As a Senior Cloud Platform Engineer and Full-Stack Engineer with 12 years of experience, I design and deliver enterprise-grade, compliant, highly available cloud architectures. I have delivered mission-critical platforms that withstood the peak traffic of the FIFA World Cup 2026 and a third-party DDoS resilience test — with measurable reliability and cost optimization.
I specialise in multi-cloud and hybrid environments (GCP, AWS, Azure), with Infrastructure as Code, zero-trust, and automated compliance. I ensure scalability, regulatory alignment (e.g. GDPR, ISO 27001) and resilience across distributed systems.
I implement Security as Code, advanced vulnerability scanning, threat modelling and CI/CD hardening, aligned with NIST, CIS Benchmarks, OWASP and other standards.
I design, implement, and secure multi-cloud, cloud-native architectures across AWS, GCP, and Azure — mission-critical platforms proven under FIFA World Cup 2026 peak load and a third-party DDoS resilience test, with measurable reliability and cost optimization.
Infrastructure as Code: Terraform, Pulumi, CloudFormation
GitOps and CI/CD: GitHub Actions, GitLab CI, Jenkins, Tekton with security gates
Policy as Code and governance: OPA Gatekeeper, Kyverno, Terraform Sentinel, organization policies
Zero Trust and identity: fine-grained IAM, workload identity, secrets management
Serverless: Google Cloud Functions, AWS Lambda, Azure Functions
150+Enterprise cloud deployments delivered
100%Uptime at FIFA World Cup 2026 peak
50+Secure CI/CD pipelines automated
12K+req/s sustained peak on Global External Load Balancer
Front-End Web Development
I architect and build high-performance, accessible, responsive web applications with React, Astro, Next.js, and TypeScript, designed for scalability, maintainability, and seamless integration with cloud-native APIs and services.
React, Astro, Next.js, TypeScript and JavaScript with advanced state management, Redux
CI/CD: automated build, testing, and deployment
Performance: Core Web Vitals, lazy loading, code splitting
Accessibility: WCAG 2.1 AA, semantic HTML, ARIA
Responsive UI: Tailwind CSS, MUI, and custom design systems
Front-end security: OWASP practices, CSP, secure cookies
Core Web VitalsAll green · Lighthouse 100 (this site)
100Accessibility, Best Practices & SEO
WCAG 2.1 AAAccessible & keyboard-navigable
Back-End Web Development
I design and implement scalable, secure, cloud-native backend systems with Node.js, Python, and Golang, containerized with Docker and Kubernetes, and engineered for performance and reliability.
Enterprise microservices: service discovery, scaling, fault tolerance
High-performance Golang services for distributed systems
Selected delivery outcomes from large-scale Deutsche Telekom platform work across multi-region GKE, cloud security, GitOps automation, and production reliability.
Operated a mission-critical multi-region GKE platform for a global enterprise that sustained FIFA World Cup 2026 peak traffic
Sustained 12,000+ req/s peaks via Global External Application Load Balancer across multi-backend active-active topology, independently validated through external DDoS resilience testing covering volumetric and application-layer attack scenarios
Built and modernized multi-region GKE platforms (DEV/PROD/SANDBOX), including Argo CD management clusters, workload clusters, and cross-region rollout patterns
Implemented enterprise GitOps at scale: Argo CD, Config Sync, dedicated infra repositories, reusable CI templates, and environment-driven tfvars workflows
Designed and migrated internal/external HTTPS load balancing with Cloud Armor in multi-cluster topologies, including policy hardening, Adaptive Protection, and incident tuning
Delivered secure access architecture for developers: OIDC/WIF, IAP jump-host patterns, least-privilege IAM, group-based access, and audited access flows
Led platform data-layer engineering with Cloud Spanner (PostgreSQL/Cassandra adapter), Memorystore Redis Cluster, Astra DB over PSC, CMEK and backup strategy
Implemented certificate lifecycle improvements: Google-managed certs, TeleSec ACME automation, cert-manager flows, DNS validation, and TLS policy hardening (HSTS, cipher controls)
Migrated critical network and security controls from manual ops to Terraform + CI/CD (Cloud Armor, firewall baselines, address groups, external LB modules) for DEV and PROD parity
Improved operational excellence through runbooks and deep-dive guides (Cloud Armor, Multi-Cluster, VPC Firewall, incident response), plus on-call readiness and RCA support
Security & Compliance Outcomes
Platform withstood independent external DDoS resilience stress-testing across multiple attack categories — volumetric SYN/ACK floods, high-bandwidth traffic bursts, TCP connection exhaustion, and application-layer HTTP floods — with Cloud Armor WAF and Global External Load Balancing maintaining full service availability throughout
PSA and policy control alignment across cloud services, with implementation patterns mapped into platform delivery
IAM hardening with least-privilege roles, Workload Identity/WIF, group-based access, and reduced long-lived credential exposure
TLS policy hardening on load balancers: deprecated protocol removal, stronger cipher posture, and HSTS enablement
Cloud Armor and WAF tuning with targeted exclusions and policy refinement to reduce false positives while preserving protection
Security-as-Code rollout via Terraform/OpenTofu and CI/CD for repeatable controls in DEV and PROD
Operational security maturity through incident runbooks, troubleshooting guides, RCA support, and on-call readiness improvements
Why Choose Me?
Architect-level expertise: scalable, fault-tolerant, cloud-native backend systems
Real-time data and event streaming: Kafka, RabbitMQ, Pub/Sub
Performance improvements: measurably reduced response times through tuning and database optimization
Root-cause debugging: identified a hidden bottleneck and cut request latency from 500ms to 24ms (20× faster)
Cost optimization: cut infrastructure spend by modernizing and right-sizing legacy platforms
Legacy modernization: debugging, refactoring, and risk-controlled migration
Clear communication: leads cross-functional teams and delivers on time
Security-focused engineering: maintainable code aligned with OWASP and CIS
Additional Services
Legacy-to-cloud migration and modernization
Moving legacy and on-prem systems to GCP, AWS, or Azure with a risk-controlled, phased plan — containerization, re-platforming, and Infrastructure as Code — with zero-downtime cutover and measurable cost and reliability gains.
Cloud architecture consulting and platform strategy
Reducing cloud spend, improving scalability and reliability, and aligning with security and compliance requirements.
Security-focused code review and team mentoring
Improving code quality, secure-by-design practices, and delivery reliability via standards, automation, and CI/CD hygiene.
UI engineering and UX improvements
Building accessible, responsive, performance-driven interfaces with measurable usability and Core Web Vitals gains.
Privacy & cookies
This site uses cookies to understand usage anonymously and improve the content. No optional cookies are set without your consent.Privacy Policy