8 years designing enterprise cloud infrastructure at Cisco, Bugcrowd, and Mercor AI Lab — multi-region AWS, Kubernetes at scale, IaC platform design, and vendor architecture decisions. Now moving into customer-facing solutions roles.
Featured Projects
Each project models a real SE workflow — discovery, gap analysis, tradeoff decisions, stakeholder communication. Live on AWS, not on localhost.
Enterprise vendors lose deals in the discovery phase. Generic questions produce vague answers. The best SEs run structured discovery that surfaces gaps the customer hasn't articulated yet — then design multiple architecture paths with honest tradeoffs rather than a single recommendation.
An AI system that runs adaptive discovery conversations, scores gaps against industry frameworks, generates 4 architecture paths with honest cost/risk tradeoffs, tailors stakeholder messaging by role (technical champion vs economic buyer vs operations team), and produces a board-ready executive summary — the full SE engagement cycle from first call to post-meeting deliverable.
When a user gets blocked, neither the user nor the helpdesk knows why. Security teams can't show stakeholders the business impact of enabling a new policy before they turn it on — so Zero Trust rollouts stall.
A working policy engine with real Okta SSO integration. Signs in with your actual Okta identity and evaluates access decisions against 7 configurable policies in real time. Shows policy blast radius before rollout, maps every decision to CIS/NIST/SOC2 controls, provides post-deny remediation steps, and includes a CISO dashboard with risk reduction trends.
Engineering and platform teams spend hours manually correlating infrastructure findings, configuration drift, and cost anomalies across AWS accounts. The most common question — "why did our bill spike $340 last week?" — takes days to answer without the right tooling.
A natural language interface over live AWS infrastructure — no dashboards, no queries, no SIEM config. Ask "why did our bill spike last week?" or "which services have configuration drift?" and get answers grounded in real data. Collectors poll 9 AWS services continuously. Deployed on Bedrock with Claude Sonnet and pgvector for semantic search. Built and shipped on Terraform-managed infrastructure.
Architecture Case Studies
Anonymised from production work at Cisco and Mercor AI Lab — the kind of technical advisory work that directly maps to what Solutions Engineers and Solutions Architects do.
Organisation needed to replace legacy VPN for 5,000+ users with a Zero Trust architecture. Three vendors shortlisted. Security team had no structured evaluation framework and was being led by vendor sales cycles rather than requirements.
Authored evaluation RFC covering 6 domains (identity integration, security controls, performance, ops complexity, scalability, commercial). Presented structured comparison to senior engineering leadership. Netskope selected based on SCIM depth and inline DLP capability. Deployment phased over 90 days with parallel-run period.
US/Australia AI lab with no existing infrastructure standards, no guardrails, and LLM inference workloads needing to deploy across two continents with full audit trail.
Sole infrastructure architect. Designed the platform RFC from scratch: tiered Terraform blessed modules (S3, IAM, ECS, Lambda, EventBridge), Spacelift-driven ClickOps-free deployment pipeline, async design reviews with engineers across time zones. All LLM projects launched policy-compliant with full deployment audit trail.
Inconsistent IdP integration across a large EKS estate. No SCIM automation, no compliance remediation playbooks, mixed Okta/Azure AD/Ping deployments with no unified access model.
Designed ENI-based isolation model. Embedded SCIM lifecycle automation across Okta, Azure AD, and Ping Identity. Delivered self-serve audit runbooks. Reduced manual identity operations by measurable hours per sprint across the security team.
20 customer environments co-located in a single Terraform repository. A misconfiguration in one customer's code could silently affect unrelated clients. No lifecycle isolation, no per-customer state separation.
Conducted full technical discovery. Authored the RFC. Led implementation into fully isolated per-customer state with independent lifecycle management and zero cross-client exposure. Delivered across 3 AWS regions with ArgoCD-based GitOps pipeline.
Background
I've spent 8 years as the person who gets called when an architecture decision needs to be made — platform design, vendor selection, IaC strategy, or infrastructure tradeoffs. The move to Solutions Engineering is about applying that same depth to customer problems rather than internal ones.
Multi-region AWS at scale, EKS handling 2M+ monthly transactions, Terraform IaC authorship across 20 customer environments, AI platform infrastructure at Mercor, GitOps-driven deployment pipelines.
Vendor evaluations presented to senior leadership. Architecture RFCs signed off by engineering directors. Cross-functional stakeholder alignment across security, compliance, and engineering. Async design reviews with distributed teams.
AWS Solutions Architect Associate (SAA-C03) and HashiCorp Terraform Associate in progress. Published research: network layer attack detection in MANETs. B.Tech IT, Anna University — GPA 8.47/10.
Solutions Engineer, Customer Engineer, and Solutions Architect at cloud infrastructure, data, observability, and platform companies. Open to Singapore, broader APAC, and EMEA.
Technical Stack
Get in touch
If you're building out Solutions Engineering capacity in APAC or EMEA and want someone with real infrastructure depth — not just a product background — I'd like to talk. Thirty minutes is enough to find out if there's a fit.
Open to EMEA and APAC · Requires employer-sponsored work visa