Platform engineer specialising in Azure infrastructure automation, identity & access management, and multi-tenant cloud governance at enterprise scale.
I'm a platform engineer on a Digital Unit team, where I design and build the Azure infrastructure foundations that product teams build on top of. That means Landing Zone patterns, hub-spoke networking, multi-tenant Entra ID governance, and everything in between.
My philosophy is simple: automate everything that can be automated, keep security posture tight with least-privilege by default, and treat infrastructure as code — always. I live in Azure, Terraform, PowerShell, and Azure DevOps pipelines day to day.
Outside of infrastructure, I'm expanding my roots in infrastructure and related services while keeping a close eye on how AI tooling is reshaping the cloud engineering workflow.
From infrastructure design to security architecture and DevOps automation — here's what I do best.
A cross-section of platform engineering work spanning infrastructure automation, identity, and observability.
End-to-end External ID / CIAM platform build for a multi-tenant organisation. Terraform-managed app registrations, custom RBAC roles, Log Analytics bootstrapping, and cross-tenant user sync automation via Azure DevOps pipelines.
Multi-subscription hub-spoke network deployment for enterprise production workloads. Private endpoints, Defender for Cloud integration, DNS hierarchy management, and Terraform Cloud workspace orchestration across environments.
Scheduled weekly RBAC audit pipeline covering service principal security, managed identity permissions, and cross-subscription role assignments. PowerShell + Azure DevOps with CSV audit trail output and anomaly flagging.
Bulk Log Analytics workspace integration across 24+ Microsoft Fabric workspaces via Power BI Admin API. Terraform-managed Fabric capacity, lakehouses, and GraphQL API health index with KQL-based monitoring dashboards.
APIM integration layer over Microsoft Fabric GraphQL APIs using User-Assigned Managed Identity. Policy XML templating, UAMI attachment via azapi_update_resource, and production 500 error incident resolution.
Automated cross-tenant Entra ID user synchronisation comparing ~1,000 workforce tenant users against ~200 non-prod users using UPN prefix matching, with ADO pipeline YAML orchestration and Terraform Cloud variable sourcing.
Practical write-ups on Azure architecture, identity patterns, and platform engineering from the trenches.
Whether you need an Azure architect for a greenfield platform build, fractional consulting on identity and governance, or someone to review your IaC foundations — I'm open to conversations.