Results-driven Senior SRE / Platform Engineer with 6+ years designing, automating, and operating scalable cloud infrastructure across AWS, Azure, and GCP. I build self-service platforms on Kubernetes, codify everything with Terraform / Terragrunt, ship via GitOps (ArgoCD) and CI/CD pipelines, and bake in DevSecOps and cloud security from day one.
- 🏗️ Led architectural redesign of centralized, multi-region hybrid infrastructure (on-prem + AWS)
- ☸️ Run EKS, AKS, GKE, ROSA (OpenShift) and self-managed (RKE2 / Talos) clusters via GitOps
- 💰 Drove cost optimization across 50+ AWS accounts — rightsizing, unused-resource cleanup, cost governance
- 🛡️ Implement DevSecOps — Trivy, SonarQube, TFSec, Security Hub, GuardDuty, least-privilege IAM
- 🌍 Architected multi-region Disaster Recovery (RTO/RPO-driven, automated failover) during a regional outage
Each box is one of my real projects (links in the table below) — rendered live by GitHub on every visit.
flowchart TB
DEV(["👩💻 Developers / Git"]):::entry
subgraph GOV["☁️ Cloud Foundation & Governance"]
direction LR
LZ["🏛️ AWS Landing Zone<br/><i>multi-account · SCPs · audit</i>"]:::aws
AZ["⚙️ Azure IaC + CI/CD<br/><i>App Service · AKS · Front Door</i>"]:::azure
end
subgraph IAC["🧱 Infrastructure as Code"]
direction LR
TG["🧱 Terragrunt Platform<br/><i>DRY · VPC / EKS / CloudFront</i>"]:::aws
PK["🛡️ Golden Images (CIS)<br/><i>Packer · hardened AMIs</i>"]:::sec
end
subgraph DSO["🛡️ DevSecOps Security Gates"]
direction LR
TFSEC["🛡️ tfsec<br/><i>IaC code scan</i>"]:::sec
TRIVY["🛡️ Trivy<br/><i>container image scan</i>"]:::sec
end
subgraph PLAT["☸️ Kubernetes & GitOps Platform"]
direction LR
AR["☸️ ArgoCD GitOps<br/><i>app-of-apps · multi-cluster</i>"]:::k8s
HC["⛵ Helm Charts Library<br/><i>reusable · auto-release</i>"]:::k8s
GHA["🔁 Reusable GitHub Actions<br/><i>CI → scan/push → GitOps deploy</i>"]:::cicd
end
subgraph APPSEC["🔐 App Security & 💰 FinOps"]
direction LR
CG["🔐 Cognito Passwordless<br/><i>CUSTOM_AUTH · Lambda</i>"]:::sec
CO["💰 Cost Optimizer<br/><i>rightsizing · waste cleanup</i>"]:::fin
end
DEV --> GOV
GOV --> IAC
IAC --> DSO
DSO --> PLAT
PLAT --> APPSEC
CO -. "cost governance" .-> GOV
click LZ href "https://github.com/Muhammad-Imad/terraform-aws-landing-zone" _blank
click AZ href "https://github.com/Muhammad-Imad/azure-devops-iac-pipelines" _blank
click TG href "https://github.com/Muhammad-Imad/terragrunt-aws-platform" _blank
click PK href "https://github.com/Muhammad-Imad/packer-golden-images-cis" _blank
click AR href "https://github.com/Muhammad-Imad/argocd-gitops-platform" _blank
click HC href "https://github.com/Muhammad-Imad/helm-charts-library" _blank
click CG href "https://github.com/Muhammad-Imad/terraform-aws-cognito-passwordless" _blank
click CO href "https://github.com/Muhammad-Imad/aws-cost-optimizer" _blank
click GHA href "https://github.com/Muhammad-Imad/reusable-github-actions" _blank
classDef entry fill:#0A66C2,stroke:#fff,stroke-width:1px,color:#fff;
classDef aws fill:#232F3E,stroke:#FF9900,stroke-width:1px,color:#fff;
classDef azure fill:#0078D4,stroke:#fff,stroke-width:1px,color:#fff;
classDef k8s fill:#326CE5,stroke:#fff,stroke-width:1px,color:#fff;
classDef sec fill:#7B1FA2,stroke:#fff,stroke-width:1px,color:#fff;
classDef fin fill:#2E7D32,stroke:#fff,stroke-width:1px,color:#fff;
classDef cicd fill:#2088FF,stroke:#fff,stroke-width:1px,color:#fff;
| Project | What it demonstrates |
|---|---|
| 🏛️ terraform-aws-landing-zone | Multi-account AWS Landing Zone — org / network / identity / log-archive / audit hubs, SCPs, centralized logging |
| 🧱 terragrunt-aws-platform | DRY multi-account AWS platform with Terragrunt — _envcommon pattern, dependency-ordered VPC / EKS / S3+CloudFront modules |
| ☸️ argocd-gitops-platform | App-of-apps GitOps across multiple K8s clusters & regions (ArgoCD + Helm + Kustomize) |
| ⛵ helm-charts-library | Reusable Helm charts — shared library chart + web-service & worker app charts, schema-validated, auto-released · 📡 Live Helm repo |
| 🔁 reusable-github-actions | Reusable Actions workflows + composite actions — standardized CI → Trivy-gated build/push → GitOps deploy |
| 🔐 terraform-aws-cognito-passwordless | Reusable, DRY module — passwordless auth (email magic-link + phone OTP) on Cognito CUSTOM_AUTH + Lambda triggers |
| 🛡️ packer-golden-images-cis | CIS-hardened golden AMIs (Ubuntu / RHEL / Amazon Linux / Windows) with automated builds |
| 💰 aws-cost-optimizer | Python tool — multi-account cost analysis, rightsizing & unused-resource reports |
| ⚙️ azure-devops-iac-pipelines | Azure IaC + YAML build/release pipelines for microservices (App Services, AKS, Key Vault, Front Door) |
📖 Detailed engineering case studies (architecture, decisions, impact) live in each repo's README.
👆 Click any badge to view the certificate.
📍 Based in Karachi, Pakistan · Open to Remote / Relocation Worldwide · SRE · Platform Engineering · DevOps



