┌──( raafeh@portfolio )-[ ~/career ]

$ git init
Initialized empty repository in /career

   ____             ____
  / __ \___  _   __/ __ \____  _____
 / / / / _ \| | / / / / / __ \/ ___/
/ /_/ /  __/| |/ / /_/ / /_/ (__  )
\\____/\\___/ |___/\\____/ .___/____/
                     /_/

Abdur Raafeh Mahmood

DevOps & Cloud Engineer

⚡ 6+ years building cloud infrastructure

🌍 Multi-country experience: Pakistan → Turkey → Australia

🎓 Computer Engineering, Izmir Institute of Technology

🔧 Kubernetes • Terraform • Python • Multi-Cloud

[ DOWNLOAD RESUME ] [ VIEW PIPELINE → ]

CAREER PIPELINE:

INIT ━━▶ LOKI ━━▶ LOGO ━━▶ GOART ━━▶ FRAIM ━━▶ SYSTEMS

2017 ────────────────────────────────────────── 2025

┌──[ STAGE 1: LOKI ]──────────────────────────┐

Status: ✓ SUCCESS

Duration: 4 years

Artifacts: Network Security, Automation, SaaS Platform

└─────────────────────────────────────────────────┘

🏢 LOKI - Systems Engineer → Lead Backend

📍 Izmir, Turkey | 📅 July 2017 - August 2021

EXIT CODE:

$ cat build.log

├─ Started as voluntary intern; grew to sole backend owner after lead engineer left. Delivered custom Linux images and kernel builds for DPI traffic filtering on a physical UTM device.

├─ Built network automation for iptables, nftables, arptables, hostapd, Squid, and IPS/IDS; configured bridges, PPPoE, static IP, client isolation, and VPN. Wrote Python APIs and automation to generate and apply configs and ensure services ran on startup.

├─ Integrated hardware control board for LAN/Internet LED indicators and soft boot; implemented button-triggered firewall exception for time-limited SSH access to support servers, then restricted to established connections for security.

├─ Ported the stack to OpenWRT, Raspberry Pi, Orange Pi, and FreeBSD/pfSense with a unified interface so changes reflected in both native pfSense and our custom UI. Delivered Ubiquiti Edge integration for a client project.

├─ Built an ncurses terminal UI for techs: Redis worker queues, live log exploration, and user/settings inspection over SSH to simplify debugging in the field.

├─ Added GRUB-based hardware validation so the system would decrypt and boot only on authorized hardware, preventing tampering or unauthorized part swaps.

└─ Pivoted to a SaaS security platform on Hetzner: Terraform for provisioning, WireGuard/OpenVPN/IPsec for edge-to-cloud, custom Linux images and OAuth-like edge–cloud binding. Ran self-hosted Bitbucket, then GitLab and Confluence.

$ ls -la stack/

Python Flask REST Jinja2 Redis MariaDB Bash Linux Terraform WireGuard OpenVPN IPsec iptables nftables hostapd Squid GitLab Confluence

$ htop skills

Systems Engineering 0%

Python Backend 0%

Network Automation 0%

Infrastructure Automation 0%

Security & Hardening 0%

STAGE 1 OF 5

LOKI COMPLETE

NEXT: LOGO →

┌──[ STAGE 2: LOGO ]──────────────────────────┐

Status: ✓ SUCCESS

Duration: 1 year

Artifacts: Debian Packaging, MPTCP, Licensing

└─────────────────────────────────────────────────┘

🏢 Logo Cyber - Software Engineer

📍 Turkey | 📅 2021 - 2022

EXIT CODE:

$ cat build.log

├─ Evolved image provisioning into a backward-compatible Debian packaging system: kernel and service packages with pre/post install and uninstall scripts for clean upgrades and rollbacks.

├─ Implemented MPTCP for WAN aggregation and failover (not just failover), so edge devices could combine bandwidth and fail over seamlessly to cloud controllers.

├─ Secured the stack by compiling Python to C and obfuscating with Nuitka; reduced exposure of proprietary logic on edge devices.

├─ Designed and implemented a licensing system: cloud service for certificate creation, signing, and authentication; edge-side validation and feature locking via signed certificates checked against the cloud.

└─ Integrated PPPoE, GRE TAPs, and ClamAV into the platform for connectivity and security at the edge.

$ ls -la stack/

Debian Python C Nuitka Linux ClamAV PPPoE GRE TAPs

$ htop skills

Packaging 0%

Security Tooling 0%

Linux Systems 0%

← PREVIOUS: LOKI

STAGE 2 OF 5

LOGO COMPLETE

NEXT: GOART →

┌──[ STAGE 3: GOART ]──────────────────────────┐

Status: ✓ SUCCESS

Duration: ~1 year

Artifacts: Kubernetes, Real-Time Conferencing, Streaming

└─────────────────────────────────────────────────┘

🏢 GoArt - Infrastructure Engineer → Senior Infrastructure Engineer

📍 Turkey | 📅 2022 - 2023

EXIT CODE:

$ cat build.log

├─ Owned infrastructure for a browser-based virtual conferencing product: Unreal Engine–rendered stages, real-time interaction, reactions, and chat. Managed and maintained the Azure Kubernetes cluster and services.

├─ Used Azure DevOps for CI/CD and learned it on the job; orchestrated Ant Media servers and related services for streaming.

├─ Diagnosed a critical database connection exhaustion: 250 concurrent users drove 500+ connections and overloaded the dev database. Traced backend pod and service logs to the PHP backend opening new connections without timeouts or proper cleanup; recommended and implemented fixes to stabilize and scale.

└─ Proposed and drove migration from self-hosted Ant Media to AWS IVS for higher reliability and lower operational burden; coordinated front-end and backend work (Next.js, Nuxt, PHP) around the new pipeline.

$ ls -la stack/

Kubernetes Azure Azure DevOps AWS IVS PHP Next.js Nuxt Docker Ant Media

$ htop skills

Kubernetes 0%

CI/CD 0%

Cloud Infrastructure 0%

Debugging & Observability 0%

← PREVIOUS: LOGO

STAGE 3 OF 5

GOART COMPLETE

NEXT: FRAIM →

┌──[ STAGE 4: FRAIM ]──────────────────────────┐

Status: ✓ SUCCESS

Duration: ~1 year

Artifacts: IaC, CI/CD, SOC2, Feature Flags

└─────────────────────────────────────────────────┘

🏢 Fraim - Cloud Engineer

📍 Australia | 📅 2023 - 2024

EXIT CODE:

$ cat build.log

├─ Owned all cloud management and automation. Introduced clear dev, staging, and production separation; primary workloads on GCP serverless (Cloud Run, Cloud Tasks, Cloud Functions) with AI models on Azure.

├─ Transformed a single manually deployed environment into Terraform-managed IaC: imported existing state, then added automated staging and production. Cut deployment time from about a week to hours; learned and adopted GitHub Actions for lint, build, test, deploy, and infrastructure changes.

├─ Introduced TypeScript database migrations (Kysely) and containerized migration pipelines to validate backward compatibility so schema changes and upgrades/downgrades could be applied safely.

├─ Set up Android and iOS build and release to store and test tracks via EAS; integrated LaunchDarkly for feature flags so releases could gate and roll out features and disable them from the dashboard without new builds.

├─ Drove SOC2 Type 1 readiness: status pages, backup and disaster recovery, and business continuity documentation and processes.

└─ Managed Google Workspace, user onboarding/offboarding, and MDM for the company.

$ ls -la stack/

GCP Cloud Run Cloud Tasks Cloud Functions Azure Terraform GitHub Actions TypeScript Kysely EAS LaunchDarkly Docker

$ htop skills

Terraform 0%

CI/CD 0%

Cloud Architecture 0%

SOC2 / Compliance 0%

← PREVIOUS: GOART

STAGE 4 OF 5

FRAIM COMPLETE

NEXT: SYSTEMS →

┌──[ STAGE 5: SYSTEMS ]──────────────────────────┐

Status: ✓ SUCCESS

Duration: Present

Artifacts: Multi-Cloud Kubernetes, Zero-Trust, Self-Service

└─────────────────────────────────────────────────┘

🏢 Systems Ltd - DevOps Consultant

📍 Pakistan | 📅 2025 - Present

EXIT CODE:

$ cat build.log

├─ Building reproducible Kubernetes platforms on AWS and Azure with modular blueprints, input validation, and guardrails for consistent cluster creation, upgrades, and teardown.

└─ Enabling self-service via Helm add-ons, templates, and documentation; applying zero-trust security defaults and Azure DevOps pipelines for infrastructure and application delivery.

$ ls -la stack/

Kubernetes AWS Azure Terraform Helm Azure DevOps

$ htop skills

Platform Engineering 0%

Multi-Cloud 0%

← PREVIOUS: FRAIM

STAGE 5 OF 5

SYSTEMS COMPLETE