Singapore, Singapore
With over 3.9/(total 19) years of pioneering work at Temus, I have honed my expertise in leveraging Generative AI to revolutionize DevSecOps tasks. My mission is to enhance infrastructure management through cutting-edge technology, aligning with Temus' innovative culture. My core competencies include FullStack Development and a deep understanding of DevSecOps, which enable me to contribute to our shared vision of efficient and secure IT environments. At Temus, my role centers on leading the research and implementation of AWS Bedrock and Azure OpenAI to automate and streamline DevSecOps processes. This has resulted in the successful onboarding of Line of Business applications and the establishment of automated delivery pipelines. By leveraging GenAI ecosystem, our team has significantly boosted operational efficiency and security, showcasing my commitment to driving continuous improvement and excellence in DevOps practices.
Led the end-to-end security architecture and compliance platform delivery for a national healthcare research initiative in Singapore, working directly with government stakeholders and the customer CIO office. Designed and implemented a multi-account AWS Landing Zone aligned with MOH HIM policy requirements across 6 policy domains — ICT Security (ISP), Application Development Security (ADS), Cloud Security for IaaS/PaaS, Infrastructure Services Security (ISS), Third Party Management (TPM), and IFS compliance clauses. Key deliverables: - Architected AWS Control Tower foundation with the accounts across OUs, enforcing data residency, SCP guardrails, and KMS encryption-at-rest for all workloads - Built a real-time Compliance Dashboard (Next.js + Python Lambda + PostgreSQL) that tracks all the policy requirements across policy documents with automated parsing, requirement extraction, and policy-to-infrastructure mapping — achieving 100% review coverage - Implemented infrastructure security controls (CloudTrail, GuardDuty, Security Hub, Config Rules, VPC endpoints, DLP, IAM architecture, central logging) with automated compliance scanning across all accounts - Developed automated policy document lifecycle — PDF-to-Markdown conversion, clause extraction (supporting HIM policy formats), keyword-based requirement mapping, and gap analysis with zero manual intervention - Conducted policy change impact analysis for MOH Circular updates, producing customer-facing comparison reports and presentations for stakeholder review - Created comprehensive operational documentation and runbooks enabling team onboarding with zero knowledge transfer dependency Technology: AWS Control Tower, Terraform, Lambda (Python), Next.js, PostgreSQL (RDS), S3, CloudFront, Cognito, EventBridge, GuardDuty, Security Hub, KMS, Macie, SCPs Domain: Healthcare IT Security, MOH HIM Framework, Singapore Public Healthcare
A GCC+(AWS) Project running on DLZ, • Designed secure AWS multi-account architecture with cross-account IAM role assumption, trust poli- cies, permission boundaries, and ABAC for fine-grained access control. • Implemented enterprise SSO with Active Directory for seamless authentication and authorization across multiple AWS accounts and services. • Built resilient VPC networking with peering, transit gateways, and segmented environments to en- sure secure and scalable connectivity. • Deployed Amazon EKS clusters with custom node groups, auto-scaling, and ALB ingress controllers for both internal and external workloads. • Configured secure container lifecycle using Amazon ECR with cross-account access, image scanning, and optimized caching strategies. • Implemented CI/CD automation via Shiphat dedicated runner and pipelines with Squid proxy integration, AMI baking, IaC templates, and artifact management. • Engineered high availability database solutions using SQL Server Always On, Windows Failover Clustering, and read-replica routing across multiple AZs. • Integrated enterprise services including AD domain joining for EC2, SMTP relay for email, Nessus vulnerability scanning, and Splunk-based centralized logging. • Optimized AWS costs by right-sizing EC2/RDS/storage, Reserved Instance vs On-Demand analysis, and detailed cost breakdowns with savings recommendations. • Advised C-level stakeholders on infrastructure design trade-offs such as multi-AZ vs single-AZ, managed vs self-managed, subnetting strategies, and connectivity models. • Strengthened cloud security posture with GuardDuty, Security Hub, CloudTrail, NACLs, SGs, VPC endpoints, and S3 encryption with access controls. • Established observability frameworks with CloudWatch metrics, VPC Flow Logs, and compliance- driven log forwarding for SOC visibility. • Delivered robust disaster recovery architecture with automated failover
Conducting interviews & training to new joiners Arrange Scrum sprint/daily standup for the team of 11 members Analysing the existing setup to prepare roadmap for DevSecOps ELK, Prometheus/Grafana, setup to onboard logs from various sources Setup CI/CD to streamline the package deployment to Kubernetes Integration of multiple tools like Jenkins, Gitlab, Ansible, Kubernetes Implementing DataOps (Data copy/ingestion / completeness check)
Conducting Interviews & provide organisation-level training on advance technologies Layout the process to implement DevSecOps for various stream/projects Clear segregation between Infrastructure and Application deployment via CI/CD Handling deployments to AWS of Micro-service based E-commerce applications(frontend as well as backend) with a project team of 19 developers. Strong working experience in tools related to Application Lifecycle Management via Jenkins. Hands-on working experience in customised CICD (Continuous Integration Continuous Deployment) practices. Deploy & manage the application to integrated ECS cluster for NodeJs via Terraform to deploy each infrastructure components VPC,ECR,S3,ECS, Lambda function, Cognito, Task definition and services. Created standard templates to build Dev/QA/Production environment via Terraform. Jenkins integration with various tools like Docker, Sonarqube, Slack channel, Browser stack etc. Strong skills in shell scripting/automation. Maintain git branches and version control. Good understanding of product life cycle management