Philip Nordquist

Platform and DevSecOps engineer in Mantorp, Sweden. I build and run cloud platforms, security tooling, and the automation around them. Recently focused on applying LLM agents to security operations, incident triage, and internal automation.

Currently at STIM, working on the Kubernetes platform, Sentinel detections, and an LLM triage layer over incidents. Previously at ExpressVPN, working on global VPN infrastructure and protocol-level countermeasures.

GitHub LinkedIn Email Resume
Experience
DevSecOps Engineer Nov 2023 – Present
STIM · Stockholm

Building the internal Kubernetes platform, security detections on Sentinel, and an LLM triage layer over incidents.

  • Built the internal Kubernetes platform end-to-end with Terraform, Ansible, and custom Python automation, with ArgoCD/GitOps for cluster addons. Cut new-cluster provisioning from days to under 20 minutes
  • Implemented enterprise SIEM and detection workflows on Microsoft Sentinel, reducing security alert MTTD from days to minutes
Staff Operations Engineer Apr 2021 – Jul 2023
ExpressVPN · Hong Kong / Remote

Operations tech lead for product launches, protocol-level anti-censorship work, and weekly releases across 3,000+ VPN servers.

  • Technical owner for the global launch of ExpressVPN Keys; defined operational readiness, support model, and sub-15-minute cross-region failover design
  • Reverse-engineered how adversarial networks fingerprinted and blocked VPN traffic, then shipped continuous protocol-level countermeasures (proxy protocols, packet obfuscation) that kept the service reachable in heavily censored regions
Senior Cloud & Infrastructure Engineer Apr 2019 – Apr 2021
ExpressVPN · Hong Kong

Built out Zero-Trust networking, automated identity management, and set up secure remote work for 1,000+ staff when COVID hit.

  • Put together a Zero-Trust network model using Palo Alto firewalls
  • Automated IAM for 200+ SaaS apps through Okta, cutting provisioning time by 90%
IT Infrastructure & Operations Manager Sep 2017 – Apr 2019
Universum · Stockholm

Led IT operations and reliability for the Stockholm HQ and satellite offices in New York, London, Singapore, Shanghai, Germany, and Switzerland.

  • Owned technical due diligence and the G Suite to O365 migration during M&A
  • Drove GDPR readiness through technical controls and data governance
IT Engineer Sep 2015 – Sep 2017
ExternIT · Stockholm

Server infrastructure and network configuration for various client environments.

Support Engineer Oct 2014 – Sep 2015
Binero · Stockholm

Technical support for web hosting, DNS, and email.

Education
Högskolan i Skövde 2011 – 2014

Computer Game Development, coursework

Linköpings Universitet 2008 – 2011

Communication, Media & Society, coursework

Day to day

Mostly Kubernetes, Terraform, and CI/CD pipelines, with Prometheus and Grafana close by. A growing share of the work is wiring LLM agents into operational workflows — alert triage, runbooks, and the boring parts of incident response — using OpenAI, Anthropic, and Gemini APIs alongside MCP and human-in-the-loop patterns. When something needs automating, I reach for Python, Go, or Bash depending on what fits. Outside work, I build small AI and trading tools for my own use.

© 2026 Philip Nordquist