Cloud Infrastructure Architect & Platform Engineer → Solutions Engineering

Ishwarya
Chengalvarayan

8 years designing enterprise cloud infrastructure at Cisco, Bugcrowd, and Mercor AI Lab — multi-region AWS, Kubernetes at scale, IaC platform design, and vendor architecture decisions. Now moving into customer-facing solutions roles.

Architected multi-region AWS platforms handling 2M+ monthly transactions Authored infrastructure RFCs and led vendor evaluations at Cisco and Mercor AI Lab Designed IaC platforms across 20 customer environments at Gale Partners
discovery-copilot run --scenario fintech-zerotrust
Discovery complete · 4 gaps identified · 3 vendor recommendations generated
Download Resume Book 30-Min Call Get in touch
Experience at
Cisco Systems· Bugcrowd· Mercor AI Lab· Gale Partners· Reshamandi· Qburst Technologies· Sify Technologies

Built to solve real customer problems

Each project models a real SE workflow — discovery, gap analysis, tradeoff decisions, stakeholder communication. Live on AWS, not on localhost.

Flagship · Discovery & Solution Design

Security Discovery & Solution Design Copilot

Enterprise vendors lose deals in the discovery phase. Generic questions produce vague answers. The best SEs run structured discovery that surfaces gaps the customer hasn't articulated yet — then design multiple architecture paths with honest tradeoffs rather than a single recommendation.

An AI system that runs adaptive discovery conversations, scores gaps against industry frameworks, generates 4 architecture paths with honest cost/risk tradeoffs, tailors stakeholder messaging by role (technical champion vs economic buyer vs operations team), and produces a board-ready executive summary — the full SE engagement cycle from first call to post-meeting deliverable.

DatabricksHashiCorpDatadog CloudflareOktaWiz
8
SE capabilities modelled
4
architecture options per engagement
Identity · Zero Trust

Identity & Access Decision Studio

When a user gets blocked, neither the user nor the helpdesk knows why. Security teams can't show stakeholders the business impact of enabling a new policy before they turn it on — so Zero Trust rollouts stall.

A working policy engine with real Okta SSO integration. Signs in with your actual Okta identity and evaluates access decisions against 7 configurable policies in real time. Shows policy blast radius before rollout, maps every decision to CIS/NIST/SOC2 controls, provides post-deny remediation steps, and includes a CISO dashboard with risk reduction trends.

CloudflareOktaPalo Alto ZscalerCrowdStrike
Live
Okta SSO integration
4
demo views for different audiences
AI Platform · Cloud Infrastructure

AWS Security & Cost Governance Copilot

Engineering and platform teams spend hours manually correlating infrastructure findings, configuration drift, and cost anomalies across AWS accounts. The most common question — "why did our bill spike $340 last week?" — takes days to answer without the right tooling.

A natural language interface over live AWS infrastructure — no dashboards, no queries, no SIEM config. Ask "why did our bill spike last week?" or "which services have configuration drift?" and get answers grounded in real data. Collectors poll 9 AWS services continuously. Deployed on Bedrock with Claude Sonnet and pgvector for semantic search. Built and shipped on Terraform-managed infrastructure.

DatadogHashiCorpSnowflake WizMongoDBElastic
Real
AWS data, not simulated
9
AWS services instrumented

Real problems. Real decisions. Real outcomes.

Anonymised from production work at Cisco and Mercor AI Lab — the kind of technical advisory work that directly maps to what Solutions Engineers and Solutions Architects do.

Cisco Systems · 2024

ZTNA Platform Evaluation — Cloudflare vs Netskope vs Palo Alto

Organisation needed to replace legacy VPN for 5,000+ users with a Zero Trust architecture. Three vendors shortlisted. Security team had no structured evaluation framework and was being led by vendor sales cycles rather than requirements.

Authored evaluation RFC covering 6 domains (identity integration, security controls, performance, ops complexity, scalability, commercial). Presented structured comparison to senior engineering leadership. Netskope selected based on SCIM depth and inline DLP capability. Deployment phased over 90 days with parallel-run period.

ZTNAVendor EvaluationRFC Authorship SCIMStakeholder Presentation
Mercor AI Lab · 2026

Greenfield AI Platform Architecture — From First Principles

US/Australia AI lab with no existing infrastructure standards, no guardrails, and LLM inference workloads needing to deploy across two continents with full audit trail.

Sole infrastructure architect. Designed the platform RFC from scratch: tiered Terraform blessed modules (S3, IAM, ECS, Lambda, EventBridge), Spacelift-driven ClickOps-free deployment pipeline, async design reviews with engineers across time zones. All LLM projects launched policy-compliant with full deployment audit trail.

TerraformAWSRFC Authorship Platform DesignSpacelift
Cisco Systems · 2023–2024

Identity Consolidation Across 1,000+ EKS Clusters

Inconsistent IdP integration across a large EKS estate. No SCIM automation, no compliance remediation playbooks, mixed Okta/Azure AD/Ping deployments with no unified access model.

Designed ENI-based isolation model. Embedded SCIM lifecycle automation across Okta, Azure AD, and Ping Identity. Delivered self-serve audit runbooks. Reduced manual identity operations by measurable hours per sprint across the security team.

OktaSCIMEKS Azure ADIAM Architecture
Gale Partners · 2022–2023

Multi-Tenant Terraform Restructuring — Eliminating Blast Radius Risk

20 customer environments co-located in a single Terraform repository. A misconfiguration in one customer's code could silently affect unrelated clients. No lifecycle isolation, no per-customer state separation.

Conducted full technical discovery. Authored the RFC. Led implementation into fully isolated per-customer state with independent lifecycle management and zero cross-client exposure. Delivered across 3 AWS regions with ArgoCD-based GitOps pipeline.

TerraformRFC AuthorshipAWS ArgoCDArchitecture Design

Infrastructure practitioner moving into customer-facing work

I've spent 7 years as the person who gets called when an architecture decision needs to be made — platform design, vendor selection, IaC strategy, or infrastructure tradeoffs. The move to Solutions Engineering is about applying that same depth to customer problems rather than internal ones.

Cloud & Platform

Multi-region AWS at scale, EKS handling 2M+ monthly transactions, Terraform IaC authorship across 20 customer environments, AI platform infrastructure at Mercor, GitOps-driven deployment pipelines.

AWSEKSTerraform KubernetesPlatform EngineeringGitOps

Customer-Adjacent Experience

Vendor evaluations presented to senior leadership. Architecture RFCs signed off by engineering directors. Cross-functional stakeholder alignment across security, compliance, and engineering. Async design reviews with distributed teams.

RFC AuthorshipVendor Evaluation Stakeholder AlignmentTechnical Advisory

Certifications

AWS Solutions Architect Associate (SAA-C03) and HashiCorp Terraform Associate in progress. Published research: network layer attack detection in MANETs. B.Tech IT, Anna University — GPA 8.47/10.

AWS SAA-C03Terraform 003Published Research

Target Roles

Solutions Engineer, Customer Engineer, and Solutions Architect at cloud infrastructure, data, observability, and platform companies. Open to Singapore, broader APAC, and EMEA.

Solutions EngineerCustomer Engineer SingaporeAPACEMEA

Cloud & Infrastructure

  • AWS (multi-region, multi-account)
  • EKS / Kubernetes
  • Azure, GCP (familiar)

IaC & Automation

  • Terraform, Spacelift
  • ArgoCD, GitHub Actions
  • n8n workflow automation

AI & Platform

  • AWS Bedrock, OpenRouter
  • pgvector, RAG pipelines
  • FastAPI, Python

Observability

  • Datadog, Grafana
  • CloudWatch, CloudTrail
  • Cost Explorer, X-Ray

Identity & Security

  • Okta, Azure AD, Ping
  • SCIM, OIDC, OAuth2, SAML
  • Zero Trust / ZTNA

Open to the right conversation

If you're building out Solutions Engineering capacity in APAC or EMEA and want someone with real infrastructure depth — not just a product background — I'd like to talk. Thirty minutes is enough to find out if there's a fit.

Open to EMEA and APAC · Requires employer-sponsored work visa