Professional Summary

AWS Certified Solutions Architect with 7+ years of hands-on experience designing, building, and operating distributed systems and cloud infrastructure on AWS and Azure. I bring an unusual combination of depth — I've written the microservices, designed the network topology they run on, built the Helm pipelines that deploy them, and owned the IAM and identity architecture that secures them. At J.B. Hunt I was the go-to person when the platform team needed an architecture decision made: VPC design, EKS cluster topology, Kafka partition strategy, multi-datastore selection, or trade-off analysis between approaches. At Conflux I led the full architecture and migration of a 10-year-old Java EE monolith to 15+ microservices on Azure AKS — from domain decomposition through network design, CI/CD build-out, and go-live. I hold AWS certifications in Solutions Architect, Security Specialty, and AI Practitioner, and I apply the Well-Architected Framework as a lens across all five pillars — not just security.

Key Achievements
  • Architected and delivered Zero Trust platform design across 50+ AWS microservices serving 100K+ enterprise users — defined VPC segmentation, IAM least-privilege policies, STS token-based service identity, and mTLS between services. Zero critical audit findings on first review.
  • Led end-to-end monolith-to-microservices architecture at Conflux — decomposed a 10-year-old Java EE system into 15+ independently deployable services on Azure AKS, owning the domain boundary decisions, network topology, and target-state infrastructure design.
  • Drove platform-wide infrastructure standardisation at J.B. Hunt across 20+ microservices — designed the Helm chart structure, Groovy pipeline templates, and GitOps workflows adopted as the platform standard.
  • Designed event-driven architecture using Kafka for a high-throughput logistics platform — made partition strategy, consumer group design, schema validation, and dead-letter queue decisions for 100K+ daily active users.
  • Delivered Spring Boot 2.x → 3.x and Java 11 → 17 platform migration across the full service estate — coordinated dependency resolution, breaking API changes, and security baseline cleanup. Resulted in 35% performance improvement.
  • Designed centralised identity architecture using OAuth2, OpenID Connect, and Keycloak with full RBAC and SSO across 15+ services — auth-related incidents dropped 40% after go-live.
  • Built observability architecture from scratch — selected and integrated Dynatrace (APM), Prometheus/Grafana (metrics), and Loki (logs) — cut mean time to detect (MTTD) significantly and MTTR by 30%.
Professional Experience
Software Engineer III / Solutions & Cloud Engineer
Jan 2021 – Aug 2025
J.B. Hunt Transport Services, Inc. · Arlington, VA
Core engineer and architecture resource on the Loads platform — a high-throughput logistics system processing millions of transactions daily for 100K+ enterprise users. Owned the full stack: backend microservices, Kafka event-driven pipelines, Angular UI, cloud infrastructure design, Helm pipeline automation, and identity architecture. Regularly consulted by the platform architect on infrastructure and design decisions.
Application Architecture & Backend Engineering
  • Designed and built microservices in Java 17 / Spring Boot 3.x — made REST vs gRPC trade-off decisions per service, defined API contracts, and established error handling and input validation patterns adopted across the platform.
  • Designed the platform's event-driven architecture using Kafka — owned partition count decisions, consumer group topology, schema registry integration, and dead-letter queue strategy for high-throughput load event processing.
  • Selected and implemented multi-datastore strategy across the platform — MongoDB for document data, PostgreSQL/DB2 for transactional records, Elasticsearch for search, Redis for caching — with field-level encryption and parameterised queries throughout.
  • Built Angular UI feature modules and components for internal dashboards — made component architecture decisions and established frontend data binding and rendering patterns for the team.
  • Wrote and maintained Spring Batch jobs for audit log processing, compliance reporting, and data pipeline tasks — designed retry, partitioning, and scheduling strategies.
  • Led Spring Boot 2.x → 3.x and Java 11 → 17 platform migration — assessed impact across the service estate, coordinated dependency resolution, cleaned deprecated security configs. 35% performance gain.
AWS Infrastructure & Cloud Architecture
  • Designed the AWS infrastructure architecture for the Loads platform — multi-AZ VPC with public/private subnet segmentation, Transit Gateway for cross-account connectivity, Route 53 for service discovery and failover routing, and ALB for traffic distribution.
  • Architected the EKS cluster topology — node group sizing and auto-scaling policies, namespace strategy, network policies, pod identity configuration, and Vault-based secret injection. Made repeatable across dev, staging, and production.
  • Designed IAM architecture across all platform services — least-privilege policies, STS token-based service-to-service auth, role boundaries, and Zero Trust workload identity. Passed internal audit with zero critical findings.
  • Owned Terraform IaC for the platform — wrote reusable modules for VPC, EKS, RDS, S3, and IAM. Eliminated manual provisioning and enforced consistent baselines across AWS and Azure environments.
  • Integrated AWS Secrets Manager and HashiCorp Vault — designed secrets lifecycle and rotation strategy, eliminated credentials from environment variables and CI/CD configs platform-wide.
  • Wrote Python tooling to automate IAM access reviews and compliance reporting — saved significant manual effort each quarter and fed into audit evidence packages.
DevOps & Platform Engineering
  • Led the Helm-based CI/CD standardisation — designed chart structure, Groovy-based Jenkins pipeline templates, and GitOps release workflows adopted across all 20+ microservices. Defined the platform's deployment contract.
  • Hardened Kubernetes and AKS clusters — pod security policies, network policies, namespace RBAC, and Vault secret injection. Made the configuration repeatable and drift-free across environments.
  • Integrated CI/CD quality gates — SAST, DAST, container image scanning (Aqua Security), dependency checks, and IaC policy validation. Builds with critical issues cannot reach production.
Identity & Integration Architecture
  • Designed and implemented centralised identity platform using OAuth2, OpenID Connect, and Keycloak — RBAC, SSO, and service-to-service auth across 15+ services. Auth incidents dropped 40% within months of go-live.
  • Wrote a shared Java/Spring auth library — OAuth2 token validation, JWT parsing, Spring Security filter chains, RBAC annotations — adopted across 15+ services as the team standard.
  • Enforced mTLS between services and managed secrets through AWS Secrets Manager — eliminated plaintext credentials from all environment configurations.
Observability & Production Operations
  • Designed the observability stack — selected Dynatrace for APM, Prometheus/Grafana for metrics, Loki for log aggregation, and PagerDuty for on-call routing. Cut MTTR by 30% through structured runbooks and post-mortems.
  • Led incident response for platform issues — debugged OAuth2 token failures, IAM misconfigurations, Kafka consumer lag, and expired certs — and wrote RCAs that prevented recurrence.
  • Managed Splunk SIEM integration, ServiceNow incident tracking, and kept architecture decisions documented in Jira across sprints.
Technical Leadership & Mentoring
  • Mentored four engineers (junior to mid) on cloud architecture patterns, distributed systems design, and platform fundamentals — pair programming and structured code review.
  • Worked closely with PMs and senior architects on roadmap planning — translated architecture decisions into sprint work and kept infrastructure improvements from being deprioritised.
  • Supported NIST and CIS compliance requirements and led audit preparation across the platform.
Environment: AWS (EC2, S3, IAM, STS, VPC, Transit Gateway, Route 53, ALB, EKS, RDS, DynamoDB, SNS, SQS, API Gateway, GuardDuty, CloudWatch, Config, Secrets Manager, KMS), Azure (AKS, Azure AD), Java 17, Spring Boot 3.x, Spring Security, Spring Batch, Angular, TypeScript, Kafka, MongoDB, Elasticsearch, PostgreSQL, DB2, Redis, OAuth2, OIDC, Keycloak, Helm, Groovy, Go, Terraform, Kubernetes, Aqua Security, Jenkins, GitHub Actions, GitOps, Dynatrace, Prometheus, Grafana, PagerDuty, Loki, Splunk, ServiceNow, Python, REST APIs, gRPC
Software Engineer / Cloud Engineer
Oct 2018 – Jan 2021
Conflux Systems Inc. · Alpharetta, GA
Owned the architecture and delivery of a full cloud migration programme — decomposing a 10-year-old Java EE monolith into 15+ microservices on Azure AKS. Responsible for the target-state infrastructure design, service boundary decisions, CI/CD build-out, and production go-live. Covered the full stack: backend services, Angular UIs, Kafka pipelines, and data layer.
Cloud Migration Architecture
  • Led the architecture of the monolith-to-microservices migration — evaluated domain boundaries, assessed coupling and data ownership across the legacy system, and produced the target-state design for 15+ independently deployable services on Azure AKS.
  • Designed the Azure AKS target infrastructure — virtual network topology, subnet segmentation, namespace strategy, network policies, and mTLS between services from day one. Made the architecture decisions, not just the implementation.
  • Designed the AWS network foundation — VPC segmentation, subnet design, NACLs, and security group architecture — aligned to NIST 800-53 and reviewed with the client's compliance team.
  • Built backend services and event-driven Kafka pipeline architecture for real-time data processing — made partitioning, consumer group, and schema design decisions as part of the migration.
  • Worked across MongoDB, Elasticsearch, SQL Server, and DB2 throughout the migration — assessed which data belonged in which store, redesigned schemas, and established safe query and encryption patterns.
  • Built Angular enterprise dashboards — established frontend architecture patterns, CSP headers, CSRF protection, and role-based rendering.
  • Designed and tuned Spring Batch jobs for data migration, ETL, and scheduled processing — made decisions on partitioning, retry, and scheduling strategies throughout the migration programme.
DevOps & Infrastructure Automation
  • Built Jenkins CI/CD pipelines from scratch for all 15+ microservices — designed the pipeline stages, made the tool selections (SAST, DAST, dependency scanning), and established the deployment contract for the platform.
  • Used Terraform to automate all infrastructure provisioning — wrote modules for AKS, virtual networks, Azure AD, and AWS VPC. Established consistent baselines between AWS and Azure environments.
  • Designed OAuth2, RBAC, and JWT-based auth across all migrated services using Spring Security — both service-to-service and user-facing flows. Made the identity architecture decisions for the new platform.
  • Ran vulnerability assessments across the migrated platform and worked with the incident response team on RCA write-ups and preventive control design.
Environment: Azure (AKS, Azure AD, Virtual Networks), AWS (EC2, S3, IAM, VPC, CloudWatch), Java, Spring Boot, Spring Security, Spring Batch, Angular, TypeScript, Kafka, MongoDB, Elasticsearch, SQL Server, DB2, OAuth2, JWT, RBAC, Terraform, Jenkins, SAST/DAST, Kubernetes, Helm, Docker, Python, REST APIs, ELK Stack