Open to senior opportunities · UK-based

Senior DevOps &
Platform Engineer

12 years building cloud platforms that engineering teams actually trust. I operate at the intersection of security, reliability, and developer experience — turning infrastructure complexity into something teams can ship safely with.

View ProjectsLet's talkLinkedIn ↗
12+
Years experience
3
Major cloud platforms
15+
CI/CD pipelines governed
5
HashiCorp & Azure certs
01 / About

I build infrastructure
people can rely on.

I started in systems administration, moved into DevOps as the discipline was still finding its shape, and gradually gravitated toward the intersection of platform engineering and cloud security — where the interesting problems actually live.

Over the past 12 years I've worked in regulated environments across financial services and healthcare, which means I understand what "secure" means when it has real consequences — not just when it's a checkbox.

At Craneware I act as technical lead for cloud security and DevSecOps across multiple product teams. At PayPal before that, I owned the global HashiCorp Vault and Jenkins platforms across GCP and AWS. I write a lot of Terraform, a lot of Python, and occasionally too much YAML.

I'm based in the UK and open to senior DevOps, Platform Engineering, or SRE roles — either hands-on or leading a small team.

How I think about the work

Security by design

I embed security controls into pipelines and infrastructure from the start, not as an afterthought. Least-privilege, audit trails, and policy-as-code are non-negotiable.

Platform thinking

Good platform work is invisible. Teams should be able to ship without thinking about the infrastructure underneath. My job is to make the right thing the easy thing.

Calm under pressure

Production incidents don't get better with panic. I bring clarity to the room — clear ownership, structured troubleshooting, and honest post-mortems.

02 / Skills

Core capabilities

Depth across the full platform engineering stack — from raw infrastructure to security governance to developer tooling.

Cloud Platforms

Azure (inc. HITRUST-aligned)95%
GCP84%
AWS80%

Infrastructure as Code

Terraform / OpenTofu96%
Terragrunt86%
Ansible & Packer82%

CI/CD & Pipelines

Azure DevOps Pipelines93%
Jenkins88%
GitHub Actions85%

Security & Secrets

HashiCorp Vault Enterprise90%
Azure AD / Entra ID92%
Auth0 / OIDC / SAML85%

Tools & technologies

PythonPowerShellBashC#KubernetesDockerPrometheusGrafanaSplunkKQLAzure MonitorSnykHITRUSTISO 27001SOC 2CIS benchmarksAzure SQLEntra IDApp ServicesPrivate Endpoints

Certifications

HashiCorp Terraform Associate2023
HashiCorp Vault Associate2023
Azure DevOps AZ-4002022
Azure Fundamentals AZ-9002022
GCP Professional Engineer2023
03 / Experience

12 years. Real systems.
Real consequences.

Jul 2023 – Jan 2026

Senior DevOps Engineer

Azure · HITRUST · SaaS

The Craneware Group

Technical lead for cloud security and DevSecOps across an Azure-hosted, HITRUST-aligned SaaS platform, governing multiple engineering squads.

  • Defined and standardised DevSecOps standards across 15+ Azure DevOps pipelines — reusable templates, approval gates, Snyk scanning, and integrated TLS enforcement.
  • Migrated legacy ARM-based infrastructure to Terraform/OpenTofu; reduced technical debt and cut environment provisioning time significantly.
  • Automated RBAC provisioning for Azure SQL and service accounts using Python and C#, cutting manual access-change effort by ~85% and dramatically improving audit trail quality.
  • Led hub-and-spoke networking architecture migration using Terraform, improving security segmentation across multiple environments.
  • Reduced MTTR by an estimated 30% through improved Azure Monitor, Application Insights, and KQL-based alerting and dashboards.
  • Reviewed 100+ infrastructure and DevOps pull requests; mentored engineers on IaC patterns, secure design, and CI/CD standards.

Jun 2022 – Jul 2023

Senior DevSecOps Engineer (L4)

GCP · AWS · Financial Services

PayPal

Owned the global HashiCorp Vault Enterprise and Jenkins platforms serving multiple international engineering teams across GCP and AWS.

  • Architected and operated HA Vault Enterprise and Jenkins clusters using Terraform, Terragrunt, Ansible, and Packer across GCP and on-prem.
  • Led migration of CI/CD from TeamCity to Jenkins — introduced shared pipeline libraries, dynamic build agents, and security-focused templates.
  • Implemented security-critical Jenkins pipelines to protect customer-facing web properties: ACL IP blocking, AWS Route53/IAM/EC2 automated workflows.
  • Built a full observability stack integrating Prometheus, Grafana, Nagios, Splunk, and Slack for platform health, access anomalies, and security alerting.
  • Reduced operational toil by ~11% through Python and Ansible automation of previously manual, error-prone platform tasks.

Jun 2020 – Jun 2022

DevOps Engineer

AWS · Linux · Web Stack

Kalosbyte Systems

Managed 50+ Linux servers and built CI/CD pipelines for web applications, with a focus on security hardening and automation.

  • Built CI/CD pipelines for web-based applications with integrated testing and security checks, reducing manual change risk.
  • Implemented HAProxy and Apache web stacks on Kubernetes clusters on AWS for scalable, resilient customer-facing services.
  • Used Ansible as configuration-as-code for secure server builds, reducing configuration drift and speeding patch rollouts.

May 2014 – Jun 2020

BI Data Engineer & IT Infrastructure

On-prem · SQL · Power BI

Economy Engraveers

Designed and maintained local and wide-area networks, 50+ on-prem servers, and built SQL/Power BI reporting on large operational datasets.

  • Owned day-to-day systems administration: account management, patching (inc. SELinux), capacity planning, and incident response.
  • Built monitoring and alerting for business-critical processes, reducing unplanned downtime across the on-prem estate.
  • Delivered SQL/Power BI reporting solutions on 100k+ record datasets for stakeholder operational insight.
04 / Projects

Case studies

Read full write-ups →
01Platform Engineering

IaC governance at scale — 15+ pipeline standardisation

~85% reduction in manual access overhead · zero security regressions in HITRUST scope

Craneware had 15+ Azure DevOps pipelines built by different teams over several years — inconsistent, hard to audit, and slow to change safely. I defined a shared Terraform module library, reusable pipeline template repository, and automated PR review tooling that made secure patterns the default, not the exception.

TerraformAzure DevOpsPythonIaC governanceHITRUST
Read case study →
02Security Infrastructure

HashiCorp Vault Enterprise — global secrets platform

Centralised secrets for multi-region global teams · TLS 1.2+ enforced across all consumers

At PayPal, multiple global engineering teams had inconsistent secrets management approaches. I architected and operated a highly-available Vault Enterprise cluster across GCP, defining RBAC models, PKI certificate automation, and the secret engine layout that became the standard for all teams.

HashiCorp VaultGCPTerraformTerragruntPackerAnsible
Read case study →
03Identity & Access

Azure AD automation — access reviews & RBAC at scale

Automated access reviews replacing spreadsheet-driven manual process

IAM at scale is operational debt by default. I built Python and PowerShell automation using the Azure and Auth0 APIs to assess certificate expiries, flag access anomalies, and provision SQL RBAC automatically — replacing 12+ hours/month of manual spreadsheet work.

Azure ADPythonPowerShellAuth0RBACSAML/OIDC
Read case study →
04Cloud Networking

Hub-and-spoke network architecture — multi-env security segmentation

Improved security segmentation · routing control across all environments

Led the design and implementation of hub-and-spoke networking in Azure using Terraform/OpenTofu, replacing a flat network model that had grown organically. This gave us consistent egress control, Private Endpoint adoption, and a foundation for HITRUST network segmentation requirements.

AzureTerraformHub-and-spokePrivate EndpointsHITRUST
Read case study →
05 / Writing

From the blog

All articles →
Platform Engineering8 min

IaC governance across 15+ pipelines without becoming a bottleneck

How I built a Terraform module library and shared pipeline templates that made secure patterns the default for every engineering squad.

10 Feb 2026

Security11 min

Running HashiCorp Vault Enterprise as a global platform at PayPal

Architecture decisions, RBAC model design, and lessons from operating a secrets management platform across GCP and AWS for international teams.

22 Jan 2026

IAM6 min

Least-privilege IAM for Azure SQL — automation over good intentions

Why RBAC provisioning should never be manual, and how I cut 85% of the overhead with Python, C# and the Azure API.

15 Dec 2025

06 / Recommendations

What colleagues say

"Raj has a rare combination of deep technical knowledge and the ability to explain complex infrastructure problems to non-technical stakeholders. He improved our security posture significantly while keeping the team unblocked."

Engineering Manager

Financial Technology (reference available)

"One of the most thorough infrastructure code reviewers I've worked with. He catches security issues before they become incidents."

Senior Software Engineer

SaaS Platform (reference available)

Full LinkedIn recommendations available on request

07 / Contact

Let's work
together.

Whether you're hiring for a senior DevOps, Platform Engineering, or SRE role — or you want to discuss a specific challenge your team is facing — I'd like to hear from you. I typically reply within one working day.

Emailrajmithun.m55@outlook.com
LinkedInlinkedin.com/in/raj-mithun
LocationUnited Kingdom · open to remote
Download CVConnect on LinkedIn ↗