Key Responsibilities

• ★Built and maintained Jenkins CI/CD pipelines for AWS EKS and VMware on-prem deployments with separate environment workflows, automated build triggers, test stages, Slack notifications, and rollback triggers; integrated Argo CD for GitOps-driven Kubernetes sync and deployed environment-specific configurations via Kustomize overlays
• ★Designed end-to-end EKS deployment pipeline: GitHub webhook → Maven build → Docker multi-stage image → ECR push → Helm chart deploy → Argo CD sync, with automated rollback and environment-specific Helm value overrides
• ★Authored Terraform IaC modules for AWS (EC2, VPC, ALB, IAM, EKS node groups) and VMware vSphere; managed remote state with S3 + DynamoDB locking ensuring safe concurrent deployments across teams
• ★Provisioned 2 production EKS clusters (20–40 worker nodes) via Terraform; enforced Kubernetes RBAC (Roles, ClusterRoles, RoleBindings) for least-privilege access control and implemented Pod Security Admission policies to restrict privileged workloads across namespaces
• ★Managed Kubernetes persistent storage for stateful workloads using PersistentVolumeClaims, StorageClasses, and the EBS CSI Driver — handling dynamic provisioning, volume binding, and lifecycle management across dev and production environments
• ★Configured Kubernetes Network Policies (VPC CNI) to enforce pod-to-pod traffic segmentation between namespaces; managed AWS Load Balancer Controller for production ingress routing alongside IRSA/OIDC for pod-level IAM
• ★Managed Kubernetes secrets using Sealed Secrets for GitOps-safe secret storage; containerised microservices (eSign, eKYC) via Docker multi-stage builds deployed via Helm Charts with namespace isolation and resource limits
• ★Deployed Kubernetes-native observability stack: Prometheus with kube-state-metrics and metrics-server for cluster and workload metrics, Grafana dashboards for pod/node/namespace visibility, and ELK Stack for centralised log aggregation — covering both EKS and VMware environments
• ★Configured ElastAlert2 detection rules (SSH brute force, CPU spikes, error rate thresholds) achieving sub-5-minute MTTD; vROps alerting for VMware resource contention reduced unplanned downtime by ~40%
• ★Maintained 99.9%+ uptime across 1500+ VMs for NPS, PAN, TIN, CRA, and eSign platforms serving 60M+ NPS subscribers and 300M+ PAN cardholders; executed zero-downtime ESXi upgrades across 100+ hosts with Python/Shell pre/post-validation scripts
• ★Automated VM provisioning via Ansible achieving 100% monthly patch compliance, eliminating configuration drift across 1500+ Windows Server (2016/2019/2022) and Linux VMs
• ★Led daily operations of a 6-member infrastructure team; served as escalation point for P1/P2 incidents and conducted structured Root Cause Analysis (RCA) for all major events
• ★Participated in CAB meetings and enforced ITIL-aligned change management processes, reducing change-related incidents by standardizing pre-change checklists
• ★Built an internal infrastructure asset management platform using Spring Boot, MySQL, and ReactJS to replace manual spreadsheet tracking of 1500+ hardware/software assets, reducing audit preparation time by ~50%

Key Achievements

• ★Promoted to Assistant Manager within 6 months based on operational ownership and leadership.
• ★Designed and owned end-to-end GitOps-based EKS deployment pipeline adopted across production environments.
• ★Reduced DR drill time by 60% through Ansible-driven disaster recovery automation.