🛠️ Projects

GitOps CI/CD Platform

Built end-to-end secure CI/CD pipeline integrating Trivy container scanning, SAST with Semgrep, IaC validation with Checkov, and automated deployment to EKS with ArgoCD GitOps. Configured Prometheus/Grafana monitoring with SLI/SLO alerting, blocking 15+ critical vulnerabilities before production.

Jenkins ArgoCD Trivy Checkov EKS Prometheus Grafana

Multi-Cloud Security Infrastructure

Designed production-grade AWS security stack with WAF SQL injection rules, GuardDuty anomaly detection, Security Hub aggregation across 3 accounts, and Terraform IaC. Automated incident response with Lambda/Python, passing external penetration test with zero critical findings.

AWS WAF GuardDuty Security Hub Terraform Lambda Python

Hardened Kubernetes Lab

Built hardened K3s cluster with CIS Kubernetes Benchmark compliance, implementing Pod Security Admission, network policies, Falco runtime monitoring, and secrets encryption with Sealed Secrets, reducing attack surface by 75% compared to default installation.

K3s Falco OPA Cert-Manager Sealed Secrets

Enterprise Infrastructure Lab

Built hybrid Active Directory environment with Windows Server 2022, Azure AD Connect sync, and Intune MDM. Configured GPOs, conditional access policies, and automated compliance reporting, simulating enterprise-scale identity management for 500+ test accounts.

Windows Server Active Directory Azure AD Intune GPO

Security Monitoring & Automation

Deployed Splunk SIEM integrated with Windows Event Forwarding and Sysmon. Developed PowerShell scripts for automated log collection and incident response playbooks, reducing mean-time-to-detect by 60% across test environment.

Splunk Sysmon PowerShell WEF