I designscalable cloud systems

Designed and implemented a modern, cloud-based data architecture to process enterprise-wide data efficiently and enable better decision-making based on consolidated information. The core component is a scalable ETL pipeline built on AWS Glue, extracting raw data from a central Amazon S3 data lake, transforming it, and loading it into a structured PostgreSQL database. Database access is integrated with Active Directory to ensure secure, role-based access control. Qlik is used for analytics and reporting, providing user-friendly dashboards and in-depth insights. The implementation also included establishing secure network connectivity between data sources and AWS, as well as configuring the complete ETL workflow in AWS Glue. The infrastructure is provisioned via Infrastructure as Code (IaC) using Terraform, following AWS best practices to ensure a repeatable, scalable, and maintainable environment. Finally, involved teams were onboarded through a hands-on workshop to ensure a smooth transition into usage and operations. This architecture lays the foundation for an efficient, future-proof data processing and BI solution that can flexibly scale with growing requirements. Delivery was carried out in close collaboration with an experienced cloud service provider to ensure professional integration into the existing system landscape.

In a security-critical engagement, a comprehensive audit of existing AWS services was conducted, with a strong focus on Amazon CloudFront and AWS Web Application Firewall (WAF). The goal was to assess the overall cloud setup and identify potential weaknesses in configuration and architecture early. A key part of the work was a detailed review of CloudFront configuration, especially caching behavior, policies, and security integrations. In parallel, AWS WAF rules and protections were evaluated for effectiveness against common attack vectors such as SQL injection, cross-site scripting (XSS), and other web vulnerabilities. Additional focus areas included access controls as well as logging and monitoring strategies to ensure early detection and traceability of potential security incidents. Findings were documented in a structured final report including concrete, prioritized recommendations and aligned with internal security stakeholders. By implementing the recommended measures, the platform’s security posture and resilience were improved sustainably, creating a robust foundation against current and future threat scenarios.

Designed and implemented a scalable, highly available cloud platform for the automation solution n8n on AWS in an agile Scrum environment. The goal was a future-proof architecture provisioned fully via Infrastructure as Code, supporting business-critical workflows reliably and maintainably. The platform was deployed on Amazon EKS using Helm charts, focusing on scalability, multi-tenancy, and a clear separation between infrastructure and application layers. To ensure performance and high availability, components such as load balancing, auto scaling, an in-memory Valkey cluster, and persistent EFS storage for workflows were integrated. An existing AWS RDS for PostgreSQL database containing business-critical data was securely connected. Sensitive configuration data is managed centrally using AWS Secrets Manager, with access strictly limited to service-bound IAM roles following the least-privilege principle. In addition to the Kubernetes platform, a separate serverless ECS cluster on AWS Fargate was created for an internal application. Selected n8n workflows interact with this app to deliver aggregated and processed data automatically. In parallel, an AWS Landing Zone initiative was started to establish a policy-driven, scalable multi-account structure. Existing workloads are being migrated step-by-step into the new AWS organization. Multiple isolated staging clusters and dedicated sandbox environments for development, testing, and proof-of-concepts were also set up. Finally, modern CI/CD pipelines are being introduced to automate builds, tests, container creation, Helm deployments, and rollbacks—accelerating release cycles and improving operational quality.

As part of a project delivering an on-prem OpenShift container platform for managing and distributing medical health data to connected research institutes, I worked within the Kubernetes team and took a key role in backup and platform automation. My main responsibility was implementing and deploying an IBM-based backup solution tailored to specific applications running in the Kubernetes clusters, meeting requirements for consistency and recoverability. A core objective was fully automated provisioning of all required components—especially when setting up new clusters. To achieve this, I implemented an App-of-Apps pattern with ArgoCD, enabling structured and chronologically coordinated installation of the IBM marketplace, operator configuration, and application deployment into dedicated namespaces. To ensure high security standards, dedicated service accounts were used for cross-cluster actions. These followed the least-privilege principle and were granted only the minimum permissions required for the specific resources. This resulted in a robust, secure, and maintainable backup integration that could be rolled out reproducibly to new clusters and significantly improved platform operational safety.

In an agile Scrum environment, a scalable cloud architecture was designed and implemented to modernize and accelerate the customer’s application delivery. A central component was building CI/CD pipelines using GitHub Actions. Dedicated pipelines were developed for individual endpoints (WordPress, application frontend, and backend) to automate build, test, and deployment processes efficiently. Sensitive configuration and secrets were encrypted using SOPS and protected with AWS-managed keys to ensure secure handling of secrets within the pipelines. After analyzing an existing AWS EKS setup that caused operational challenges, the deployment was migrated to AWS ECS using the serverless capacity provider Fargate—improving stability and reducing operational overhead. Secure and performant connectivity to existing databases was established. In addition, targeted code changes were implemented, including integrating nginx as a reverse proxy to optimize the application architecture. The entire infrastructure was built as code using Terraform and Terragrunt, enabling efficient multi-environment management, reducing redundancy, and improving maintainability and reproducibility.

Designed and implemented a scalable cloud architecture in an agile Scrum setup. In parallel, a CI/CD pipeline was built using Bitbucket with self-hosted runners running on AWS to modernize and accelerate the customer’s development workflows. The existing monolithic application was split into separate frontend and backend containers, enabling higher flexibility, improved scalability, and better resource efficiency. A further focus was secure handling of sensitive configuration. Secret retrieval was modernized and is now performed programmatically via AWS Secrets Manager. Sensitive data is stored in a separate AWS account and accessed strictly via service-bound IAM roles configured according to the least-privilege principle. Finally, the pipeline was configured and tested end-to-end. In close collaboration with the customer, a new branching and deployment concept was introduced to better structure development and release processes and ensure long-term maintainability.