Led the end-to-end implementation of the Azure Cloud Adoption Framework (CAF) using Terraform and Azure Verified Modules, establishing a governed, secure, and cost-optimized foundation for enterprise cloud operations. Defined repeatable landing zone patterns that accelerated workload onboarding and ensured architectural consistency at scale.

• Implemented Azure CAF landing zone design principles using Terraform and Azure Verified Modules for standardized, repeatable infrastructure provisioning
• Enforced governance controls including Azure Policy, RBAC, and management group hierarchies aligned with CAF best practices
• Hardened the platform security posture through network segmentation, private endpoints, Microsoft Defender for Cloud integration, and identity governance
• Optimized cloud spend through resource tagging strategies, budget alerts, reservation planning, and FinOps-aligned cost management policies
• Established repeatable migration patterns and processes to accelerate workload onboarding across business units

Designed a zone-redundant App Service environment with fully private networking, enterprise-grade security, and end-to-end observability. Built for production resilience with WAF-protected ingress, private endpoint connectivity across all dependent services, and identity-based access control throughout.

• Deployed multi-zone App Service instances behind Azure Application Gateway with WAF for resilient, secure inbound traffic management
• Configured private endpoints and Private DNS zones for fully internal, isolated communication between services
• Integrated Azure SQL, Container Registry, and Key Vault through private networking to eliminate public exposure
• Enforced role-based access using managed identities and Microsoft Entra ID across all service boundaries
• Provisioned the full environment with Terraform for repeatable, environment-agnostic deployments

Engineered a resilient, multi-zone, multi-tier application architecture on Azure to ensure high availability, intelligent traffic routing, and secure resource segregation across web, business, and data layers. Designed in full alignment with the Azure Well-Architected Framework for optimal reliability, security, and scalability.

• Configured Azure Traffic Manager for geo-distributed DNS-based traffic routing to region-specific Application Gateways
• Deployed Azure Application Gateway (Layer 7) with WAF and SSL termination for secure, managed inbound traffic
• Designed a structured three-tier subnet architecture — Web, Business, and Data — each enforced with tailored Network Security Groups
• Implemented Availability Zones across all tiers for high availability and fault isolation across physical datacenters
• Deployed an Azure Internal Load Balancer to isolate application layers while ensuring scalable east-west communication
• Enforced strict east-west traffic flow policies between tiers, aligning access controls with each subnet's role
• Applied Azure Well-Architected Framework principles across reliability, security, and performance pillars

Designed and deployed a production-grade microservices platform on Azure Kubernetes Service using Kong API Gateway as the ingress controller. The architecture handles routing, rate limiting, authentication, and observability across multiple backend services.

• Kong Ingress Controller on AKS for centralized API management
• Multi-service routing with rate limiting and JWT authentication plugins
• Terraform-provisioned AKS cluster with Azure CNI networking
• Prometheus + Grafana dashboards for API traffic observability
• Helm-based deployments with GitOps workflow via Azure DevOps
• Implemented secured workload in Azure with private endpoints and RBAC controls