Led Kubernetes infrastructure and AI architecture planning for a 15-person DevSecOps team, focusing on security hardening and generative AI implementations.

Project ? Multi-Cloud Azure & StackIT:

• Cloud Security & Compliance: Led the end-to-end architecture and implementation of Kubernetes RBAC using Authentik and SIEM; integrated OIDC authentication and granular role bindings to secure multi-cluster access, achieving 100% SIMPL and BSI C5 compliance.
• CI/CD Pipeline Automation: Architected and automated Azure DevSecOps pipelines to orchestrate customer environment provisioning on StackIT Cloud; integrated Ansible playbooks and Terraform modules to deploy Kubernetes clusters and virtual machines with minimal manual intervention.
• Infrastructure as Code (IaC): Implemented reproducible Terraform and Ansible workflows within Azure pipelines to standardize Kubernetes node and VM creation across customer environments, reducing deployment time by 99% and ensuring configuration consistency across 8+ projects.
• Cloud Security & Compliance: Architected and implemented Kubernetes system hardening by deploying Falco in eBPF mode for runtime threat detection and configuring Kyverno for policy enforcement (Policy as Code (Pac)) via custom Helm charts for policy enforcement; automated alert routing to Splunk through Fluent-Bit, enabling proactive incident response.
• Multi-Cloud & Kubernetes Engineering: Integrated OIDC authentication into Kubernetes clusters using Authertik (IdP); secured developer and admin access with federated identity, eliminating static credentials and improving traceability across clusters.
• Monitoring & Observability: Configured Kubernetes audit policies to forward resource changes and OIDC login events to Splunk, establishing centralized visibility and enhancing audit readiness for regulated environments.
• Multi-Cloud & Kubernetes Engineering: Developed and deployed custom Helm charts for AI/ML inference workloads using Triton Inference Server, GPU scheduling, and MinIO (S3-like) object storage; managed Helm charts and Docker images in JFrog Artifactory to ensure secure, version-controlled, and reproducible deployments across environments.
• Cloud Security & Compliance: Configured and managed sensitive credentials and image pull secrets (ESO/VSO) in StackIT Secrets Manager, ensuring secure access to container registries and compliance with organizational security policies.
• Multi-Cloud & Kubernetes Engineering: Implemented and optimized resource management using VPA, Goldilocks, and Kubecost to analyze workloads and reduce cloud operational costs by 70%, enhancing performance visibility across Kubernetes clusters.
• Multi-Cloud & Kubernetes Engineering: Provisioned and maintained infrastructure components with Helm charts, including GenAI inference services, logging pipelines, and policy engines. Standardized deployments across cloud environments, increasing consistency and reproducibility.
• Cloud Security & Compliance: Assessed SBOM-based supply chain tracking for Kubernetes and advised adopting Snyk for vulnerability management; triaged 80+ CVEs and coordinated remediations.

Project ? GDPR compliant voice and chat bot in Azure:

• AI Integration & Automation: Architected, implemented, and secured a DSGVO-compliant Azure environment supporting a generative AI chatbot built with OpenAI (GPT), Bot Framework SDK, ACS, Azure Functions, and Terraform; automated context-aware support workflows, reducing operational costs by ~77%.

Lead IT security consultant responsible for designing, securing, and automating infrastructure environments across private cloud data centers. Coordinated project delivery, escalation management, and implementation planning end-to-end, ensuring timely execution and technical compliance for high-priority initiatives.

• Multi-Cloud & Kubernetes Engineering: Managed a greenfield mobile telecommunications project using Rakuten Symphony Cloud, overseeing 4 data centers, and 60 Virtual Machines (VMs) across a private cloud infrastructure; improved scalability, performance, and observability for mission-critical workloads.
• Ansible & Infrastructure Automation: Automated network connectivity testing with a custom Ansible playbook, executing 1,770 automated tests and saving outputs as JSON. Parsed results with Python into structured CSVs, increasing test coverage by 99.93% and improving validation efficiency by 22,025%.
• Infrastructure as Code (IaC): Automated deployment of Virtual Network Functions (VNFs)/Virtual Machines (VMs) using Terraform with a custom provider, reducing provisioning time by 90% and standardizing infrastructure templates across data centers.
• Cloud Security & Compliance: Implemented a traceable One-Time Password (OTP) authentication model for root access using HashiCorp Vault, converting static credentials into a ?break-glass? access method. Authored Method of Procedures (MoPs) and Proof of Concepts (PoCs) to validate the security model, achieving complete audit traceability for root actions.
• Cloud Security & Compliance: Presented and planned 15+ changes to the Change Advisory Board (CAB) and Network Operations Center (NOC), coordinated cross-team tasks, and delivered end-to-end solution presentations using the SCR method, ensuring transparency, accountability, and alignment throughout the change management process.
• Cloud Security & Compliance: Built incident response runbooks and escalation tiers; defined RACI ownership per incident type to stop unclear handoffs ? orphaned tickets ? that stalled; reduced remediation cycles from weeks to days by ensuring a named owner at every step.

Architected and implemented a secure, container-based microservices infrastructure for a public-sector digitalization project, enabling automation, scalability, and modern CI/CD practices.

• Multi-Cloud & Kubernetes Engineering: Designed and managed Helm-based Kubernetes deployments for 30+ microservices; standardized configuration, automated rollout strategies, and ensured reliable operation across dev, test, and production clusters.
• Multi-Cloud & Kubernetes Engineering: Migrated 30+ monolithic components into containerized services using Docker and Kubernetes, improving deployment speed, maintainability, and fault isolation in a private cloud environment.
• Multi-Cloud & Kubernetes Engineering: Defined the target architecture for a modular microservices environment, introducing standardized communication through XTA2 and log shippers for reliable message routing and traceability.
• CI/CD Pipeline Automation: Designed and maintained automated pipelines integrating Maven, Kubernetes, and private registries, enabling continuous integration and delivery with minimal manual intervention.
• Infrastructure as Code (IaC): Automated environment provisioning and configuration through Terraform and Ansible, standardizing infrastructure deployment across hybrid environments.

Developed and optimized CI/CD pipelines, implemented automation strategies, and led cloud infrastructure improvements to enhance operational efficiency and reduce pipeline costs.

• CI/CD Pipeline Automation: Designed and maintained GitLab CI/CD pipelines with pre-commit hooks for automated PEP8 convention checks, streamlining deployment cycles.
• CI/CD Pipeline Automation: Implemented Argo CD with GitLab, Kustomize, and Kubernetes to automate environment-specific deployments across dev and prod stages; ensured consistent versioning, faster rollouts, and reliable state synchronization between Git and live clusters.
• CI/CD Pipeline Automation: Multi-Cloud & Kubernetes Engineering: Developed a shared cache feature for GitLab runners using Harvester Hyperconverged Infrastructure (HCI), Kubernetes, kubectl, and SOPS Cryptography as a Service (CaaS), reducing pipeline execution time by 50% and cutting costs by ~$250/day.

Developed and improved integration testing for AWS services, ensuring reliability for 500+ weekly active B2B users.

• CI/CD Pipeline Automation: Improved AWS service test coverage by 84% through CI/CD strategies using Selenium, Ruby and Cucumber .io boosting testing efficiency.
• Multi-Cloud & Kubernetes Engineering: Performed blue-green deployment of AWS EC2 instances (Server OS migration to Amazon Linux 2) & troubleshooting for 8 Amazon Web Services where each service has 12 stages each stage with 10 instances.