8 years in infrastructure and cloud engineering, most recently focused on platform engineering in financial services. I build and operate the shared infrastructure layer — EKS clusters, GitOps workflows, CI/CD pipelines, and the security controls that sit across all of it.

I care about platforms that are self-service by design: engineering teams should be able to deploy confidently without needing to know what's underneath. I also care about security being enforced at the platform layer, not bolted on as an afterthought.

Open to Platform Engineer, SRE, and Cloud Infrastructure roles — FTE or contract, remote.

Production-grade EKS infrastructure with Terraform

Multi-environment (dev/staging/prod) AWS EKS platform built with reusable Terraform modules. Private endpoints, KMS secrets encryption, IMDSv2 enforcement, IRSA for least-privilege pod access, and a full GitHub Actions CI/CD pipeline with plan-on-PR.

Terraform AWS EKS KMS IAM/IRSA GitHub Actions VPC S3 Remote State

GitOps workload management with ArgoCD ApplicationSets

ApplicationSet-driven GitOps repo managing microservice deployments across three environments. Matrix generator auto-discovers services from directory structure — adding a new service requires zero ArgoCD changes. Includes Kustomize overlays, image promotion workflow, and manifest diff preview on PRs.

ArgoCD ApplicationSet Kustomize Kubernetes GitOps GitHub Actions Helm

OPA Gatekeeper admission control + Falco runtime detection

Full Kubernetes security layer implementing CIS Benchmark controls via OPA Gatekeeper (deny privileged containers, block host namespaces, enforce resource limits, require secure securityContext) and MITRE ATT&CK-mapped Falco rules for runtime anomaly detection. Includes operational runbooks for both tools.

OPA Gatekeeper Rego Falco eBPF CIS Benchmark MITRE ATT&CK CKS