Led security implementation for an enterprise self-service VM provisioning platform spanning Azure, AWS, and VMware vSphere. Architected the end-to-end pipeline: ServiceNow tickets trigger Jenkins jobs that execute Terraform runs on Terraform Cloud, with post-provisioning handoff to Ansible AWX for configuration management. Built Golden Images using HCP Packer with CIS benchmarks baked in. Authored 21 Hashicorp Sentinel policies and OPA Rego rules to enforce security guardrails on Terraform plans—validating encryption requirements, network segmentation, tagging standards, and IAM configurations. Integrated OPA into GitHub Actions for Ansible playbook validation on every PR. Reduced VM provisioning time from 2 weeks (manual process) to under 2 hours while maintaining 100% policy compliance.

Designed and implemented a secure multi-tenant GKE platform on Google Cloud with comprehensive policy enforcement using OPA Gatekeeper. The project involved provisioning the entire infrastructure using Terraform, including GKE clusters with Workload Identity, VPC-native networking, and private nodes. Implemented a GitOps workflow using ArgoCD for declarative application deployment and configuration management. Developed custom Gatekeeper constraint templates to enforce security policies such as pod security standards, resource quotas, image registry restrictions, and network policy requirements. Integrated Binary Authorization to ensure only signed and verified container images are deployed to the cluster. The platform reduced security misconfigurations by 85% and enabled development teams to self-service deploy applications while maintaining compliance with organizational security standards.

Developed a Golang CLI tool for secure remote access to cloud development environments behind Azure Bastion. Implemented multiplexed SOCKS5 proxy connections with SSH tunneling capabilities, enabling developers to access private Kubernetes clusters, MSSQL databases, and internal services without VPN overhead. Features include dynamic port forwarding, connection pooling for improved performance, and automatic tunnel recovery. The tool standardized remote access patterns across the team and reduced connectivity setup time from 15+ minutes of manual configuration to a single command.

Built a production-mirrored local development environment using Tilt for Kubernetes-based applications. Configured hot-reloading for containerized services, automated image builds on code changes, and replicated production Kubernetes manifests locally to eliminate environment drift. Integrated with the existing DTR (Docker Trusted Registry) for seamless image management. Reduced average development cycle time by 30% by eliminating manual container builds and kubectl apply workflows, enabling developers to see code changes reflected in seconds rather than minutes.