear interface is worth more than a clever implementation.
  4. 04Boring, observable systems beat exciting ones, every time.
location
Remote · US-aligned
stack
Go · Vault · K8s
focus
Platform security
status
Open to senior roles
§ 04Contact

Let’s connect.

I am open to senior backend, infrastructure, platform, and security engineering roles focused on internal platforms, infrastructure security, PKI, secrets management, and backend systems.

profile = self-attestedresponse = 1-2 business days