Fitra Maulana
>Cloud & Infrastructure Engineer
Fresh graduate in Internet Engineering Technology from Universitas Gadjah Mada (GPA 3.71). I design and evaluate High Availability systems, distributed data streaming, and infrastructure automation — from on-premise virtualization to cloud deployment.
about
I am a fresh graduate with strong interest in cloud infrastructure, distributed systems, and cybersecurity. Throughout my studies, I actively pursued internship programs to build hands-on experience in production environments — from physical data centers to distributed cloud infrastructure.
My experience covers the design of High Availability architectures (Proxmox VE, NGINX load balancers, PostgreSQL streaming replication, Apache Kafka multi-broker clusters), integration of infrastructure monitoring (Prometheus & Grafana), and security hardening on Linux servers.
My final project earned a grade of A, demonstrating an HA system with 100% availability during failover tests and Zero Data Loss on Kafka — all running on limited hardware specs, proving the efficiency of the architecture I designed.
This website itself is a direct demonstration: deployed to AWS in a fully automated way via Terraform + GitLab CI/CD. Every commit to main triggers a pipeline: build → deploy → CloudFront invalidation — all within ~2 minutes.
Universitas Gadjah Mada · 2022–2026
GPA 3.71 / 4.00
Open: on-site · hybrid · remote
experience
Cloud & Infrastructure Engineer Intern
Designed and implemented a Proof of Concept for an on-premise High Availability architecture powering the company's internal platform — from load balancing to distributed messaging.
- ▸Designed an HA architecture with NGINX load balancing + multiple Node.js backend servers — achieving 100% service availability during failover tests
- ▸Configured PostgreSQL primary-replica streaming replication with average latency of 2.32 ms and fail-safe protection against split-brain
- ▸Deployed an Apache Kafka multi-broker cluster with Zero Data Loss guarantee (transient lag max 2 messages during network instability)
- ▸Built Prometheus + Grafana monitoring stack — scrape duration <360ms (JMX Kafka), <50ms (other exporters)
- ▸Applied security hardening: SSH configuration, reverse proxy isolation, service-level separation
- ▸Conducted stress testing & failover simulations to validate infrastructure resilience
- ▸Produced comprehensive technical documentation & architecture diagrams for handover
IT & Ticketing Facilities Intern
Supported IT operations for Indonesia's first high-speed rail project (Whoosh) — focused on monitoring mission-critical systems at Halim Station.
- ▸Conducted routine inspections of IT infrastructure & operational support systems at Halim Station
- ▸Monitored data center facilities, ticket vending machines, gate systems, and passenger information displays
- ▸Assisted in troubleshooting & maintenance of mission-critical operational devices
- ▸Prepared daily technical reports with issue identification & corrective action recommendations
Technician Intern
Gained end-to-end experience in hosting & domain service provider operations — from provisioning to security mitigation for production clients.
- ▸Managed & maintained client hosting infrastructure to improve uptime & performance
- ▸Optimized server configurations to enhance reliability & response time
- ▸Assisted in implementing web security solutions to mitigate cyber attack incidents
- ▸Collaborated with development teams to improve hosting control panel usability
projects
Final Project — Grade A
My final project, "Design, Implementation, and Performance Evaluation of a High Availability Infrastructure Proof of Concept (PoC) based on Proxmox VE," with a case study at PT Global Intermedia Nusantara. This research designed, implemented, and evaluated an HA architecture integrating 5 core components: virtualization, load balancing, database replication, distributed messaging, and observability — all running on limited hardware (Intel i7-7567U, 16GB RAM).
- ▸100% service availability during NGINX failover test (Round Robin, seamless failover)
- ▸PostgreSQL replication latency averaging 2.32 ms with fail-safe protection
- ▸Kafka Zero Data Loss — maximum transient lag of only 2 messages, auto-recovery ~30s
- ▸Minimal monitoring overhead: scrape <360ms (JMX Kafka), <50ms (other exporters)
- ▸Resource efficient: CPU 27.8%, System Load 49.5% (I/O-bound accurately detected)
- ▸Conclusion: the PoC proved feasible & reliable for production on constrained hardware
fitramaulana.my.id
This portfolio website itself. Deployed to AWS in a fully automated way using Terraform and GitLab CI/CD. Every git push to main triggers a pipeline: build Next.js → terraform apply → sync to S3 → invalidate CloudFront — all within ~2 minutes. Designed as proof-of-work for end-to-end DevOps capabilities.
- ▸Static site hosting with S3 + CloudFront global CDN
- ▸HTTPS via AWS Certificate Manager with automated DNS validation
- ▸Terraform remote state on S3 + DynamoDB locking (team-ready best practice)
- ▸Automated deployment pipeline with GitLab shared runner
- ▸Security: Origin Access Control — S3 bucket fully private
- ▸Zero-cost hosting (within AWS Free Tier limits)
Serverless Ticket Queueing System
A serverless architecture solving the ticket war problem — preventing server crashes and overselling when thousands of users hit 'Buy' simultaneously. API Gateway integrates directly with SQS (no Lambda in hot path), ensuring the API stays responsive under any load. All infrastructure provisioned via Terraform, deployed via GitHub Actions CI/CD.
- ▸Zero overselling: 200 concurrent requests, exactly 100 confirmed — via DynamoDB atomic conditional update
- ▸290 req/s sustained throughput, 0.00% error rate across 7,251 requests (Locust load test, 30s)
- ▸P99 response time 150ms — API Gateway responds in <50ms, processing offloaded async to Lambda
- ▸Dead Letter Queue + 3x retry — failed messages escalated via CloudWatch alarm
- ▸Full observability: 5-panel CloudWatch dashboard (queue depth, Lambda invocations, DLQ, errors)
- ▸19 AWS resources provisioned via Terraform — S3 remote state, GitHub Actions auto-deploy on push to main
Stats diperbarui otomatis setiap 5 detik. Arsitektur: API Gateway → SQS → Lambda → DynamoDB.
Cyber Attack Monitoring System
Industrial Practice Project at PT TechnoGIS Indonesia focused on cyber attack simulation and penetration testing against a Snort-based Network Intrusion Detection System (NIDS) on Ubuntu Server. Contribution covers full network topology design, Mikrotik router infrastructure setup, and end-to-end execution of attack scenarios to validate the detection system's effectiveness.
- ▸Designed network topology and configured Mikrotik hAP router — wireless bridging, DHCP server, NAT masquerade, and firewall rules — as the complete test network infrastructure
- ▸Executed 4 Nmap scanning techniques (Basic, TCP ACK, FIN, Null Scan) to map open ports and probe firewall filtering behavior on the target Ubuntu Server
- ▸Simulated 3 DoS attack vectors via Hping3 — SYN flood, ICMP flood, and UDP flood — validating Snort threshold-based detection rules under high-traffic conditions
- ▸Validating 8 attack vectors end-to-end: Snort detection rate 100%, Wireshark packet analysis effectiveness 96%
skills
Cloud & Virtualization
- $AWS (S3, CloudFront, ACM, IAM, EC2, DynamoDB)
- $Proxmox VE (LXC, KVM, cluster)
- $Terraform (IaC, remote state)
- $Docker
- $MikroTik CHR
- $Amazon SQS + Lambda (Event-Driven)
- $GitHub Actions
DevOps & Automation
- $GitLab CI/CD
- $Git / GitOps workflow
- $Network Automation
- $Bash / Zsh scripting
- $NGINX (reverse proxy, load balancer)
- $HAProxy
- $Systemd service management
Data & Backend
- $PostgreSQL (streaming replication, tuning)
- $Apache Kafka (multi-broker, JMX)
- $Node.js
- $Python (scripting, data viz)
- $REST APIs
- $Big Data fundamentals
Monitoring & Security
- $Prometheus + Grafana
- $Node/JMX Exporters
- $Linux security hardening
- $Cisco CyberOps methodology
- $Network security (CCNA-level)
- $Infrastructure security audit
education
D4 Internet Engineering Technology
The D4 curriculum focuses on direct application of modern internet technologies — covering cloud computing, network automation, cybersecurity, distributed systems, and IoT. Final project awarded grade A (6 credits).
# certifications
leadership
Event Lead — Environmental Action
Led a reforestation program as part of Campus Boys UGM's 9th Anniversary. Coordinated 50 volunteers to plant 200 Tabebuya trees across an 810-meter area on the slopes of Mount Merapi, in partnership with Sekolah Air Hujan Banyu Bening and Umbulharjo Village Government.
Digital Transformation Facilitator
Spearheaded the village's digital tranformation initiative. Structured the official information portal from scrath and conducted capacity-building training for local government staff, empowering them to independently manage and sustain their village information system
Security Division Coordinator
Led the event security team, developed contingency plans & emergency response procedures, and coordinated with organizers & external parties to ensure participant and audience safety.
Deputy Security Division Coordinator
Managed physical security & access control at a national cybersecurity competition, ensuring a conducive environment for CTF participants.
Let's build reliable systems together.
I am looking for opportunities as a Cloud Engineer, DevOps Engineer, Site Reliability Engineer, or Network Engineer. Open to on-site, hybrid, or remote — feel free to reach out for technical discussion, collaboration, or job opportunities.