Cloud, Security & Platform Engineering

Professional Services

What I Offer

Enterprise Cloud Architectures · DevSecOps · Full-Stack Engineering

12+Years Experience
3Cloud Platforms
FIFA '26Peak-load proven
20+Certifications
Multi-regionActive-active architecture

As a Senior Cloud Platform Engineer and Full-Stack Engineer with 12 years of experience, I design and deliver enterprise-grade, compliant, highly available cloud architectures. I have delivered mission-critical platforms that withstood the peak traffic of the FIFA World Cup 2026 and a third-party DDoS resilience test — with measurable reliability and cost optimization.

I specialise in multi-cloud and hybrid environments (GCP, AWS, Azure), with Infrastructure as Code, zero-trust, and automated compliance. I ensure scalability, regulatory alignment (e.g. GDPR, ISO 27001) and resilience across distributed systems.

I implement Security as Code, advanced vulnerability scanning, threat modelling and CI/CD hardening, aligned with NIST, CIS Benchmarks, OWASP and other standards.

Current Tech Stack

DevOps & Cloud Architecture

GCP (primary)AWSAzureKubernetesArgoCDHelmIstioCalicoTerraformOpenTofuConfig SyncAnsibleServerlessGitHub ActionsGitLab CIJenkins

Security & Policy Enforcement

GCP IAMIAM policy designWorkload IdentitySecret ManagerCloud KMSSecurity Command Center SCCHashiCorp VaultOrganization PolicyVPC Service ControlsOPA GatekeeperKyvernoIAPcert-managerZero Trust ArchitectureSIEMthreat detection and responsevulnerability managementGDPRISO 27001ISO 42001

Networking & API Management

ApigeeAPI GatewayCloud Load Balancing (Internal/External, Global/Regional)Cloud DNS (Public/Private)DNS PeeringCloud CDNCloud Armor WAFVPC design and segmentationShared VPCFirewall rulesPrivate Service ConnectPrivate Google AccessCloud NATCloud Router BGPHA VPN and InterconnectIngress and EgressMulti-Cluster IngressGateway APITLS and mTLSNetwork Policies CalicoService MeshIAP-secured access

Monitoring & Observability

OpenTelemetryPrometheusManaged Service for PrometheusGrafanaLokiTempoELK StackSplunk SIEMCloud MonitoringCloud LoggingLog-based MetricsAlerting PoliciesSLO/SLI DashboardsUptime ChecksCloud TraceCloud ProfilerError Reporting

Architectural Tools

Enterprise Architectdraw.ioVisioExcalidrawMiroFigmaCanvaAzure Resource Manager

Tools & Platforms

DockerDocker ComposeGitGitLabGitHubJiraConfluencePostmanSwaggerArgo CDHelmkubectlTerraformOpenTofuHashiCorp Vaultcert-managerK9s

Languages & Scripting

JavaScriptTypeScriptPythonGolangSQLBashZshGroovyHCLYAMLJSONRegoCEL

Infrastructure & Testing

TerratestKitchen Terraformk6LocustJMeterChaos MeshLitmusTrivyOWASP ZAP

Methodologies:

AgileScrumKanbanLESSTDDGitOpsDevSecOpsSRE principles

Mobile Development:

SwiftReact Native

ITSM (IT Service Management):

ServiceNowITIL practicesIncident/Problem/Change ManagementCMDBService CatalogRequest FulfillmentKnowledge BaseMajor Incident handlingRCA and post-incident reporting

Back-End

Python (FastAPI, Flask)Node.js (Express)GolangPostgreSQLRedisMongoDBAstraDBCloud Spanner (PostgreSQL/Cassandra)Cloud SQLMemorystore (Redis)Pub/SubFirestore (Datastore mode)

Front-End

ReactReduxTypeScriptNext.js

Cloud & DevSecOps

I design, implement, and secure multi-cloud, cloud-native architectures across AWS, GCP, and Azure — mission-critical platforms proven under FIFA World Cup 2026 peak load and a third-party DDoS resilience test, with measurable reliability and cost optimization.

  • Infrastructure as Code: Terraform, Pulumi, CloudFormation
  • GitOps and CI/CD: GitHub Actions, GitLab CI, Jenkins, Tekton with security gates
  • Policy as Code and governance: OPA Gatekeeper, Kyverno, Terraform Sentinel, organization policies
  • Kubernetes platform engineering: Docker, Kubernetes, Helm, Istio, Linkerd, Calico
  • Observability: OpenTelemetry, Prometheus, Grafana, Loki, Tempo, ELK
  • Zero Trust and identity: fine-grained IAM, workload identity, secrets management
  • Serverless: Google Cloud Functions, AWS Lambda, Azure Functions
150+Enterprise cloud deployments delivered
100%Uptime at FIFA World Cup 2026 peak
50+Secure CI/CD pipelines automated
12K+req/s sustained peak on Global External Load Balancer

Front-End Web Development

I architect and build high-performance, accessible, responsive web applications with React, Astro, Next.js, and TypeScript, designed for scalability, maintainability, and seamless integration with cloud-native APIs and services.

  • React, Astro, Next.js, TypeScript and JavaScript with advanced state management, Redux
  • CI/CD: automated build, testing, and deployment
  • Performance: Core Web Vitals, lazy loading, code splitting
  • Accessibility: WCAG 2.1 AA, semantic HTML, ARIA
  • Responsive UI: Tailwind CSS, MUI, and custom design systems
  • Front-end security: OWASP practices, CSP, secure cookies
Core Web VitalsAll green · Lighthouse 100 (this site)
100Accessibility, Best Practices & SEO
WCAG 2.1 AAAccessible & keyboard-navigable

Back-End Web Development

I design and implement scalable, secure, cloud-native backend systems with Node.js, Python, and Golang, containerized with Docker and Kubernetes, and engineered for performance and reliability.

  • Enterprise microservices: service discovery, scaling, fault tolerance
  • High-performance Golang services for distributed systems
  • Database performance optimization: PostgreSQL, MongoDB, Redis
  • Event-driven architectures: Kafka, RabbitMQ, Pub/Sub
  • Authentication and authorization: OAuth 2.0, JWT, SSO, RBAC
  • APIs: REST, GraphQL, gRPC with clear versioning
  • Cloud-native and serverless patterns: Cloud Functions, AWS Lambda, Azure Functions
  • CI/CD automation: testing, linting, security scanning
  • Resilience patterns: circuit breakers, retries, graceful degradation
OAuth2 · RBACZero-Trust auth (OAuth2, JWT, SSO, RBAC)
0Critical incidents in production
20×Latency cut via root-cause fix (500ms → 24ms)

Selected Enterprise Delivery Highlights

Selected delivery outcomes from large-scale Deutsche Telekom platform work across multi-region GKE, cloud security, GitOps automation, and production reliability.

  • Operated a mission-critical multi-region GKE platform for a global enterprise that sustained FIFA World Cup 2026 peak traffic
  • Sustained 12,000+ req/s peaks via Global External Application Load Balancer across multi-backend active-active topology, independently validated through external DDoS resilience testing covering volumetric and application-layer attack scenarios
  • Built and modernized multi-region GKE platforms (DEV/PROD/SANDBOX), including Argo CD management clusters, workload clusters, and cross-region rollout patterns
  • Implemented enterprise GitOps at scale: Argo CD, Config Sync, dedicated infra repositories, reusable CI templates, and environment-driven tfvars workflows
  • Designed and migrated internal/external HTTPS load balancing with Cloud Armor in multi-cluster topologies, including policy hardening, Adaptive Protection, and incident tuning
  • Delivered secure access architecture for developers: OIDC/WIF, IAP jump-host patterns, least-privilege IAM, group-based access, and audited access flows
  • Led platform data-layer engineering with Cloud Spanner (PostgreSQL/Cassandra adapter), Memorystore Redis Cluster, Astra DB over PSC, CMEK and backup strategy
  • Implemented certificate lifecycle improvements: Google-managed certs, TeleSec ACME automation, cert-manager flows, DNS validation, and TLS policy hardening (HSTS, cipher controls)
  • Migrated critical network and security controls from manual ops to Terraform + CI/CD (Cloud Armor, firewall baselines, address groups, external LB modules) for DEV and PROD parity
  • Improved operational excellence through runbooks and deep-dive guides (Cloud Armor, Multi-Cluster, VPC Firewall, incident response), plus on-call readiness and RCA support

Security & Compliance Outcomes

  • Platform withstood independent external DDoS resilience stress-testing across multiple attack categories — volumetric SYN/ACK floods, high-bandwidth traffic bursts, TCP connection exhaustion, and application-layer HTTP floods — with Cloud Armor WAF and Global External Load Balancing maintaining full service availability throughout
  • PSA and policy control alignment across cloud services, with implementation patterns mapped into platform delivery
  • IAM hardening with least-privilege roles, Workload Identity/WIF, group-based access, and reduced long-lived credential exposure
  • TLS policy hardening on load balancers: deprecated protocol removal, stronger cipher posture, and HSTS enablement
  • Cloud Armor and WAF tuning with targeted exclusions and policy refinement to reduce false positives while preserving protection
  • Security-as-Code rollout via Terraform/OpenTofu and CI/CD for repeatable controls in DEV and PROD
  • Operational security maturity through incident runbooks, troubleshooting guides, RCA support, and on-call readiness improvements

Why Choose Me?

Architect-level expertise: scalable, fault-tolerant, cloud-native backend systems

Real-time data and event streaming: Kafka, RabbitMQ, Pub/Sub

Performance improvements: measurably reduced response times through tuning and database optimization

Root-cause debugging: identified a hidden bottleneck and cut request latency from 500ms to 24ms (20× faster)

Cost optimization: cut infrastructure spend by modernizing and right-sizing legacy platforms

Legacy modernization: debugging, refactoring, and risk-controlled migration

Clear communication: leads cross-functional teams and delivers on time

Security-focused engineering: maintainable code aligned with OWASP and CIS

Additional Services

Legacy-to-cloud migration and modernization

Moving legacy and on-prem systems to GCP, AWS, or Azure with a risk-controlled, phased plan — containerization, re-platforming, and Infrastructure as Code — with zero-downtime cutover and measurable cost and reliability gains.

Cloud architecture consulting and platform strategy

Reducing cloud spend, improving scalability and reliability, and aligning with security and compliance requirements.

Security-focused code review and team mentoring

Improving code quality, secure-by-design practices, and delivery reliability via standards, automation, and CI/CD hygiene.

UI engineering and UX improvements

Building accessible, responsive, performance-driven interfaces with measurable usability and Core Web Vitals gains.