> Resume

Liam Gamache

Infrastructure Engineer with 10+ years across IT/OT, cloud, and IaC. Currently building fusion-energy infrastructure at Commonwealth Fusion Systems.

Download Resumeliam@gamache.devinLinkedIn📍NH

Experience

OT Infrastructure Engineer

Commonwealth Fusion Systems

Jul 2023 – PresentCurrent
  • Designed and built a new 150,000 sqft science facility from the ground up. Fully redundant networking across two buildings, a cross-site VMware vSphere cluster, and async-replicated Pure Storage arrays for site-level disaster recovery.
  • Primary technical owner for OT infrastructure across HQ, the science facility, and two manufacturing plants (5 vSphere clusters under a unified vCenter). Main escalation point for plant-floor connectivity and industrial controls.
  • Manage plant-floor infrastructure for a 100,000 sqft factory and a secondary manufacturing plant. Partner with controls engineers on Ignition SCADA integration, IT/OT network segmentation, and PROFINET/EtherCAT PLC rollouts.
  • Oversee physical security across HQ and science facilities: 300+ Genetec cameras and integrated badge access control.
  • Safeguard vSphere workloads with Veeam backups paired with Pure SafeMode snapshots for immutable ransomware protection and rapid cross-site recovery.

Infrastructure Engineer

Commonwealth Fusion Systems

Apr 2022 – Jul 2023
  • Built the greenfield network for a new 100,000 sqft factory. Dedicated firewalls, core/access switching, industrial WiFi, and DIN-rail switches supporting plant-floor PLCs.
  • Designed and executed the network architecture for a new 50,000 sqft corporate HQ housing ~1,000 employees, including a clean cutover and decommissioning of the legacy office.
  • Deployed and managed a ~200-MacBook corporate fleet via Jamf Pro integrated with CrowdStrike Falcon EDR. Automated provisioning, configuration profiles, and endpoint compliance.
  • Administered Okta as the sole, cloud-native identity provider (zero Active Directory footprint), orchestrating SAML, OIDC/OAuth, and SCIM provisioning across the entire SaaS portfolio alongside Google Workspace and Zoom Phone/Rooms.

Cloud Engineer (Platform Team)

IDEMIA

Jun 2021 – Apr 2022
  • Authored and maintained modular Terraform stacks within a 7-person platform team, delivering repeatable multi-tenant and single-tenant AWS environments for global customers.
  • Developed Ansible playbooks delivered via AWX to automate bootstrapping, configuration, and scaling of software on AWS Auto Scaling Groups.
  • Operated Okta tenants for both Commercial and FedRAMP populations: complex SAML/OIDC integrations, automated SCIM lifecycle management, and strict access policies.
  • Engineered vulnerability management workflows with Tenable.io to scan, triage, and remediate risks across the cloud estate.
  • Streamlined security operations by integrating AWS and Okta logs into Splunk, giving the SOC a single pane of glass for cloud events.

Systems Engineer

IDEMIA

Nov 2019 – Jun 2021
  • Operated enterprise vSphere and Hyper-V clusters totalling 1,000+ VMs for production workloads. Managed full backup lifecycles via Veeam.
  • Migrated 2,300 users from legacy on-premises Exchange and Lync to Office 365 and Teams. Configured SPF, DKIM, and DMARC to harden email for the cutover.
  • Modernized mobile device and endpoint management by migrating the global fleet off MobileIron and onto Microsoft Intune.
  • Strengthened corporate security posture by deploying VMware Carbon Black EDR across all workstations and servers, and removing local administrator rights organization-wide.
  • Executed a 350-user tenant-to-tenant Office 365 migration and deployed AWS WorkMail for an additional 400 users.

Systems Administrator

IDEMIA

Mar 2017 – Nov 2019
  • Administered critical tier-1 application servers (Great Plains, CRM, Unanet, and proprietary apps) under strict compliance and corporate security policies.
  • Managed Microsoft SQL Server databases: query optimization, granular permissions, and cluster-side installations across QA and production environments.
  • Maintained IIS web frontends and managed formal Change Requests for enterprise application deployments.
  • Deployed and configured cloud infrastructure within Azure to support high-availability application hosting.

Projects

Flagship ProjectAlways On

Homelab — Personal Infrastructure-as-Code Platform

End-to-end GitOps homelab on a 3-node Proxmox HA cluster. Packer → Terraform → Ansible via GitHub Actions, OPNsense with 10 segmented VLANs, WireGuard, step-ca PKI, Authentik SSO, and a full Prometheus / Loki / Grafana / Alertmanager stack. All secrets via 1Password CLI; pre-commit + CI scanning with Gitleaks, Checkov, and TFLint.

ProxmoxTerraformAnsiblePackerOPNsenseAuthentikPrometheus
See all projects

Technical Skills

Virtualization

VMware vSpherevCenterHA / vMotionMicrosoft Hyper-VProxmox VE (KVM/LXC)XCP-NG

Storage & Backup

Pure StorageAsync ReplicationSafeModeDell UnityTrueNAS SCALE (ZFS)VeeamProxmox Backup Server

Networking

FortinetJuniperJuniper MistAruba ClearPass (802.1X/NAC)CiscoOPNsenseBGPIPsec/WireGuardVLAN designTCP/IP (IPv4/IPv6)

OT & Industrial

Ignition SCADASiemens PLCsBeckhoff PLCsPROFINETEtherCATThinManagerIT/OT SegmentationDIN-rail Switching

Physical Security

Genetec Video SurveillanceGenetec Access Control

Cloud & Identity

AWSAzureOkta (Commercial + FedRAMP)AuthentikGoogle WorkspaceMicrosoft 365Zoom Phone/Rooms

IaC & Automation

TerraformPackerAnsibleGitHub ActionsGit

Containers

DockerDocker ComposeKubernetes (Rancher)

Observability

DatadogSplunkLogRhythmPrometheusGrafanaLokiAlertmanagerGrafana Alloy

Security & Endpoints

Microsoft IntuneJamf ProTactical RMMCrowdStrike FalconVMware Carbon Blackstep-ca PKITenable.ioGitleaksCheckov

OS & Scripting

Linux (Ubuntu/RHEL/CentOS)macOSWindows ServerPythonPowerShellBashHCLYAMLSQL