About Me

Senior Cloud Engineer delivering secure, scalable AWS platforms across consulting and product environments.

Experienced in infrastructure as code (Terraform/CloudFormation), CI/CD, and building platform foundations with a strong focus on security, governance, and cost optimization. Hands-on experience delivering multi-account AWS environments, IAM architecture, network and application infrastructure, and end-to-end observability.

I've worked closely with security teams to implement solutions aligned with compliance standards (including PCI DSS), contributing to secure, auditable, and production-ready platforms.

Trusted for strong ownership, systems-thinking and problem solving skills, and the ability to quickly ramp up and deliver in new environments, with clear and adaptable communication across teams and stakeholders.

Work Experience

Cloud Engineer

Caylent August 2025 - Present
  • Delivering multi-account AWS landing zones using AWS Control Tower (including CfCT/AFT), and implementing organization-wide governance controls such as SCPs, tagging standards, and AWS Backup strategies to enable secure-by-default environments at scale.
  • Designing and automating cloud infrastructure using Terraform/CloudFormation, including IAM architectures and cross-account access patterns aligned with least-privilege principles, along with network, application, and observability components.
  • Designing, building, and operating CI/CD pipelines across multiple platforms (GitHub Actions, Bitbucket Pipelines, GitLab, Buildkite, AWS CodePipeline), supporting scalable and reliable delivery workflows.
  • Contributing to client-facing knowledge transfer sessions and technical walkthroughs, ensuring clear handoffs and alignment on implementations.

Senior Infrastructure Engineer

AstroPay April 2023 - August 2025

As an Infrastructure Engineer, I designed and implemented scalable, secure, and cost-optimized AWS infrastructure, leading end-to-end delivery of cross-cutting initiatives across security, observability, and platform engineering.

I became a go-to engineer for AWS and Elastic Stack troubleshooting across teams, mentored junior engineers, and helped standardize best practices to improve platform stability and security.

Promoted twice in under 2 years.

Key achievements:

  • Built a company-wide SIEM platform on the Elastic Stack, integrating AWS services, identity providers, and security tooling to centralize security telemetry, working closely with the security team to enable PCI DSS compliance and support successful audits.
  • Reduced application log storage costs by $150K+ annually (45%) by designing and implementing ILM policies and tiered storage strategies while meeting retention requirements.
  • Designed and implemented CI/CD pipelines using GitHub Actions and reusable workflows integrated with ArgoCD, improving deployment consistency and enabling a large-scale migration to Amazon EKS.
  • Strengthened production database access by implementing AWS-native authentication to improve PCI DSS compliance, eliminating reliance on long-lived credentials and improving audit readiness.
  • Standardized secure, auditable access to 300+ EC2 instances using AWS SSM Session Manager, fine-grained IAM policies, and tagging strategies, working closely with the security team to align with PCI DSS compliance requirements, improving both security posture and operational efficiency.
  • Owned platform-wide observability across EC2, EKS, databases, and Elastic workloads, implementing telemetry and alerting (including AWS account-level activity monitoring) to improve incident detection and response.

Cloud Engineer

Accenture January 2022 – April 2023
  • Managed Linux-based OS servers (RHEL and CentOS)
  • Managed cloud-based services in AWS and Azure
  • Ensured system stability and performance through monitoring and alert resolutions with Nagios and CloudWatch
  • Managed AWS IAM, Active Directory and Azure AD (now Microsoft Entra ID)

Tech Stack

Cloud & IaC

AWS Terraform OpenTofu Atmos (Cloud Posse) CloudFormation Docker EKS

CI/CD & GitOps

GitHub Actions Jenkins GitLab CI/CD Bitbucket Pipelines Buildkite AWS CodePipeline ArgoCD Git

Security

AWS IAM AWS SSM AWS IAM Identity Center (SSO) OIDC SAML PCI DSS

Observability

Elasticsearch Logstash Kibana Prometheus Grafana ADOT CloudWatch CloudTrail

Operating Systems & Scripting

Linux Windows Bash JavaScript

Databases

Amazon Aurora Amazon Redshift MySQL PostgreSQL SQL Server MariaDB DynamoDB

Language Skills

English

Full professional proficiency

C1

Spanish

Native proficiency

Native

Certifications

Cloud Projects

Mix of personal and professional projects

AWS Cloud Resume Challenge

AWS Cloud Resume Challenge

Built this resume website as part of the Cloud Resume Challenge (AWS edition), a full-stack project using AWS services, Terraform, CI/CD with GitHub Actions, and serverless architecture. The site is hosted on S3 behind CloudFront and Route 53, secured with SSL certificate managed by AWS Certificate Manager. It includes a live visitor counter backed by Lambda and DynamoDB

Terraform CI/CD AWS Serverless
IAM-based Authentication for Amazon Aurora

IAM-based Authentication for Amazon Aurora

Designed and implemented a secure, scalable and auditable authentication mechanism for production databases using IAM and SSO, replacing MySQL native password-based authentication to meet audit requirements

Amazon Aurora IAM SSO Security Compliance
EC2 Access with SSM Session Manager

EC2 Access with SSM Session Manager

Implemented a secure and federated access mechanism for EC2 instances using AWS SSM Session Manager integrated with IAM Identity Center (SSO). Developed custom SSM documents to tailor session behavior and logging, and defined fine-grained IAM policies with resource tagging and condition keys to enforce least privilege.

AWS SSM EC2 Security IAM
End-to-End Observability on AWS with Terraform

End-to-End Observability on AWS with Terraform

Built an end-to-end monitoring and alerting solution using custom Terraform modules for EC2, EKS and AWS API activity with ADOT, Amazon-managed Prometheus and Grafana, AWS CloudTrail, AWS CloudWatch and SNS

Monitoring Terraform Networking AWS
Company-wide SIEM with ELK & AWS

Company-wide SIEM with ELK & AWS

Built a company-wide SIEM solution using the ELK stack (Elasticsearch, Logstash, Kibana), integrating AWS services, identity providers, security platforms and other third-party tools to enable centralized logging, end-to-end traceability and compliance with audit requirements.

Elasticsearch Logstash Kibana SIEM Security Compliance AWS
ELK Stack Performance & Cost Optimization

ELK Stack Performance & Cost Optimization

Built Logstash pipelines and fine-tuned index settings —including sharding and field mappings— to optimize indexing and search performance. Customized Elasticsearch Index Lifecycle Management (ILM) policies across environments to improve log and metric retention strategies, reducing storage costs and saving the company over $150,000 annually.

ELK Stack Performance Cost Optimization ILM