Open to work | Platform Engineer, Cloud Engineer & SRE roles - full-time or consulting | Open to relocation and international opportunities—let’s connect and discuss how I can contribute to your team.Open to work | Platform Engineer, Cloud Engineer & SRE roles - full-time or consulting | Open to relocation and international opportunities—let’s connect and discuss how I can contribute to your team.Open to work | Platform Engineer, Cloud Engineer & SRE roles - full-time or consulting | Open to relocation and international opportunities—let’s connect and discuss how I can contribute to your team.Open to work | Platform Engineer, Cloud Engineer & SRE roles - full-time or consulting | Open to relocation and international opportunities—let’s connect and discuss how I can contribute to your team.

Santhosh Kumar J

Platform Engineer · Cloud Engineer · SREChennai, India

Platform & Cloud Engineer and SRE with 14+ years building and operating cloud-native platforms on AWS, Azure, and GCP for systems serving 10M+ users.

Santhosh Kumar J

By the numbers

14+

Years of experience

50+

Production Kubernetes clusters managed

10M+

Users served by our platforms

99.9%

Availability sustained

From branch to production: automating multi-environment deployments with GitHub Actions and Argo CD on EKS

How I run 20+ developer environments plus testing, staging and production across two AWS accounts with one standalone deploy-pipeline repo whose workflow every microservice reuses — GitHub Actions building images, self-hosted runners reaching private EKS, and per-cluster Argo CD doing the syncs. On-demand dev deploys, auto-drafted releases and a branch-to-production promotion flow that never rebuilds the artefact.

KubernetesGitOpsCI/CD+1

Building a Kubernetes operator in Go: automating SPIFFE workload registration

In the previous post I registered SPIFFE entries by hand with spire-server entry create. Here I build the Kubernetes operator that automates it — a controller-runtime reconciler that watches Deployments and registers them with the SPIRE Entry API, finalizer cleanup and Prometheus metrics included.

KubernetesGoOperators+1

Implementing zero trust workload identity with SPIFFE/SPIRE on Kubernetes

Static API keys and shared secrets don't scale, and they all hit the Secret Zero problem. Here's how SPIFFE and SPIRE give every workload a short-lived, attested identity on Kubernetes — with production manifests, go-spiffe mTLS and the operational reality of running it.

KubernetesSecurityZero Trust+1

GitHub Contributions

132 in the last year

Impact

FinOps governance

Rightsizing, autoscaling, Reserved Instance planning and Karpenter-based Spot optimisation across customer platforms.

35%

cloud costs cut

GitOps delivery

GitOps-driven deployment pipelines built with Argo CD, GitHub Actions, Jenkins and Azure DevOps.

80%

less deploy effort

Infrastructure as Code

Terraform, Kustomize and CloudFormation standards rolled out within 2 months — eliminating configuration drift.

70%

less provisioning

Self-service platform

Developer environments orchestrated in shared Kubernetes clusters with Argo CD and GitHub Actions.

20+

dev environments

Observability adoption

Self-hosted LGTM stack ingesting 20 GB of logs a day and 10M metric series — at 50% lower cost than managed tooling.

15+

teams onboarded

DevSecOps programmes

Vulnerability remediation and CIS-aligned security baselines across 10+ customer environments.

50+

CVEs resolved

Skills & Tools

KubernetesDockerHelmAmazon Web Services (AWS)Google Cloud Platform (GCP)Microsoft AzureCloudflareTerraformAWS CloudFormationGitOpsArgo CDGitHub ActionsJenkinsAzure DevOpsPrometheusGrafanaLokiTempoOpenTelemetrySigNozNew RelicTypeScriptNode.jsReactNext.jsPostgreSQLMySQLMongoDBRedisElasticsearchNeo4jLinuxShell ScriptingGit