My Work
Multiple production engagements · FinTech · Capital Markets · Enterprise SaaS · Internal Infrastructure
Live production work — FinTech, investment management, capital markets & enterprise SaaS
- Cross-region AWS migration (EC2, RDS, 10+ CRONs) with zero data loss
- S3 + CloudFront UI · ALB + Dockerised FastAPI · WAF + Route 53
- Full DevSecOps pipeline: Gitleaks → SonarQube → Trivy → deploy
- Migrated 5 apps to dedicated AWS account — ALB + WAF, ACM SSL, Nginx
- Jenkins pipelines with GitLab webhook triggers and .env injection
- Prometheus + Grafana + Uptime Kuma; monthly SLA reports to client
- Monolith → multi-tier: EC2 API, RDS (private subnet), S3 + CloudFront UI
- Resolved JVM OutOfMemoryError; CloudWatch Logs for dev access without SSH
- Jenkins CI/CD + Prometheus/Grafana with threshold-based email alerting
- EC2 deployment: PostgreSQL, per-bucket IAM S3 creds, Lambda + VPC
- Jenkins pipeline: Gitleaks → SonarQube → Trivy; auto-fail on violations
- WordPress migration to AWS EC2; WAF via ALB; AWS SES integration
- 6 production apps; migrated one to S3 + CloudFront serverless architecture
- Responded to 3 live injection attacks — forensic recovery, server hardening
- GuardDuty org-wide; detected crypto-mining High-severity finding; isolated EC2
- IAM governance, EC2 scheduling (EventBridge), cost anomaly RCA
- Windows Server DR from snapshot; resolved MS Office licensing (prod down 9h+)
- Bitbucket → GitLab migration; full KT + zero-downtime handover to vendor
Organisation-wide DevSecOps standards, observability, cost engineering & hybrid infrastructure
- Rolled out 4-layer security pipeline across 5+ production applications
- Secrets Manager replaces all plaintext .env files; ECR rejects CVE images
- MS Teams + email alerts per stage: build · scan · violation · deploy
- Replaced paid Bitbucket; migrated 20+ repos preserving full commit history
- Automated S3 backups (daily 30-day + monthly permanent); EC2 auto start/stop
- 15+ developer accounts; GitLab webhooks driving all Jenkins pipelines
- Benchmarks: $1,900→$1,000 · $1,200→$200 · $500→$250
- EC2 scheduling (15+ servers) · EBS gp2→gp3 · orphaned resource cleanup
- RI + Savings Plan procurement; monthly Cost Reports for management
- Pipelines for dev, UAT, and prod — 80% reduction in deployment time
- Branch-based GitLab triggers; zero-downtime Docker rolling deployments
- M365 SSO integration; Python + Jenkins automated SSL expiry reporting
- ALB + WAF with managed rule sets; iterative tuning to eliminate false positives
- Rebuilt Active Directory (7 systems) within 2 days after security compromise
- Onboarded Plerion CNAPP; GuardDuty org-wide; crypto-mining incident response
- Prometheus + Grafana dashboards; email alerts on CPU/disk/memory thresholds
- Uptime Kuma for 40+ URLs/SSL; Python + Jenkins weekly cert expiry reports
- CloudWatch Logs for devs; EventBridge + Lambda server state notifications
- Built multi-node Proxmox VE cluster using office hardware — zero cloud spend for UAT
- GajShield firewall integration for secure internet-facing app exposure
- AWS Site-to-Site VPN in progress for hybrid connectivity to AWS VPC
Hands-on learning — Kubernetes, CI/CD pipelines & AWS automation
EKS deployment with VPC, ALB, and Ingress Controller — advanced Kubernetes networking and AWS integration.
React + Node.js + MongoDB three-tier app deployed with Docker on AWS EC2 following multi-tier architecture best practices.
Jenkins pipeline with Docker, SonarQube, Trivy, and Gradle for automated build, security scan, and deployment on EC2.
Shell script using AWS CLI + jq to display EC2, S3, IAM, and RDS resource details — automated cloud visibility tool.
Bash script monitoring CPU, memory, and disk on AWS nodes — proactive detection of resource bottlenecks.
Scheduled Lambda function that removes unattached EC2 snapshots automatically — serverless cloud cost hygiene.