INITIALIZING
Auth Handshake 0%
~ ./deploy_infrastructure.sh

LOÏC
KALBERMATTER

Transforming complex infrastructure into seamless automation. Specialized in OpenShift, Golang, and building security-first architectures for the modern enterprise.

View Case Studies GitHub
Loïc Kalbermatter Portrait
The Philosophy

"Infrastructure should be an Enabler, not a Bottleneck."

In the modern enterprise, speed is currency. But speed without stability is chaos. My mission is to engineer systems where these two coexist. By treating Infrastructure as Code and automating every repetitive task, I allow development teams to focus on what matters: shipping features.

With a deep background in the highly regulated Swiss banking and telecommunications sector, I don't just build pipelines; I build trust. My architectures are secure by design, compliant by default, and resilient against failure.

SYSTEM_UPTIME
4.5
YRS
AUTO_COVERAGE
100
%

Kubernetes Native

Orchestrating complex microservices on OpenShift with enterprise-grade reliability.

High Performance

Custom Golang tooling to replace slow scripts with compiled, concurrent CLIs.

🔒

Security First

Automated compliance monitoring and OAuth2 integration for zero-trust environments.

📄

Docs-as-Code

Because documentation that isn't automated is documentation that is outdated.

Technical Arsenal

I don't just use tools; I master ecosystems. Here is the stack I leverage to build scalable enterprise solutions.

Platform

Online
OpenShift / K8s EXPERT
Docker / Podman CORE
RHEL / Linux CORE

Automation

Executing
~/go $ go build cli.go
[OK] Compiled in 0.4s
~/python $ ./deploy.py
Golang Python Ansible GitLab CI

Compliance

Auditing
Prometheus ACTIVE
GraphQL APIs SECURE
OAuth2 / OIDC ENFORCED
Core Protocols

Engineering Principles

Standard operating procedures for highly available enterprise systems.

PROTOCOL_01

GitOps Default

If it isn't in version control, it doesn't exist. I strictly enforce declarative infrastructure and application states using tools like ArgoCD and Flux, ensuring the Git repository is the absolute single source of truth for the entire cluster.

PROTOCOL_02

Zero Trust Architecture

In regulated environments like banking, implicit trust is a critical vulnerability. I design architectures that require strict authentication, automated token rotation, and strict authorization at every network boundary.

PROTOCOL_03

Relentless Automation

Manual intervention is a bug, not a feature. From high-performance Go-based CLIs to robust pipeline synchronizations, my goal is to engineer the toil out of the system. If a task has to be done twice, it gets scripted and automated.

Professional Journey

DevOps Engineer Running

Swisscom (Schweiz) AG

Aug 2024 — Present
Platform Engineering: Orchestrating enterprise-scale OpenShift clusters. Responsible for lifecycle management, zero-downtime upgrades, and performance tuning.
Tool Development: Engineering custom CLI applications in Golang to replace manual operations.
Compliance Automation: Built a monitoring system for GitLab Access Tokens using GraphQL APIs.

Apprentice IT Specialist Passed

Swisscom (Schweiz) AG

Aug 2021 — Jul 2024
Backend Development: Scalable microservices using NestJS, Next.js, and Java Spring Boot.
Security Initiatives: Researched digital security products and built a security-first SaaS prototype.

Engineering Impact

Security & Compliance

Automated Compliance Monitor

The Challenge

Manual auditing of hundreds of GitLab Personal Access Tokens was inefficient and posed a significant security risk in a regulated banking environment.

The Solution

Developed a high-performance Go microservice that queries the GitLab GraphQL API. It pushes real-time alerts to Prometheus/Alertmanager before expiration occurs.

The Impact

Eliminated token-related outages completely and reduced audit time from days to seconds.

Golang GraphQL Prometheus
GraphQL API
Prometheus ALERT
SEC_TOKEN_ACTIVE
git commit
Go Parser Syncing
Wiki API
Internal Tooling

Docu-to-Wiki Pipeline

The Challenge

Technical documentation lived in Git (Markdown) while business users relied on Confluence. Keeping them in sync was a manual, error-prone nightmare.

The Solution

Engineered a robust synchronization engine in Go. It clones repositories, parses Markdown structures, and updates the Wiki API intelligently (only changed pages).

Golang Confluence API
🖧

Enterprise HomeLab

Status: Running

A playground for chaos engineering. Running Proxmox, TrueNAS, and K8s clusters to test bleeding-edge tech safely.

#SelfHosting #K8s
🤖

Post-Mortem Bot

Listening (Webhook)

Automating the incident review process. Detects Opsgenie alerts and pre-generates Jira/Confluence incident reports.

#Automation #JiraAPI
>_

Opsgenie CLI

v1.2.0 Deployed

A CRUD terminal tool to manage on-call rotations programmatically, bypassing the slow UI for power users.

#DevEx #Golang
The Human Element

Behind the Terminal.

Beyond the YAML manifests and Go binaries, I am an engineer driven by genuine curiosity. Based in Biberist, Switzerland, I appreciate the traditional Swiss values of precision and reliability—principles I directly compile into my cloud architectures.

My journey started not just as a job, but as an obsession with how complex systems communicate. When I'm not orchestrating Kubernetes clusters for enterprise clients, I'm likely tearing down and rebuilding my own Homelab, contributing to open-source, or heading out into the Swiss nature to clear my cache.

loic@sys-profile:~
OS Arch Linux / macOS
Host Loïc Kalbermatter
Location Biberist, CH
Languages DE (Native), EN (Pro)
Editor Neovim / VSCode
Fuel ☕ ☕ ☕ ☕

Initiate Handshake.

Ready to bring enterprise-grade automation to your infrastructure? Establish a secure connection below.

root@kalbermatter.one:~
Connection established to kalbermatter.one on port 22.
Authentication successful. Welcome to the core system.
visitor@local:~$ ./send_message.sh --target="Loïc"
Execute Email Protocol Ping LinkedIn

© 2026 Loïc Kalbermatter

SESSION_UPTIME: 00:00:00

Node: Biberist-CH-01