Ricardo Mendes
Middleware Engineer & DevOps Specialist
I'm a Middleware Engineer and DevOps specialist with full-stack infrastructure ownership — from OpenShift cluster lifecycle management and GitOps automation to observability platforms, identity management, and legacy system modernization. My work spans the entire chain: bare-metal and virtualized environments, Kubernetes orchestration, CI/CD pipelines (Tekton, GitLab, ArgoCD), monitoring stacks (Prometheus, Grafana, OpenTelemetry), and enterprise IAM (Keycloak). I bring prior experience as a CTO and Solution Architect, which means I don't just run infrastructure — I try to understand the business context it serves.
More about me ↓
My path into infrastructure wasn't a straight line. I started with a degree in Management Information Technology in Lisbon, then spent years in Brussels working across the tech landscape — as CTO of a tech innovation space, as a freelance Solution Architect pushing open source apps for ethical organizations, and as a Technical Event Manager handling live production setups. Those roles gave me something that purely operational engineers often lack: a clear view of how technology decisions ripple through organizations. In 2021, I made a deliberate shift toward deep infrastructure work, completing an intensive DevOps program and later professional training in OpenShift, Keycloak, OPA, virtualization, and F5 load balancing. Since 2023, I've been the Middleware Engineer at FGTB-ABVV, Belgium's largest socialist trade union, where I co-own the full infrastructure stack serving over a million affiliated members. The work is concrete: migrating legacy Java applications from IBM WebSphere and DataPower to containerized OpenShift deployments, managing multi-hop cluster upgrades across production environments, building GitOps workflows with ArgoCD and Helm, deploying enterprise CRM systems, and architecting observability platforms from scratch. I operate with an infrastructure-as-code-first mindset — every change is version-controlled, reviewable, and reversible. I'm trilingual (French, English, Portuguese), rooted in the open source community, and motivated by technology that serves people — not the other way around.
Experience
Middleware Engineer / Devops
@ FGTB-ABVV · Brussels · full-time
2023-11 – Present
At ABVV-FGTB, a union dedicated to advocating for workers' rights and engaging in collective bargaining, I have focused on enhancing our IT infrastructure and application delivery. Over the past year, my primary role has involved mastering various cutting-edge technologies, including Openshift, Kubernetes and integrate them into our production. A significant part of my responsibilities has been the strategic migration of Java applications from legacy environments—such as IBM Datapowers and PureApp systems, as well as Windows servers—to modern, containerized applications deployed on our VMware/HyperV Linux infrastructure and Openshift Kubernetes clusters. This transition is pivotal in optimizing our operational efficiencies and ensuring robust, scalable application performance.
CTO
@ DigitYser · Brussels · full-time
2018-10 – 2020-03
Defined and advised on technology strategy for a tech coworking and innovation space Evaluated and selected tech stacks and tools for internal operations and startup activities Provided technical guidance for event production (infrastructure, platforms, AV, connectivity) Acted as cross-functional technical advisor bridging operations, events, and startups
Solution Architect
@ Armada.digital · Brussels · freelance
2016-05 – 2021-12
Consultancy to amplify visibility of good causes Custom communication and collaboration solutions Empowering individuals and ethical businesses
Technical Event Manager
@ European Data Innovation Hub · Brussels · full-time
2019-01 – 2020-03
Technical event organization and management
Technical Advisor
@ WomenPreneur-Initiative · Brussels · freelance
2019-01 – 2020-01
Technical guidance for women-focused entrepreneurship initiative
Technical Advisor
@ Promote Ukraine · Brussels · freelance
2019-01 – 2020-01
Technical consulting for Ukraine advocacy organization
Skills
AI Coding
Automation
Containers
DevOps
Hosting
Monitoring
Scripting
Servers
System Administration
Interests
Orchestration & Container Runtime
Virtualisation & Hyperviseurs
Infrastructure & Architecture
Monitoring
Logging & Observability
Operating Systems
DevOps & CI/CD
Middleware & Enterprise Java
Security & Governance
AI / LLM / Knowledge Systems
Work Projects
2026-02 – Present
Architected centralized logging strategy for multi-cluster OpenShift environment covering IBM IIB, Spring Boot services, Keycloak, and API Gateway traffic. Designed log forwarding pipelines from multiple namespaces into a dedicated OpenSearch cluster hosted on a separate VM to decouple compute and storage layers.
2025-11 – Present
Led the transformation of the existing AngularJS-based My.ABVV.be affiliate portal into a cross-platform mobile application for iOS and Android. Refactored legacy Keycloak authentication integration to modern OAuth 2.0 and OpenID Connect (OIDC) standards. Implemented mobile-specific routing, pre-authentication landing screens, and device-aware navigation flows. Integrated Capacitor to enable native mobile packaging and platform bridge capabilities. Currently approaching Apple/Android TestFlight validation, with final stabilization and store deployment preparations underway.
2026-04 – 2026-04
Architected CI/CD pipelines on OpenShift/Tekton for 27 Java Spring Boot microservices across two platforms, replacing per-environment rebuild pipelines. Build Once/Deploy Many: RC tag triggers Maven build, SonarQube scan and Buildah image push to Harbor; release tag triggers skopeo retag preserving SHA256 digest. GitOps via ArgoCD. Built a Python CLI for sprint release coordination, YAML audit manifests, and git-tag rollback anchors capturing images, ConfigMaps and infra config atomically.
2025-05 – 2025-07
Designed a reusable enterprise testing framework for multiple Spring Boot microservices integrating JUnit5, Newman, and Log4J reporting into ReportPortal. Automated daily regression execution through Tekton pipelines triggered by GitLab events. Standardized pipeline templates for scalable microservice onboarding.
2025-03 – 2025-12
Led the enterprise-wide deployment of Dolibarr CRM to replace a legacy email-based affiliate request handling system. Previously, affiliate requests submitted via my.abvv.be were stored in PostgreSQL and automatically routed to regional offices via email, with no status tracking, workflow visibility, or collaborative handling capabilities. Designed and implemented a centralized ticketing system within Dolibarr CRM, including custom ticket workflows to manage unemployment access requests and affiliate file inquiries. Coordinated phased migration of all regional offices to the new platform. By December 2025, all regional offices were fully migrated. Since go-live, the platform has processed over 66,900 tickets, with structured lifecycle tracking (open/closed states) and significantly improved operational transparency.
2025-02 – Present
Designed and implemented a DevSecOps automation layer to synchronize internal GitLab repositories with cloud GitHub/GitLab accounts. Developed Python-based secret detection and sanitization logic (.env parsing, Dockerfile cleanup, internal registry reference removal) ensuring secure boundary enforcement between intranet and public repositories.
2024-06 – 2025-01
Containerized and migrated a modular enterprise Java application (EAR/WAR/JAR) from traditional WebSphere runtime to OpenLiberty deployed via Operator on OpenShift. Managed Java version alignment, Dockerization strategy, configuration refactoring, and CI/CD integration to enable cloud-native deployment and lifecycle management.
2024-02 – Present
Designed and implemented a centralized observability stack integrating Prometheus, Grafana, and Instana across Spring Boot microservices, IBM IIB, Keycloak, and Tyk API Gateway. Introduced distributed tracing strategy and evaluated OpenTelemetry collectors to enforce GDPR-aware data sanitization before SaaS export. Defined log aggregation roadmap using OpenSearch on a dedicated VM.
Languages
Education
2023-11 – 2024-01
Followed a professional training on Kubernetes and Red Hat OpenShift, covering containerization concepts, Kubernetes architecture, and core objects for deploying and operating containerized applications. The training included hands-on application deployment using declarative manifests, service exposure, storage and networking fundamentals, security and RBAC, as well as OpenShift-specific features such as routes, projects, SCCs, and integrated tooling. It also addressed basic CI/CD concepts, monitoring, troubleshooting, and best practices for running workloads in enterprise environments.
2026-02 – 2026-02
Followed a professional training on Open Policy Agent (OPA) with Orsys, focusing on the principles of Policy as Code and externalized authorization. The training covered OPA architecture, policy evaluation workflows, and hands-on development of declarative policies using the Rego language, including policy testing, API-based integration, and policy distribution. It also addressed the use of OPA in cloud-native and microservices environments, governance considerations, and best practices for secure, scalable policy enforcement.
2025-07 – 2025-08
Followed a training on virtualization with Microsoft Hyper-V and VMware vSphere, covering virtualization fundamentals, hypervisor architectures, and virtual machine lifecycle management. The training included hands-on configuration of virtual machines, virtual networking and storage, snapshots and templates, as well as high availability concepts such as live migration, clustering, HA, and resource management. It also addressed administration, backup strategies, monitoring, troubleshooting, and best practices for operating virtualized infrastructures in enterprise environments.
2024-04 – 2024-04
Followed a professional training on Keycloak and Identity & Access Management (IAM) with Orsys, covering the fundamentals of authentication and authorization, Keycloak architecture, and supported protocols (OAuth2, OpenID Connect, SAML). The training included hands-on configuration of realms, users, roles, groups, and clients, implementation of SSO and MFA, identity federation with external providers (LDAP/AD), token management and claims mapping, as well as best practices for securing and integrating web applications and APIs in enterprise environments.
2025-05 – 2025-05
Followed a professional training on F5 BIG-IP Application Delivery Controller with Orsys, covering the fundamentals of load balancing and application traffic management at layers 4 and 7. The training included hands-on configuration of virtual servers, pools, health monitors, persistence mechanisms, SSL offloading, traffic optimization profiles, high availability concepts, and an introduction to iRules, as well as monitoring, troubleshooting, and best practices for operating BIG-IP in enterprise environments.
2021-01 – 2022-08
7-month intensive DevOps specialization
1998-01 – 2001-12
Curso Técnico Superior Profissional de Informática de Gestão
Last updated: