Open to Opportunities
Nathan DuffSenior Cloud Platform Engineer
Senior cloud platform engineer with about a decade in software and cloud engineering. For the last six years I led a cloud environment control-plane platform from PowerShell and Azure Functions automation into a containerized, multi-region service used across the company. I author the technical roadmap, own the security and compliance posture, and mentor the engineers who build on it.
Remote / Metro Detroit, MI10+ Years ExperienceAzure Solutions Architect Expert
500+
Items Delivered
Jul 2021 - 2026
100+
Critical Incidents Resolved
Blocker-level production saves
29+
Releases Shipped
v3.x through v4.x
6+
Years at OneStream
Cloud Systems to Senior Engineer
Experience
2024 - Present Current
Senior Cloud Engineer
OneStream Software
- Authored and delivered the platform's v4 re-architecture, migrating HTTP-triggered Azure Functions to ASP.NET Core Minimal APIs on .NET 8 and moving compute onto Azure Container Apps and App Service
- Re-platformed long-running operations onto Durable Functions and introduced blue/green deployments, removing whole classes of stuck-job and downtime failures
- Own the platform security and compliance posture, including Snyk SCA and container scanning, code signing, Azure security baselines across 10+ services, and FedRAMP / Government-cloud readiness
- Author the platform roadmap (17+ epics), run weekly office hours, and built GoCOM, a self-service Go tool whose capabilities were adopted into the official platform
2021 - 2024
Cloud Developer
OneStream Software
- Re-platformed long-running operations from fragile queue-triggered functions to Durable Functions orchestrations with proper retry and status callbacks
- Resolved 100+ critical, blocker-level production incidents over this period while sustaining feature delivery
- Turned the platform API into a reusable control plane for multiple internal products, authenticated via Microsoft Entra ID and Managed Identity and integrated with ServiceNow
- Led the move from SonarQube to Snyk for supply-chain scanning and shipped across 29+ releases
2020 - 2021
Cloud Systems Engineer
OneStream Software
- Built the platform's first provisioning APIs and the PowerShell upgrade engine that automated install discovery, binary load, and database-schema upgrades
- Established the cross-tenant identity model where customer environments authenticate via their own Managed Identity tokens, the security cornerstone the platform still builds on
- Implemented Azure governance patterns and infrastructure as code with Terraform and Bicep that were adopted across the Cloud Engineering organization
2019 - 2020
DevOps Cloud Engineer
MercuryWorks
- Consulted with SMB and enterprise clients on Azure modernization and automation initiatives
- Automated Azure Pipelines builds, releases, and infrastructure changes for multi-team delivery
2015 - 2019
Software Engineer / DevOps Engineer
General Motors
- Owned release engineering for internal business applications and streamlined CI/CD with Azure DevOps and Pivotal Cloud Foundry
- Engineered automated deployment patterns for SharePoint and .NET web workloads
Technical Expertise
Cloud & Platform
Microsoft AzureContainer AppsApp ServiceAzure FunctionsDurable FunctionsAKS / KubernetesFront DoorAPI ManagementAzure SQLCosmos DBRedis
Infrastructure & DevOps
BicepTerraformAzure DevOpsGitHub ActionsDockerArgoCD / GitOpsCI/CDBlue/green deployments
Development
C# / .NET 8ASP.NET CoreGoPowerShellTypeScriptVue.jsSignalRREST APIs
Security & Compliance
DevSecOpsSnyk SCACode signingAzure security baselinesMicrosoft Entra IDManaged IdentityRBAC / PIMFedRAMP / Government cloudAzure MonitorLog Analytics
Certifications
Microsoft
Azure Solutions Architect Expert
Microsoft
Azure DevOps Engineer Expert
Microsoft
M365 Enterprise Admin Expert
Microsoft
Azure Administrator Associate
Education
Michigan State University
B.A. Communication, Minor in Information Technology
East Lansing, MI • 2012 - 2015
Let's build the next platform
Book time with Nate