Platform engineer specialising in Azure infrastructure automation, identity & access management, and multi-tenant cloud governance at enterprise scale.
I'm a platform engineer on a Digital Unit team, where I design and build the Azure infrastructure foundations that product teams build on top of. That means Landing Zone patterns, hub-spoke networking, multi-tenant Entra ID governance, and everything in between.
My philosophy is simple: automate everything that can be automated, keep security posture tight with least-privilege by default, and treat infrastructure as code — always. I live in Azure, Terraform, PowerShell, and Azure DevOps pipelines day to day.
Outside of infrastructure, I'm expanding my roots in infrastructure and related services while keeping a close eye on how AI tooling is reshaping the cloud engineering workflow.
From infrastructure design to security architecture and DevOps automation — here's what I do best.
A cross-section of platform engineering work spanning infrastructure, automation, security, identity, and observability.
End-to-end External ID / CIAM platform build for a multi-tenant organisation. Terraform-managed app registrations, custom RBAC roles, Log Analytics bootstrapping, and cross-tenant user sync automation via Azure DevOps pipelines.
Multi-subscription hub-spoke network deployment for enterprise production workloads. Private endpoints, Defender for Cloud integration, DNS hierarchy management, and Terraform Cloud workspace orchestration across environments.
Scheduled weekly RBAC audit pipeline covering service principal security, managed identity permissions, and cross-subscription role assignments. PowerShell + Azure DevOps with CSV audit trail output and anomaly flagging.
Bulk Log Analytics workspace integration across 24+ Microsoft Fabric workspaces via Power BI Admin API. Terraform-managed Fabric capacity, lakehouses, and GraphQL API health index with KQL-based monitoring dashboards.
APIM integration layer over Microsoft Fabric GraphQL APIs using User-Assigned Managed Identity. Policy XML templating, UAMI attachment via azapi_update_resource, and production 500 error incident resolution.
Automated cross-tenant Entra ID user synchronisation comparing ~1,000 workforce tenant users against ~200 non-prod users using UPN prefix matching, with ADO pipeline YAML orchestration and Terraform Cloud variable sourcing.
End-to-end migration of 6 release environments across Azure tenants, including pipeline standardisation across Azure DevOps, Terraform Cloud workspace automation improvements, and environment parity enforcement through modular IaC patterns.
Enterprise-scale Purview deployment to analyse and govern data across Azure and Microsoft Fabric sources. Configured scanning, classification, and lineage tracking to support data governance at scale across the organisation.
Deployed Azure Front Door with WAF policy to enforce network traffic via X-Azure-FDID header validation on public-facing services, while routing internal Azure traffic through private endpoints and private link for a fully segmented network posture.
Partnered with application teams to deploy Azure IoT Operations services at scale. Built Terraform-managed infrastructure and automated deployment pipelines, enabling efficient provisioning and consistent environment management across the IoT platform.
Converted a portal-provisioned Function/ML/AI application to fully Terraform-managed infrastructure. Involved state imports, pipeline creation, and architectural refactoring to align with platform Landing Zone best practices and IaC standards.
Analysed and designed a comprehensive disaster recovery strategy for the platform Landing Zone. Covered cost optimisation, feature verification across recovery scenarios, and deployment efficiency improvements to reduce RTO and operational overhead.
Whether you need an Azure architect for a greenfield platform build, fractional consulting on identity and governance, or someone to review your IaC foundations — I'm open to conversations.