SENIOR DEVOPS ENGINEER · LAHORE, PAKISTAN

I build reliable cloud platforms for teams that ship fast.

End-to-end DevOps and cloud architecture — Kubernetes platforms, infrastructure-as-code foundations, secure CI/CD pipelines, and observability that keeps production honest.

Let's talk Book a call ↗ See work → Download CV ↓
Available for remote roles
📍 4–6h US-ET overlap
🎓 GCP Professional Cloud Architect

TOP 3% TALENT

Vetted byHire me
VETTED · TOP 3%
// 01 — About

A platform engineer
who treats compliance as architecture.

I'm a Senior Cloud & DevOps Engineer with seven-plus years building production cloud infrastructure for healthcare and fintech — domains where security, audit, and uptime are non-negotiable.

My focus is on the regulated end of cloud platforms: multi-environment Kubernetes, infrastructure-as-code with Terraform and Pulumi, zero-trust access via Teleport, and CI/CD pipelines with security gates that actually block bad artifacts from reaching production.

I'm GCP Professional Cloud Architect certified with deep AWS literacy. I've shipped HIPAA-compliant clinical platforms and PCI-DSS aligned fintech systems serving over a million monthly active users. I work fully remote, hold consistent overlap with US-ET, and have done so for years across multiple US clients.

7+
Years senior IC
1M+
MAU on platforms I built
99.9%
Production uptime
2
Compliance regimes shipped
// 02 — Selected work

Some of the highlighted work.

Each represents a different constraint set: regulatory audit, transaction-grade reliability, and data-intensive performance. Click through any of them in conversation if you'd like a deeper walkthrough.

FirstClass Healthcare
Enterprise Clinical Platform · 500+ Internal Staff
HIPAA · Healthcare

A correctional health management system facilitating clinical workflows, pharmacy tracking, and patient records in high-security institutional environments. Designed and operated the cloud infrastructure backbone end-to-end.

  • Designed HIPAA-compliant multi-environment Kubernetes infrastructure on GCP, managed entirely with Terraform.
  • Replaced legacy SSH bastions with Teleport for zero-trust access and per-session audit recording.
  • Implemented Infisical for centralized, audited secret injection across CI/CD and runtime workloads.
  • Shifted security left with SAST gates, Trivy scanning, and standardized hardened base images.
  • Architected ephemeral environments via Qovery for rapid feature validation without data exposure.
  • Tuned WAF policies for credential-stuffing and bot mitigation on sensitive clinical endpoints.
KubernetesTerraformGCPTeleportInfisicalQoveryGitHub ActionsSAST · Trivy
Honeycomb
Fintech / Insurtech Platform · 1M+ Monthly Active Users
PCI-DSS · Fintech

A digital insurance marketplace and underwriting engine automating multi-family property insurance through data-driven risk assessment and instant quote generation. Led a full infrastructure security redesign.

  • Architected high-volume financial transaction infrastructure with PCI-DSS alignment and 99.9% uptime SLO.
  • Standardized environment provisioning with Pulumi, eliminating configuration drift between staging and prod.
  • Replaced static credentials with Teleport for short-lived, identity-aware access with full session auditing.
  • Centralized secrets management via Infisical with encrypted, auditable injection across CI/CD and runtime.
  • Embedded Trivy enforcement gates in GitHub Actions, preventing vulnerable artifacts from reaching production.
  • Designed Cloud Armor policies with calibrated rate limits and behavioral filtering to mitigate underwriting API abuse.
  • Defined SLO-driven autoscaling strategies aligned with bursty underwriting traffic patterns.
KubernetesPulumiGCP · GKECloud ArmorTeleportInfisicalTrivyGitHub Actions
Reventure
Real-Estate Intelligence & Data Lake · 400K+ Monthly Active Users
Data · PropTech

An interactive real-estate analytics platform providing housing market intelligence, neighborhood demographics, and investment forecasting tools for property investors.

  • Built large-scale data aggregation and analytics pipelines powering predictive investment dashboards.
  • Containerized data-processing workloads on Kubernetes for consistency between development and production.
  • Implemented horizontal pod autoscaling tuned to absorb periodic spikes without latency degradation.
  • Optimized database interactions and background-processing jobs to materially reduce dashboard p95 latency.
  • Strengthened cluster observability — surfaced bottlenecks before they became customer complaints.
KubernetesAWS · EKSDockerCI/CDIaCDatadogGrafana
// 03 — Stack

Tools I reach for daily.

Cloud-agnostic where it matters, cloud-specific where it pays off. The list below reflects production work, not dabbling.

Cloud
GCP (certified)
AWS
Hybrid & on-prem
Platform
Kubernetes · GKE · EKS
Helm · ArgoCD
Docker
Infrastructure-as-code
Terraform
Pulumi
Ansible
CI / CD
GitHub Actions
Jenkins · CircleCI
GitOps
Security
HIPAA · PCI-DSS · SOC 2
Teleport · Tailscale
Infisical · SAST · Trivy
Cloud Armor · WAF tuning
Observability
Datadog
Grafana · Prometheus
SLO-driven alerting
// 04 — Writing

Things I think and write about.

I refine my own thinking on production patterns through technical writing — both internal docs and external pieces commissioned for engineering audiences. Topics where I have depth:

Kubernetes Operations

Cost engineering at scale

Right-sizing strategies, request and limit calibration, spot and preemptible patterns, and how Cluster Autoscaler vs Karpenter changes the cost curve. Drawn from production tuning across regulated workloads.

2025 — 2026 · ongoing
Observability

SLO-driven alerting that engineers actually use

Building observability that surfaces signal not noise — alerting on symptoms not causes, error budgets that drive release decisions, and the difference between dashboards that look good and dashboards engineers act on.

2025 — 2026 · ongoing
Platform Security

Shifting left without slowing down

Embedding SAST gates, container vulnerability scanning, signed images, and policy-as-code into CI/CD without making delivery painful. Trade-offs between blocking and advisory gates, and why advisory gates rarely change behavior.

2024 — 2026 · ongoing
Infrastructure-as-Code

Terraform vs Pulumi at the platform layer

When each wins. The trade-off between broad ecosystem familiarity (Terraform) and first-class abstractions plus policy-as-code (Pulumi) — and how to decide based on team shape rather than cloud preference.

2025 — 2026 · ongoing
Available for technical writing engagements on cloud, Kubernetes, observability, and DevOps security — alongside platform consulting work.
// 05 — Certifications

Verified credentials.

Google Professional Cloud Architect
Google Cloud
OCT 2024
Google Cloud Skills Boost — Diamond League
Google Cloud · 19K+ points · 16 verified badges across Kubernetes, Terraform, networking, security ops
View profile ↗
Datadog Fundamentals I
Datadog
SEP 2024

Have a hard infra problem?
Let's talk.

I'm currently available for senior remote roles — full-time, contract, or contract-to-hire. Healthcare, fintech, and platform-engineering work especially welcome.

Email me Book 15 min ↗ Download CV ↓ LinkedIn ↗ Toptal ↗ Upwork ↗ Skills Boost ↗