LEAD DEVOPS ENGINEER • REMOTE / INTERNATIONAL

Hey, I'm
Muhamad Asif

14+ years taming clouds, wrangling Kubernetes, and shipping infrastructure so rock-solid it practically runs itself. I genuinely love what I do — and it shows.

Lahore, Pakistan
AWS • GCP • OVH • Kubernetes • GitOps
SEE MY WORK LinkedIn Email Me
14+
Years Experience
25%
Cost Reduction
200+
Machines Managed
6
Major Projects
Scroll
About

14+ years turning
infrastructure into
competitive advantage

Lead DevOps Engineer with deep expertise across AWS, GCP, OVH Cloud, Kubernetes, service mesh, GitOps, and multi-cloud architecture.

14+
Years delivering
production-grade cloud
200+ machines • zero-downtime • multi-cloud
GCP Certified DevOps Engineer Stellar Performer 2017

I design, build, and operate highly available, secure, and cost-efficient cloud infrastructure — and I genuinely love every bit of it.

Specialized in Kubernetes orchestration, service mesh (Istio + Consul), IaC (Terraform + Terragrunt), CI/CD pipelines, DevSecOps, and hybrid/multi-cloud environments. My track record includes zero-downtime cloud migrations, 25% cost reductions, enterprise security with Cloudflare Zero Trust & AWS WAF, and full observability platforms.

"Infrastructure should be code, deployments should be boring, and on-call nights should be quiet."

GitOps Expert
ArgoCD · Helm · Flux
DevSecOps
Zero Trust · WAF · Vault
FinOps
25% cost reduction
Multi-Cloud
AWS ↔ GCP ↔ OVH
Career

Leadership Experience

Current
June 2024 — Present
Lead DevOps Engineer
Vaival Technologies · Lahore
AWS OVH Cloud Kubernetes Cloudflare Tailscale Istio Vault
  • Managed a broad AWS estate — EKS, ECS, RDS, CloudFront, ALB, Auto Scaling, Control Tower, Organizations, WAF, Firewall Manager, AWS Config, and SSM across multiple accounts and regions.
  • Deployed and operated self-managed Kubernetes (MicroK8s) and Docker Swarm on OVH Cloud, reducing vendor lock-in and achieving a 25% reduction in operational costs.
  • Designed ingress and traffic routing with Caddy, Traefik, and NGINX Ingress Controller, enabling zero-downtime deployments and granular request control.
  • Secured the perimeter with Cloudflare WAF, Zero Trust, and Cloudflare Tunnel — eliminating public attack surface, enforcing identity-based access, and routing internal traffic without opening firewall ports.
  • Rolled out Tailscale across the entire engineering org, replacing legacy VPN with a WireGuard-based zero-trust mesh; configured ACL policies, MagicDNS, exit nodes, and Tailscale SSH for auditable, keyless server access.
  • Standardized IaC using Terraform and Terragrunt with DRY, modular, multi-account definitions across AWS and OVH Cloud.
  • Deployed Istio service mesh with HashiCorp Consul for mTLS & service discovery, and Vault for centralized secrets management.
  • Built a full observability platform with Grafana, Prometheus, Sentry, and OpenSearch, enabling proactive incident response.
5 Years
Oct 2019 — June 2024
Senior DevOps Engineer
Big Byte Insights Ltd.
GCP AWS Cloudflare Tailscale Terraform ArgoCD
  • Architected and operated hybrid cloud infrastructure across GCP and AWS using GKE, Cloud Run, ECS, EKS, and Fargate.
  • Delivered serverless platforms using Cloud Functions and Lambda, reducing idle compute costs and improving event-driven reliability.
  • Authored Terraform and Ansible modules standardizing IaC across GCP and AWS, reducing provisioning overhead across both clouds.
  • Designed end-to-end networking: VPNs, load balancers, Cloud CDN, Cloud Armor, Binary Authorization, KMS, Cloudflare CDN/WAF/DNS, and Cloudflare Workers for edge logic.
  • Implemented Tailscale as the company-wide secure networking layer for multi-cloud connectivity, enabling developers and services to communicate across GCP and AWS without complex VPN gateways.
  • Integrated full CI/CD ecosystem — Spinnaker, ArgoCD, Helm, Cloud Build, Jenkins, GitLab CI/CD, and AWS CodePipeline.
  • Deployed Grafana + Prometheus observability with SLO-driven alerting; managed Airflow/Composer data pipelines and Cloud SQL/RDS databases.
3.5 Years
Jan 2016 — Oct 2019
DevOps Engineer
Ebryx Pvt Ltd · Lahore
AWS Jenkins SRE
  • Managed scalable AWS infrastructure across Elastic Beanstalk, ECS, and EKS for multiple product teams.
  • Designed Lambda-based serverless architectures and administered RDS/Aurora fleets with high availability and automated failover.
  • Owned IaC across Terraform, CloudFormation, and Ansible with versioned, auditable definitions.
  • Built and maintained CI/CD pipelines with Jenkins, GitLab CI/CD, and AWS CodePipeline, accelerating release cadence.
  • Applied SRE practices: error budgets, runbooks, and blameless post-mortems — improving MTTR and team culture. ★ Stellar Performer 2017.
2 Years
2013 — 2015
Systems Engineer
Ebryx Pvt Ltd · Lahore
Ansible KVM VMware Linux
  • Automated server provisioning across bare-metal and VM environments using Ansible playbooks and Bash scripts, cutting deployment time significantly.
  • Administered KVM and VMware virtualization stacks, managing VM lifecycle, snapshots, storage pools, and resource allocation.
  • Hardened Linux systems using Lynis audits, SELinux/AppArmor policy tuning, and CIS benchmark enforcement.
  • Administered MySQL and PostgreSQL databases — schema management, user permissions, query optimization, and backup routines.
1 Year
2012 — 2013
System Administrator
Textile Marketing Co. · Lahore
CentOS Active Directory Apache
  • Managed a fleet of 20+ CentOS and Windows servers covering web, file, mail, and print services for the organization.
  • Administered Active Directory — user/group policies, GPOs, DNS, and DHCP across the corporate network.
  • Configured and maintained Apache virtual hosts and TMG/Squid proxy for internet access control and traffic filtering.
1 Year
2011 — 2012
IT Administrator
KM Communications · Lahore
Nagios Bacula Bash
  • Where it all began — took full ownership of IT operations for a telecoms company, managing 30+ servers solo from day one.
  • Built automated patch management pipelines using Bash and cron, eliminating manual update cycles across the entire server fleet.
  • Deployed Nagios for infrastructure monitoring with alerting, reducing mean time to detect incidents across critical services.
  • Designed and implemented Bacula + rsync backup strategies with offsite DR plans, ensuring full recoverability.
Portfolio

Major Industry Projects

End-to-end cloud platforms I designed, migrated, and productionized — work I'm genuinely proud of.

Infrastructure

Verizon Connect (ex-Telogis)

Took ownership of a 200+ machine fleet for one of the world's top telematics platforms — provisioning, automation, and CI/CD running at global scale.

AWS Jenkins Terraform Ansible
CI/CD

apkamuaalij.com

Built a full deployment pipeline on DigitalOcean — Kubernetes cluster for production workloads, Docker Compose for staging, and GitHub Actions driving the entire CI/CD flow from commit to live.

DigitalOcean Kubernetes Docker Compose GitHub Actions
App Platform

genetics-pharmaceuticals.com

Deployed a pharmaceuticals platform on DigitalOcean App Platform backed by Kubernetes, with Docker Compose handling local and staging environments and GitHub Actions automating builds and deployments end-to-end.

DigitalOcean App Platform Kubernetes Docker Compose GitHub Actions
Kubernetes

carecart.io

Architected a production platform combining a self-managed database tier — MySQL and PostgreSQL on dedicated servers with replication and automated failover — alongside a Kubernetes-orchestrated application layer for scalable, resilient deployments.

Kubernetes MySQL PostgreSQL Self-Managed DB Helm
Kubernetes

invisily.com

Built a fully containerized AWS platform from the ground up — Docker and Kubernetes deployment patterns that scaled confidently with the product.

AWS EKS Docker
GCP Build

milkipay.com

Built a fintech startup's entire GCP platform from zero — IaC, GKE orchestration, CI/CD, monitoring, and security. A foundation they could trust and grow on.

GCP GKE Terraform Helm
Data Center

FireEye (now Trellix)

Built a fully replicated offshore lab in a local DC for a global cybersecurity leader — everything their security research team needed, production-faithful.

On-Prem Linux Security
Expertise

Technical Arsenal

Cloud Platforms

AWS (Expert) GCP (Expert) OVH Cloud DigitalOcean

Containers & Orchestration

Kubernetes Docker EKS GKE MicroK8s Docker Swarm Helm ECS / Fargate

IaC & Automation

Terraform Terragrunt Ansible CloudFormation Python Bash

CI/CD & GitOps

Jenkins GitLab CI/CD ArgoCD Spinnaker CodePipeline Cloud Build

Security & Service Mesh

Cloudflare WAF Cloudflare Zero Trust Cloudflare Tunnel Cloudflare Access Cloudflare Workers Cloudflare CDN / DNS Cloudflare R2 / D1 Tailscale (Expert) Tailscale ACLs Tailscale SSH Tailscale Exit Nodes AWS WAF Istio Consul Vault IAM / KMS DevSecOps

Observability & Databases

Grafana Prometheus Sentry OpenSearch MySQL PostgreSQL RDS / Aurora
Traffic & Ingress: Traefik · Caddy · NGINX Ingress · AWS ALB · CloudFront · Cloudflare Tunnel Serverless: Lambda · Cloud Run · App Engine · Cloud Functions · Cloudflare Workers Zero-Trust Networking: Tailscale · Cloudflare Access · WireGuard Virtualization: KVM · VMware
Recognition

Certifications & Awards

Certifications

Google Cloud Professional DevOps Engineer
Google · 2024
View ↗
Google Cloud Professional Developer
Google · 2023
ProofPoint Email Fraud Defense System
Proofpoint · 2019
Proofpoint Certified Channel Sales Engineer
Proofpoint · 2019

Awards

Stellar Performer of the Year
Ebryx Pvt Ltd · 2017
Bravo Performance Award
Ebryx Pvt Ltd · 2016
Bachelor of Arts, 1st Division
Islamia University Bahawalpur · 2010
Get in Touch

Let's build something
great together

Open to Lead DevOps, Platform Engineering, or Cloud Architect roles — remote or on-site.

cloudlative@gmail.com
+92-333-8885567
linkedin.com/in/aasifrafiq
Download Full Resume (PDF)