Philip Nordquist

Platform and DevSecOps engineer in Mantorp, Sweden. I build and run cloud platforms, security operations, and deep networking, plus the automation around them.

Currently at STIM, working on the Kubernetes platform and Sentinel detections. Previously at ExpressVPN, working on global VPN infrastructure and protocol-level countermeasures.

GitHub LinkedIn Email Resume

Experience

DevSecOps Engineer Nov 2023 – Present

STIM · Stockholm

Building the internal Kubernetes platform, security detections on Sentinel, and an LLM agent that helps triage incidents, plus day-to-day SOC engineering, incident investigation, and certificate management.

– Built the internal Kubernetes platform end-to-end with Terraform, Ansible, and custom Python automation, with ArgoCD/GitOps for cluster addons. Cut new-cluster provisioning from days to under 20 minutes
– Implemented enterprise SIEM and detection workflows on Microsoft Sentinel, reducing security alert MTTD from days to minutes

Staff Operations Engineer Apr 2021 – Jul 2023

ExpressVPN · Hong Kong / Remote

Operations tech lead for the Keys launch and weekly releases across 3,000+ VPN servers, with hands-on VPN traffic engineering (packet capture, proxy/obfuscation configs, traffic analysis, and IP/route management including BGP) as part of a larger engineering team.

– Technical owner for the global launch of ExpressVPN Keys; defined operational readiness, support model, and sub-15-minute cross-region failover design
– Reverse-engineered how adversarial networks fingerprinted and blocked VPN traffic, then shipped continuous protocol-level countermeasures (proxy protocols, packet obfuscation) that kept the service reachable in heavily censored regions

Senior Cloud & Infrastructure Engineer Apr 2019 – Apr 2021

ExpressVPN · Hong Kong

Designed and deployed the corporate network across offices, built out Zero-Trust controls, automated identity management, and set up secure remote work for 1,000+ staff when COVID hit.

– Designed and led the deployment of the corporate network across offices (firewalls, switching, and routing) with Zero-Trust controls on Palo Alto firewalls
– Automated IAM for 200+ SaaS apps through Okta, cutting provisioning time by 90%

IT Infrastructure & Operations Manager Sep 2017 – Apr 2019

Universum · Stockholm

Led IT operations and reliability for the Stockholm HQ and satellite offices in New York, London, Singapore, Shanghai, Germany, and Switzerland.

– Owned technical due diligence and the G Suite to O365 migration during M&A
– Drove GDPR readiness through technical controls and data governance

IT Engineer Sep 2015 – Sep 2017

ExternIT · Stockholm

Server infrastructure and network configuration for various client environments.

Support Engineer Oct 2014 – Sep 2015

Binero · Stockholm

Technical support for web hosting, DNS, and email.

Education

Högskolan i Skövde 2011 – 2014

Computer Game Development, coursework

Linköpings Universitet 2008 – 2011

Communication, Media & Society, coursework

Day to day

Mostly Kubernetes, Terraform, and CI/CD pipelines, with Prometheus and Grafana close by, plus a fair bit of security and incident work. When something needs automating I reach for Python, Go, or Bash, and bring in an LLM where it genuinely helps. Outside work, I build small AI and trading tools for my own use: MCP servers, agent tooling, that kind of thing.