Featured Projects
Built a repo-local multi-agent audit harness that fans out read-only reviewers, then forces an adversarial verify pass on every finding. One run distilled 204 raw findings to 44 real ones. The same method reviews production infrastructure-as-code before it applies, catching real defects pre-deploy.
Authored a 63K-line Rust desktop application (Tauri): an offline-first sync engine with a hybrid logical clock, and a versioned AEAD envelope designed on audited primitives (AES-256-GCM, HKDF, Argon2id, HPKE). Owns the signed, notarized four-target release pipeline. 769 tests.
Led complete replacement of legacy monitoring platform for 500+ VMs across hybrid infrastructure. Implemented 31 alert rules, 5 Data Collection Rule types, and 8 team-specific Action Groups, all via Bicep IaC. Achieved real-world validated alerting with automated resolution and zero false negatives.
Leading phased migration of 8 GCP projects across organizational tenants for a global advertising & media holding. Scoping secure-tenant onboarding with strict policy compliance, IAM hardening (auditing 99+ service accounts), standardized CI/CD pipeline design, cost governance, and naming convention enforcement, while preserving development team deployment autonomy and rapid release cycles.
Leading end-to-end migration of revenue-critical applications between Azure tenants with zero-downtime requirements. Standardizing IaC with Terraform/Terragrunt, implementing OIDC/Workload Identity authentication, and establishing unified naming conventions and security policies across global deployments.
Onboarded 500+ hybrid VMs (SLES, RHEL, Windows) to Azure Arc across production and non-production environments. Deployed Azure Monitor Agent with Data Collection Rules, VM Insights integration, and resource group segmentation by region. Established repeatable onboarding scripts and validation procedures for enterprise-scale hybrid governance.
Led enterprise-scale migration of 1500+ users from on-premises to Azure hybrid infrastructure. Implemented phased migration approach with automated PowerShell scripts, achieving seamless transition with zero downtime and improved operational efficiency through optimized resource allocation.
Built multi-cloud FinOps platform achieving 25% cost reduction across AWS, Azure, and GCP. Implemented unified cost monitoring, automated optimization recommendations, and ML-based forecasting, significantly improving cost visibility and resource efficiency.
Architected enterprise-scale migration of 22+ repositories from legacy CI/CD (Jenkins/Bitbucket) to GitLab CI. Built an enterprise-grade modular pipeline framework with multi-stage build/test/coverage/deploy, security gates, health checks, retry policies, and manual deployment controls. Achieved 100% test coverage and seamless multi-environment progression.
Implemented Azure OpenAI integration with Commercetools platform, enabling natural language interaction with products through a chat interface. Enhanced user experience for non-technical users accessing product information, pricing, and other data without navigating complex interfaces.
Implemented comprehensive Azure OpenAI DevOps integration platform for Bosch, featuring automated AI model deployment pipelines, advanced KQL monitoring dashboards, and cost optimization strategies. Reduced AI model deployment time by 60% and improved resource efficiency by 25% through intelligent automation.
Serving as DevOps point of contact across multiple enterprise engagements, coordinating between product, TechOps, cloud engineering, and security teams to align migration timelines, define ownership boundaries, and unblock cross-functional dependencies. Managing stakeholder communication, technical decision-making, and delivery alignment across 5+ concurrent workstreams in FinTech, AdTech, and manufacturing domains.
Production monitoring silently dropped to 22 of 246 VMs after a change broke Microsoft-managed VM Insights bindings. Detected it within 24 hours, remediated via Azure Policy within 48, and wrote the immutability rule into the runbooks so the same class of failure could not recur.
About $30 a day in wasted log ingestion: information-level noise from 200+ servers, all billed and never read. Redesigned the Data Collection Rules to filter at the source and restrict AD / DNS / DFS logs to the domain controllers, eliminating redundant ingestion across the fleet.
The entire Azure monitoring stack (data collection rules, alert rules, action groups) packaged as seven reusable Bicep modules and deployed with a single command. Reproducible, reviewable, and portable across subscriptions and tenants.
Implemented comprehensive DevSecOps solutions integrated into CI/CD pipelines, including SonarQube, Trivy, and RBAC. Enhanced security and compliance across Azure and AWS environments with detailed documentation and implementation guides.
Designed and implemented enterprise secrets management strategy, migrating credentials from CI/CD variables to Azure Key Vault with UAMI-based authentication. Analyzed 55+ pipeline variables, identified and removed 30 unused entries, and established a reusable pattern for all future service migrations.
Implemented automated cost anomaly detection across 62 Azure subscriptions. Built automation runbooks with auto-expiration policies, daily scheduling, and multi-team notification routing. Enabled proactive cost governance for enterprise-scale cloud environments.
Designed and deployed Azure Policy-driven health check automation across 26 App Service resources with zero downtime. Implemented phased rollout strategy with validation at each stage, achieving 100% successful configuration across production workloads and establishing a repeatable pattern for future resources.
Designed and implemented secure Azure infrastructure using Infrastructure as Code principles. Configured networking, security groups, and automated deployments. Achieved 99.9% uptime and reduced deployment time by 70%.
Built CI/CD pipelines for Bosch's e-commerce platform using Jenkins and Azure DevOps, integrated automated testing, and accelerated microservices deployments with Commercetools.
Built automated backup solution for Commercetools using Azure Logic Apps, featuring scheduled backups, data validation, and recovery, ensuring reliability and rapid restoration.
Implemented Azure API Management to reduce time and costs. By Infrastructure as Code, optimizing performance, reducing costs, and achieving scalable deployments.
Optimized microservices deployments using MACH Composer and GitHub Actions, enabling reusable workflows, environment-specific configs, and automated testing for faster, error-free releases.
Migrated e-commerce platform to Google Kubernetes Engine, implementing microservices, automated scaling, and monitoring. Reduced response times, enhanced reliability, and lowered infrastructure costs.
Built Kubernetes infrastructure on Google Cloud Platform, including autoscaling clusters, pod security policies, load balancing, and integrated Cloud Monitoring for enhanced observability.
Architected secure cloud infrastructure using Terraform, implementing VPCs, Security Groups, and automated DNS management. Presented solutions to 500+ attendees at EPAM conference.
Implemented comprehensive monitoring solution using Prometheus and Grafana, reducing incident response time by 60%. Managed infrastructure serving 100+ users with 99.9% system uptime. Integrated alerting and automated response systems.
Built proactive monitoring platform with automated daily reporting via Azure Logic Apps. Implemented KQL-driven analytics covering 100+ production disks with Windows/Linux split reporting, email automation, and threshold-based alerting. Enabled teams to act before incidents occur.
Implemented centralized artifact management by migrating NuGet packages, deployment artifacts, and database DACPACs to GitLab Package Registry. Configured deploy token authentication, CI_JOB_TOKEN integration, and PowerShell-based artifact retrieval, eliminating scattered package sources and reducing dependency management overhead across multiple services.
Implemented seamless repository synchronization between BitBucket and GitLab, enabling efficient cross-team collaboration, real-time code consistency, and simplified access management.
Optimized Git workflows across multiple teams, implementing efficient branching strategies and repository mirroring. Achieved 40% faster collaboration and 60% storage reduction through advanced Git LFS implementation.
Developed a unified tool to automate import jobs across multiple environments. Improved operational efficiency by simplifying complex processes, reducing time from 15-20 minutes to 1-2 minutes per import. Leveraged Azure Automation for secure execution with proper error handling.
Developed automated tool for release branch management, enabling efficient identification and locking of release/hotfix branches across repositories. Implemented comprehensive reporting system and standardized release workflow, ensuring code stability during production rollouts.
Developed a Python tool for identifying unused API clients across multiple Commercetools projects, reducing security risks and improving client lifecycle management. Automated previously manual audit processes, cutting analysis time from hours to minutes and providing comprehensive reports.
Created a user-friendly web application for accessing AKS cluster logs, enabling support teams to quickly access and analyze logs without Azure Log Analytics knowledge. Reduced log access time from 5-10 minutes to 30-60 seconds and introduced one-click log downloading.
Successfully migrated 50+ AWS Lambda functions to Python 3.11, implemented security assessments, automated testing, and presented expertise at AWS Weeks 2024 events.
Led technical team growth from 5 to 15+ engineers, establishing comprehensive mentoring programs and competency frameworks. Reduced onboarding time from 4 months to 8 weeks, achieved 85% retention rate, and increased team productivity by 35% through structured leadership development.
Migrated pipeline authentication from long-lived service-principal secrets to federated Workload Identity, with no flag-day. Verified the credentials being retired still worked before removal, and shipped a backward-compatible rollout so each service moved on its own schedule. Zero secrets left in the pipeline.
Four Logic Apps migrating across two tenants on the same morning; two failed with a Graph 404. A 20-agent, 3-round investigation traced it to an OIDC domain-ownership change after an acquisition, verified independently against the live tenant. Clean same-day rollback and a decision framed for the architect.
Took live ownership of an undocumented, business-critical SQL transactional-replication flow (Managed Instance to Azure SQL) after the owning team rolled off. Built a recovery ladder runnable under pressure, onboarded a new enterprise client, and left the runbook the prior team never wrote. New client came up at 00:00:00 latency.
A production deploy pipeline had no dry-run, so green runs were the only signal. Built a what-if twin that validates against real subscriptions with the same identity that deploys. It caught a defect a green run had hidden: a tag re-write on an existing resource group that violated a touch-nothing constraint.
A GitHub Actions system that plans by default, gates apply behind two separate confirmations, arms its own budget alarms, and tears everything back down to zero with an audited teardown. About $0.15 per cycle. Lets a small team rehearse real infrastructure end-to-end without waiting on anyone.
A production service behind a CDN edge returned HTTP 200 but HTTPS 503. Isolated the fault to the edge with layered curl / dig / openssl probes, proved TLS terminated cleanly client-to-edge, and located the real fault at the origin gateway's 443 listener. Disabled the check on one resource first, so the fix could not bounce a live app.

Implemented comprehensive DevSecOps pipeline with 10+ security tools integration, achieving significant vulnerability reduction. Automated security compliance for SOC 2, PCI DSS, improved incident response time by 75%, and established proactive security monitoring across multi-cloud infrastructure.
Deployed a Proxmox-based virtual data center, managing virtual machines and ensuring high reliability with regular backups. This setup guarantees performance and security for all services.
Implemented comprehensive virtualization automation platform with Terraform IaC, achieving 99.5% uptime. Created self-service portal reducing VM provisioning from 2-3 hours to 10-15 minutes, optimized resource utilization by 25%, and improved infrastructure efficiency through intelligent automation.
Automated MikroTik network infrastructure using Terraform and Python, achieving 99.5% network uptime. Reduced configuration time from 2-3 hours to 15-20 minutes per device, significantly reduced manual errors, and enabled scaling from 5 to 25+ network devices through standardized automation.
Configured Nginx for domain connection and SSL, enhancing web service security and efficiency. Adjusted server blocks for improved performance, installing SSL for encrypted data transfer.
Set up Jenkins for automated workflows and CI, customizing pipelines and integrating with version control systems. This enhanced development efficiency, speed, and consistency.
Created an infrastructure using Docker-compose, connecting a WordPress site with a MySQL database. Configured the WordPress server on port 8080 and set up MySQL for effective site interaction.
Deployed Jira for project management, customizing it with automated scripts for task tracking, sprint planning, and team workflows, thus boosting productivity and aligning with agile methods.
Developed a two-player chess game with React, integrating classic rules into a dynamic interface. Efficiently managed game state for enhanced strategic gameplay.
Developed a specialized CRM system for Pharmbiotest, enhancing service tracking, client database management, and loyalty programs. Optimized for improved client engagement and streamlined service delivery with advanced database tools.
Developed the Foxtar Store, a comprehensive online retail platform with user-friendly design. Incorporated e-commerce features like product listings and shopping cart for a complete shopping experience.
Developed a React application simulating an e-commerce experience with FakeStoreAPI. Features include browsing products, adding to cart, and understanding API integration.
Designed a web app for searching GitHub repositories, enabling users to search, view details, and save favorite repositories. Utilizes GitHub's API for real-time data retrieval.
Built an interactive calculator using Vue.js, featuring undo and redo functions. This project showcases Vue.js's capabilities in reactivity and state management.
Crafted an adaptive landing page using HTML and CSS, focusing on responsive design. Employed advanced CSS for flexibility across devices, ensuring a seamless user experience.