Skip to content
View Muhammad-Imad's full-sized avatar
🎯
Focusing
🎯
Focusing

Block or report Muhammad-Imad

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Muhammad-Imad/README.md

Hi, I'm Muhammad Imad 👋

Senior SRE / Platform Engineer · Multi-Cloud (AWS · Azure · GCP) · Kubernetes · GitOps

Experience Focus Open to opportunities


🚀 About Me

Results-driven Senior SRE / Platform Engineer with 6+ years designing, automating, and operating scalable cloud infrastructure across AWS, Azure, and GCP. I build self-service platforms on Kubernetes, codify everything with Terraform / Terragrunt, ship via GitOps (ArgoCD) and CI/CD pipelines, and bake in DevSecOps and cloud security from day one.

  • 🏗️ Led architectural redesign of centralized, multi-region hybrid infrastructure (on-prem + AWS)
  • ☸️ Run EKS, AKS, GKE, ROSA (OpenShift) and self-managed (RKE2 / Talos) clusters via GitOps
  • 💰 Drove cost optimization across 50+ AWS accounts — rightsizing, unused-resource cleanup, cost governance
  • 🛡️ Implement DevSecOps — Trivy, SonarQube, TFSec, Security Hub, GuardDuty, least-privilege IAM
  • 🌍 Architected multi-region Disaster Recovery (RTO/RPO-driven, automated failover) during a regional outage

🛠️ Tech Stack

Cloud AWS Azure GCP

Containers & Orchestration Kubernetes Docker OpenShift Helm Rancher

IaC & Config Terraform Terragrunt Ansible Packer

GitOps & CI/CD ArgoCD GitHub Actions Azure Pipelines Jenkins

Observability & Security Prometheus Grafana ELK SonarQube Trivy tfsec

Languages Python Bash PowerShell YAML


🗺️ Platform Architecture — How My Work Fits Together

Each box is one of my real projects (links in the table below) — rendered live by GitHub on every visit.

flowchart TB
    DEV(["👩‍💻 Developers / Git"]):::entry

    subgraph GOV["☁️ Cloud Foundation & Governance"]
        direction LR
        LZ["🏛️ AWS Landing Zone<br/><i>multi-account · SCPs · audit</i>"]:::aws
        AZ["⚙️ Azure IaC + CI/CD<br/><i>App Service · AKS · Front Door</i>"]:::azure
    end

    subgraph IAC["🧱 Infrastructure as Code"]
        direction LR
        TG["🧱 Terragrunt Platform<br/><i>DRY · VPC / EKS / CloudFront</i>"]:::aws
        PK["🛡️ Golden Images (CIS)<br/><i>Packer · hardened AMIs</i>"]:::sec
    end

    subgraph DSO["🛡️ DevSecOps Security Gates"]
        direction LR
        TFSEC["🛡️ tfsec<br/><i>IaC code scan</i>"]:::sec
        TRIVY["🛡️ Trivy<br/><i>container image scan</i>"]:::sec
    end

    subgraph PLAT["☸️ Kubernetes & GitOps Platform"]
        direction LR
        AR["☸️ ArgoCD GitOps<br/><i>app-of-apps · multi-cluster</i>"]:::k8s
        HC["⛵ Helm Charts Library<br/><i>reusable · auto-release</i>"]:::k8s
        GHA["🔁 Reusable GitHub Actions<br/><i>CI → scan/push → GitOps deploy</i>"]:::cicd
    end

    subgraph APPSEC["🔐 App Security & 💰 FinOps"]
        direction LR
        CG["🔐 Cognito Passwordless<br/><i>CUSTOM_AUTH · Lambda</i>"]:::sec
        CO["💰 Cost Optimizer<br/><i>rightsizing · waste cleanup</i>"]:::fin
    end

    DEV --> GOV
    GOV --> IAC
    IAC --> DSO
    DSO --> PLAT
    PLAT --> APPSEC
    CO -. "cost governance" .-> GOV

    click LZ href "https://github.com/Muhammad-Imad/terraform-aws-landing-zone" _blank
    click AZ href "https://github.com/Muhammad-Imad/azure-devops-iac-pipelines" _blank
    click TG href "https://github.com/Muhammad-Imad/terragrunt-aws-platform" _blank
    click PK href "https://github.com/Muhammad-Imad/packer-golden-images-cis" _blank
    click AR href "https://github.com/Muhammad-Imad/argocd-gitops-platform" _blank
    click HC href "https://github.com/Muhammad-Imad/helm-charts-library" _blank
    click CG href "https://github.com/Muhammad-Imad/terraform-aws-cognito-passwordless" _blank
    click CO href "https://github.com/Muhammad-Imad/aws-cost-optimizer" _blank
    click GHA href "https://github.com/Muhammad-Imad/reusable-github-actions" _blank

    classDef entry fill:#0A66C2,stroke:#fff,stroke-width:1px,color:#fff;
    classDef aws fill:#232F3E,stroke:#FF9900,stroke-width:1px,color:#fff;
    classDef azure fill:#0078D4,stroke:#fff,stroke-width:1px,color:#fff;
    classDef k8s fill:#326CE5,stroke:#fff,stroke-width:1px,color:#fff;
    classDef sec fill:#7B1FA2,stroke:#fff,stroke-width:1px,color:#fff;
    classDef fin fill:#2E7D32,stroke:#fff,stroke-width:1px,color:#fff;
    classDef cicd fill:#2088FF,stroke:#fff,stroke-width:1px,color:#fff;
Loading

📌 Featured Projects

Project What it demonstrates
🏛️ terraform-aws-landing-zone Multi-account AWS Landing Zone — org / network / identity / log-archive / audit hubs, SCPs, centralized logging
🧱 terragrunt-aws-platform DRY multi-account AWS platform with Terragrunt — _envcommon pattern, dependency-ordered VPC / EKS / S3+CloudFront modules
☸️ argocd-gitops-platform App-of-apps GitOps across multiple K8s clusters & regions (ArgoCD + Helm + Kustomize)
helm-charts-library Reusable Helm charts — shared library chart + web-service & worker app charts, schema-validated, auto-released · 📡 Live Helm repo
🔁 reusable-github-actions Reusable Actions workflows + composite actions — standardized CI → Trivy-gated build/push → GitOps deploy
🔐 terraform-aws-cognito-passwordless Reusable, DRY module — passwordless auth (email magic-link + phone OTP) on Cognito CUSTOM_AUTH + Lambda triggers
🛡️ packer-golden-images-cis CIS-hardened golden AMIs (Ubuntu / RHEL / Amazon Linux / Windows) with automated builds
💰 aws-cost-optimizer Python tool — multi-account cost analysis, rightsizing & unused-resource reports
⚙️ azure-devops-iac-pipelines Azure IaC + YAML build/release pipelines for microservices (App Services, AKS, Key Vault, Front Door)

📖 Detailed engineering case studies (architecture, decisions, impact) live in each repo's README.


🎓 Certifications

👆 Click any badge to view the certificate.

AWS DevOps Pro CKA AWS SAA
AZ-104 Azure Network Engineer


📊 GitHub Stats

GitHub Stats Top Languages

GitHub Streak


📫 Let's Connect

LinkedIn Email

📍 Based in Karachi, Pakistan · Open to Remote / Relocation Worldwide · SRE · Platform Engineering · DevOps

Pinned Loading

  1. argocd-gitops-platform argocd-gitops-platform Public

    Production-style multi-cluster GitOps with ArgoCD App-of-Apps + ApplicationSets (Helm & Kustomize)

    Go Template

  2. aws-cost-optimizer aws-cost-optimizer Public

    Python CLI to audit AWS spend across accounts — Cost Explorer, unused-resource & rightsizing reports (Excel/CSV)

    Python

  3. azure-devops-iac-pipelines azure-devops-iac-pipelines Public

    Azure IaC (App Service/AKS/Front Door/Key Vault/Service Bus/ACR) + multi-stage Azure DevOps YAML pipelines with blue/green slot deployments

    HCL

  4. helm-charts-library helm-charts-library Public

    Reusable Helm charts — a shared library chart + web-service & worker app charts, with schema validation and automated chart-releaser releases

    Go Template

  5. terraform-aws-landing-zone terraform-aws-landing-zone Public

    Multi-account AWS Landing Zone reference architecture in Terraform — Organizations, SCPs, centralized CloudTrail, GuardDuty/Security Hub, IAM Identity Center, Transit Gateway

    HCL

  6. terragrunt-aws-platform terragrunt-aws-platform Public

    DRY, multi-account AWS platform with Terragrunt — _envcommon pattern, dependency-ordered VPC/EKS/S3+CloudFront modules

    HCL