DevOps Architect | CKA | AWS Certified
— I'm a DevOps architect with 17+ years building the platforms regulated banks, telcos, and broadcasters trust. I bridge bare-metal Linux to GitOps on AWS EKS, embed PCI-DSS, NIST & Well-Architected security into every pipeline, and grow engineering teams from zero — so security, speed, and audit-readiness ship together.
Amman, Jordan
Concrete outcomes from regulated platforms and the teams behind them.
60× Faster
2h → 2min
Kubernetes-based CI/CD at Orange Jordan — zero failure-related downtime.
70% Faster Prep
17d → 5d
Repeatable, secure on-prem delivery patterns at Orange Jordan.
3× Teams Built
ICS · Jordan Ahli · Orange
DevOps practices founded from zero — security-first culture, day one.
35+ Microservices
Open Banking estate
Monoliths → distributed at Jordan Ahli Bank; ArgoCD audit trails.
65% Fewer Incidents
99.99% Uptime
IRSA · KMS · IMDSv2 · External Secrets + Trivy / Grype shift-left scans.
$5M+ Saved
500+ cloud resources
AWS Well-Architected + Karpenter multi-tenancy across PCI-DSS estates.
About
From bare-metal Linux to GitOps on EKS — building the platforms that regulated banks, telcos, and broadcasters trust. Security-first. Audit-ready. Built to scale.
My career began with Linux — administering servers, hardening systems, managing firewalls, and designing on-premise networks. I lived the full transformation: from bare-metal and VMware virtualization to cloud migration, then into DevOps and GitOps practices, and now embedding AI-assisted workflows into platform engineering. That journey gives me a layered understanding of infrastructure — I know what sits beneath the abstractions because I built and operated every layer along the way.
I'm a hands-on DevOps architect and team lead with experience across banking, telecom, broadcast media, and retail. In my last three roles, I built DevOps systems and teams from the ground up — hiring engineers, defining standards, and embedding security and GitOps best practices before the first deployment. I also guided organisations through the transition from monolithic architectures to microservices, introducing containerisation, Kubernetes, and the delivery patterns needed to operate distributed systems safely at scale. I specialize in cloud-native platforms, Kubernetes (EKS), GitOps with ArgoCD, infrastructure as code, and security-first CI/CD — especially in regulated environments.
In banking, I led security and cost programs mapped to AWS Well-Architected (Security pillar), the NIST Cybersecurity Framework, and PCI-DSS — including container hardening, secrets management, IAM federation, and Open Banking API security with Kong (OIDC/mTLS). On current platforms, I enforce IRSA, KMS encryption, IMDSv2, and External Secrets Operator as baseline controls.
DevSecOps is part of every pipeline: image scanning with Trivy and Grype, Kubernetes insights with K8sGPT, policy-aware delivery, and observability with Prometheus and Grafana. I'm passionate about infrastructure that helps teams move fast without trading off compliance or auditability.
Experience
Integrated Computer Systems Jordan
Built the DevOps practice from the ground up — establishing secure, compliant AWS EKS platforms with Terraform, GitOps CI/CD, and platform-wide security controls for developer self-service. Recruited and mentored the engineering team, embedding best practices from day one.
Jordan Ahli Bank · Banking
Established and led the DevOps function at a major Jordanian bank — building the team, toolchain, and security posture from scratch. Mapped infrastructure and delivery to PCI-DSS, NIST, and AWS Well-Architected across a multi-account Open Banking estate.
Orange Jordan · Telecommunications
Built the DevOps practice from the ground up inside a telecommunications environment — introducing on-premise Kubernetes CI/CD, automation, and a security-first delivery culture where none existed before.
525K Global Solutions
Collaborated on IaC, production operations, observability, and securing new systems against cybersecurity threats.
Middle East Broadcasting Center (MBC) · Media & Entertainment
Built CI/CD for shahid.net, migrated legacy systems to Docker on AWS VPCs, and automated operations at broadcast scale.
MarkaVIP · Retail
Managed Linux servers, VMs, networking, patching, performance tuning, and platform documentation for MarkaVIP, a retail e-commerce company in the MENA region.
Info2cell
Telecom VAS platform administration: network design, Linux servers, DNS, VPN, firewalls, and technical support.
Virtecha Solutions
IT infrastructure administration for web and mobile application delivery platforms.
Texum Jordan
Network engineering and IT services consulting.
Platform programs and open-source work from banking, telecom, media, and personal projects.
Enterprise Kubernetes platform with built-in compliance controls: IRSA, KMS, IMDSv2, secrets management, and pipeline security for self-service teams.
PCI-DSS and NIST-aligned banking platform: multi-account AWS, Well-Architected security reviews, Kong API security, and shift-left scanning across 35+ services.
Kubernetes-based delivery platform bringing cloud-native CI/CD to on-premise telecom infrastructure — hardened, repeatable, and developer-friendly.
Open-source unified web platform for container vulnerability scanning with Grype and Trivy — generating auditable PDF security reports.
Skills
Security & Compliance
Security is embedded in platform design — from regulated banking workloads to multi-tenant Kubernetes. I align infrastructure and delivery pipelines with recognized frameworks and enforce controls through automation, not checklists alone.
Aligned AWS and Kubernetes platforms with PCI-DSS expectations for cardholder data environments — securing CI/CD, workloads, networking, and access paths for regulated financial services.
Applied NIST-aligned practices across identify, protect, detect, and respond — hardening multi-account AWS estates, access controls, monitoring, and incident-ready operations.
Led Well-Architected reviews focused on the Security pillar — identity, detection, infrastructure protection, data protection, and incident response — paired with cost optimization across production estates.
Platform-wide controls for Kubernetes: IRSA for workload identity, KMS encryption, IMDSv2, AWS Secrets Manager, External Secrets Operator, and pipeline-integrated image scanning.
Secured Open Banking traffic with Kong Hybrid Gateway — OIDC, mTLS, and hybrid deployment patterns for regulated API exposure and third-party connectivity.
Built security foundations through firewall administration (Cisco ASA/PIX), VPN, DNS hardening, Linux hardening, patching, and secure multi-tenant hosting long before cloud-native became the norm.
Active credentials and foundational training across cloud, Linux, and infrastructure.
Active Credentials
CNCF
Amazon Web Services
Foundational Credentials
LPIC-2
Linux Professional Institute
LPIC-1
Linux Professional Institute
SUSE 11 Technical Specialist
Novell
Novell Certified Linux Administrator 11
Novell
Novell Data Center Technical Specialist
Novell
Microsoft Certified Systems Engineer (MCSE)
Microsoft
Microsoft Certified Systems Administrator (MCSA)
Microsoft
Microsoft Certified Professional (MCP)
Microsoft
Microsoft Certified Technology Specialist (MCTS)
Microsoft
Cisco Certified Network Associate (CCNA)
Cisco
Education
Princess Sumaya University for Technology
Amman, Jordan
Leadership
Map platforms to PCI-DSS, NIST, and AWS Well-Architected before production — identity, encryption, segmentation, scanning, and auditability are defaults, not afterthoughts.
Shift-left with Trivy, Grype, and K8sGPT; enforce secrets management, IRSA, and policy-aware GitOps so compliance scales with deployment velocity.
Balance Open Banking and banking-grade controls with GitOps traceability — secure APIs (OIDC/mTLS), multi-account AWS, and teams that understand both speed and audit requirements.