Loading...
CKSCertified Kubernetes Security SpecialistCKACertified Kubernetes AdministratorAWS CertifiedCloud PractitionerGSSoCGlobal Rank 11MOD UKSecurity Recognition
Sanmarg Sandeep Paranjpe
|
echo “I build infrastructure that doesn't break at 2 AM”
Trusted by peers at+2 more
TD
Torsha Dasgupta
HR Manager, Bipolar Factory
S
Sahil
Tech Lead, Bipolar Factory
01.About
~/about$cat intro.txt
I didn't plan to become a cloud engineer. I was just curious why Linux servers worked the way they did. That curiosity ate me alive until I understood every layer — from kernel to container to cluster. Now I build infrastructure that scales, self-heals, and doesn't page me at 3 AM.
$cat stats
Kubernetes→CKS + CKA
Cloud→AWS Certified
GSSoC→Global Rank 11
Security→MOD UK Recognized
Projects→25+ Built
Articles→18 Written
02.History
Terminal session log — every role, every build, every impact
~/.historysession: portfolio
- Deployed Langfuse LLMOps platform enabling prompt tracing, token analytics, latency profiling, and response quality evaluation across production AI workflows — delivered first-ever observability into model behavior for the AI team.
- Built GPU inference observability stack using Prometheus + DCGM Exporter and Grafana, tracking real-time utilization, memory pressure, and thermal metrics across AKS GPU nodes running AI workloads.
- Engineered scalable multi-cluster AKS platform with Karpenter intelligent node provisioning and KEDA event-driven autoscaling for AI workloads; deployed distributed ClickHouse analytics cluster with HA and cross-region DR replication.
- Automated infrastructure operations — certificate lifecycle management (cert-manager, Azure Key Vault) and incident response workflows (Azure Runbooks, webhook integrations) — eliminating manual toil across production platform.
KubernetesAKSLangfusePrometheusDCGM ExporterKarpenterKEDAClickHouse
- Built production observability platform (Prometheus, Grafana, Pyroscope, EFK) across containerized AI/ML services; applied continuous profiling to identify and resolve inference latency bottlenecks in distributed workloads.
- Improved Kubernetes cluster reliability and security posture for AI workloads by implementing CIS benchmark hardening, zero-trust network policies, and automated vulnerability scanning pipelines.
ObservabilityPrometheusGrafanaPyroscopeEFKCIS BenchmarkKubernetes
- Developed an LLM-powered interactive system using few-shot learning and prompt engineering to generate contextually accurate, session-aware responses; designed intelligent traffic routing logic between system layers based on behavioral classification.
- Built DataLakehouse DMS — a scalable ETL platform using Apache Airflow, MinIO, and Python for orchestrated ingestion from heterogeneous sources (PDFs, IoT streams, relational databases) into a unified queryable data layer.
LLMFew-Shot LearningPrompt EngineeringAirflowMinIOETL
- Achieved Global Rank 11 out of 10,000+ participants by delivering 12+ contributions to cloud-native and infrastructure open source projects.
- Collaborated across time zones with maintainers and contributors from 5+ countries, focusing on quality, documentation, and production-ready code.
Open SourceCloud NativeCollaborationGit
- Discovered and responsibly disclosed a critical security vulnerability in a UK government system through proper channels with proof-of-concept and remediation recommendations.
- Received official recognition from the UK Ministry of Defence and awarded the MOD UK Hacker Coin. Vulnerability patched within 48 hours.
SecurityResponsible DisclosureEthical HackingBug Bounty
5 commands in history
Notable Projects
Architecture, challenges, and impact
CertAuto
Kubernetes Certificate Lifecycle Operator
The Problem
Certificate management in Kubernetes is fragmented. cert-manager handles issuance, but distribution to consuming services — especially across clusters and external systems like Azure Key Vault and AWS ACM — requires brittle manual scripting that doesn't scale beyond a few services.
What makes this hard
- Certificate management fragmented across multi-cluster environments
- Distribution to services requires brittle manual scripting
- No declarative workflow for cross-provider certificate lifecycle
Architecture Pipeline
CRDDeclare CertificateBinding
ControllerWatch CRD events via informers
ReconciliationReconcile to desired state
cert-managerIssue TLS certificates
Provider APISync to Azure KV + AWS ACM
Secret StoreStore in cluster secrets
DistributionPropagate to namespaces
How it works
Designed a Custom Resource Definition (CRD) called CertificateBinding that declaratively describes where certificates should go. The operator watches CRD events via informers and runs a controller-runtime reconciliation loop. It syncs TLS secrets across namespaces, Azure Key Vault, and AWS ACM. Uses leader election for HA deployments, exposes Prometheus metrics, and implements health probes with TLS-secured webhook validation.
Impact & Stack
Tech Stack
Gocontroller-runtimekubebuildercert-managerAzure Key VaultAWS ACMPrometheusHelmDocker
Impact
Zero-touch certificate lifecycle | Enterprise-scale multi-cluster distribution | Prometheus metrics + health probes | HA with leader election | Apache 2.0 licensed
Key Decisions
- CRD-first design enables declarative multi-cluster management
- Reconciliation loop ensures self-healing distribution
- Provider abstraction supports Azure, AWS, cert-manager
Skills
GoKubernetesDockerTerraformCI/CDLinux
03.Engineering Radar
Technologies I've mastered — each claim backed by real project proof
⎈
Kubernetes
Expert★★★★★
92%Certificate lifecycle automation | 99.9% uptime | 4hrs→12min deploys
Used in 5 projects
CertAutokubernetes-langgraph-botSSH-DefenceFinfactor Work+1 more
🐳
Docker
Expert★★★★★
90%9+ production projects containerized — Go, Python, ML, ETL
Used in 10 projects
CertAutoLLM-Wallkubernetes-langgraph-botAI DevOps Agent+6 more
☁️
AWS
Expert★★★★★
90%Serverless ETL (Glue+Lambda+Athena) + Bedrock RAG pipeline
Used in 4 projects
Enterprise RAGAWS ETLBipolar Factory WorkCertAuto
🔵
Azure
Advanced★★★★★
75%AKS + Azure DB + VMs via Terraform for CI/CD platform
🏗️
Terraform
Advanced★★★★★
85%Multi-cloud IaC: Azure AKS, AWS EKS, databases, serverless
Used in 5 projects
CertAutoBipolar Factory WorkAWS ETLthree-tier-eks-iac+1 more
🐧
Linux
Expert★★★★★
92%eBPF, Cilium, seccomp for CKS | 10+ years terminal-deep
Used in 10 projects
CertAutoLLM-Wallkubernetes-langgraph-botAI DevOps Agent+6 more
📜
Ansible
Advanced★★★★★
78%Multi-tier deployments with integrated security scanning
Used in 2 projects
vprofile-projectBipolar Factory Work
🌐
Nginx
Advanced★★★★★
75%Reverse proxy for LLM-Wall + production TLS termination
Used in 2 projects
LLM-WallOUR-chat
📦
Vagrant
Intermediate★★★★★
70%Reproducible multi-VM dev environments for cluster testing
🔄
CI/CD
Expert★★★★★
90%8hrs→25min deploys at Bipolar Factory, 50+ daily builds at Finfactor
Used in 7 projects
CertAutoBipolar Factory WorkFinfactor WorkAI DevOps Agent+3 more
🤖
Jenkins
Advanced★★★★★
80%SonarQube+Nexus+Trivy on AKS | 80% vulnerability reduction
Used in 3 projects
Bipolar Factory Workvprofile-projectIssueTracker-3TierApp
⚡
GitHub Actions
Advanced★★★★★
88%Multi-environment CI/CD for Finfactor + AI DevOps Agent
Used in 2 projects
Finfactor WorkAI DevOps Agent
🎯
ArgoCD
Advanced★★★★★
78%GitOps microservice deployment at Finfactor
Used in 1 project
Finfactor Work
🔄
GitOps
Advanced★★★★★
80%Declarative infra with automated drift detection
🔀
Git
Advanced★★★★★
88%100+ repos | GSSoC Global Rank 11 (top 0.1%)
Used in 1 project
All projects
🐍
Python
Advanced★★★★★
85%7 production systems: LLM-Wall, bot, RAG, ETL, trading, lakehouse
Used in 9 projects
LLM-Wallkubernetes-langgraph-botAI DevOps AgentEnterprise RAG+5 more
🔷
Go
Advanced★★★★★
78%CertAuto operator + SSH honeypot with Qwen2.5 deception
Used in 3 projects
CertAutoSSH-DefenceServoOps
⚙️
C
Intermediate★★★★★
65%Kernel interfaces, memory management, process control at CDAC
⚡
C++
Intermediate★★★★★
60%STL, templates, multi-threaded application design
📟
Bash
Advanced★★★★★
88%50+ automation scripts: cluster setup, CI/CD, monitoring
Used in 4 projects
CertAutoSSH-DefenceLinux administrationAll projects
📈
Prometheus
Advanced★★★★★
85%Custom exporters + alerting for Finfactor and Bipolar Factory clusters
Used in 6 projects
CertAutoLLM-WallAI DevOps AgentSSH-Defence+2 more
📉
Grafana
Advanced★★★★★
83%AI-driven backup/restore agent + multi-service dashboards
Used in 3 projects
AI DevOps AgentFinfactor WorkBipolar Factory Work
🔍
Observability
Advanced★★★★★
80%Metrics + logs + tracing | alert before users notice
Used in 3 projects
Finfactor WorkSSH-DefenceSentinel-X
🕸️
LangGraph
Intermediate★★★★★
72%Multi-agent K8s auditor — Engineer, Expert, Tools agents
🔗
LangChain
Intermediate★★★★★
70%Guardian Engine, MCP ecosystem, Bedrock RAG pipeline
🧠
AI/LLMs
Intermediate★★★★★
72%Fine-tuned Qwen2.5 | 5-agent Guardian Engine | ensemble ML trading
Used in 6 projects
LLM-Wallkubernetes-langgraph-botAI DevOps AgentSSH-Defence+2 more
🧪
Flask
Advanced★★★★★
75%REST APIs for ETL dashboard, chat, insurance engine
Used in 3 projects
AWS ETLOUR-chatInsurance Suggestor
📨
Kafka
Intermediate★★★★★
68%Event streaming for distributed data pipelines
🍃
MongoDB
Intermediate★★★★★
72%Finfactor, healthTracker, OUR-chat, LibreChat storage
Used in 3 projects
healthTrackerOUR-chatFinfactor Work
🗄️
MySQL
Intermediate★★★★★
70%Multi-tier apps, metadata management, ETL storage
🏅
CKA
Expert★★★★★
95%Certified Kubernetes Administrator — production K8s expertise
Used in 3 projects
CertAutoFinfactor WorkBipolar Factory Work
🛡️
CKS
Expert★★★★★
92%Certified Kubernetes Security Specialist — cluster hardening
Used in 3 projects
SSH-Defencekubernetes-langgraph-botSentinel-X
🔐
DevSecOps
Advanced★★★★★
80%Secure-by-default pipelines with automated security gates
Used in 3 projects
Bipolar Factory WorkSSH-DefenceCI/CD pipelines
☁️
Cloud Security
Advanced★★★★★
82%MOD UK recognized | enterprise cloud hardening
Used in 3 projects
SSH-DefenceEnterprise RAGSentinel-X
🏗️
Platform Engineering
Advanced★★★★★
85%Internal platforms reducing deployment effort across teams
Used in 3 projects
Finfactor WorkAI DevOps AgentCertAuto
⎈
Kubernetes Security
Expert★★★★★
90%Seccomp, Cilium, RBAC, network policies | defense in depth
Used in 3 projects
kubernetes-langgraph-botSSH-DefenceCertAuto
⚡
Serverless
Advanced★★★★★
78%Automated ETL + AI pipelines — zero server management
Used in 3 projects
AWS ETLEnterprise RAGDataLakehouse
🔗
RAG
Advanced★★★★★
75%Hybrid search (keyword + semantic) for enterprise Q&A
Used in 2 projects
Enterprise RAGkubernetes-langgraph-bot
🌐
Networking
Intermediate★★★★★
72%Multi-region cluster isolation with Cilium network policies
Used in 3 projects
SSH-DefenceSentinel-XLLM-Wall
🔄
DevOps
Expert★★★★★
90%End-to-end automation: commit to production
Used in 3 projects
Finfactor WorkBipolar Factory WorkAI DevOps Agent
🧠
MLOps
Intermediate★★★★★
68%ML models from notebooks to production inference pipelines
Used in 3 projects
AI DevOps AgentEnterprise RAGAI Crypto Bot
🔒
Security
Advanced★★★★★
85%Automated scanning + hardened deployments | threat modeling
Used in 4 projects
SSH-DefenceLLM-Wallkubernetes-langgraph-botSentinel-X
⚙️
Automation
Advanced★★★★★
88%If I do it twice, it becomes a script
Used in 4 projects
CertAutoAWS ETLAI DevOps AgentBipolar Factory Work
☁️
Cloud Engineering
Advanced★★★★★
85%Scalable infrastructure across AWS and Azure
Used in 3 projects
Finfactor WorkAWS ETLEnterprise RAG
🔀
Distributed Systems
Advanced★★★★★
75%Resilient systems designed to survive failures
Used in 3 projects
SSH-DefenceSentinel-XDataLakehouse
04.Credentials
Certifications and recognition from the industry
MOD UK Hacker Coin
Awarded by the UK Ministry of Defence for responsible disclosure of a critical security vulnerability
2024Featured
GSSoC Global Rank 11
Achieved global rank 11 in GirlScript Summer of Code out of thousands of participants
2024Featured
Certified Kubernetes Security Specialist (CKS)
The Linux Foundation / CNCF
2025Highest Kubernetes security certification. Validates expertise in cluster hardening, runtime security, network policies, and supply chain security.
Certified Kubernetes Administrator (CKA)
The Linux Foundation / CNCF
2025Core Kubernetes administration certification covering cluster architecture, installation, workload scheduling, networking, and troubleshooting.
AWS Certified Cloud Practitioner
Amazon Web Services
2024Foundational cloud certification validating understanding of AWS services, architecture best practices, security, and pricing.
Prometheus Certified Associate (PCA)
KodeKloud / CNCF
2025Certification for Prometheus monitoring and observability skills.
Enterprise RAG Knowledge Assistant
Built RAG-based knowledge assistant using Amazon Bedrock for enterprise document Q&A
2025Technical Writer
Published 18 articles on Kubernetes, eBPF, Cilium, and cloud-native infrastructure
2023-PresentCommunity Contributor
Active in open source and tech communities. Contributed to cloud-native projects and infrastructure tools.
2024-Present03.Articles
Deep dives into infrastructure, Kubernetes, eBPF, and cloud-native engineering
Featured Article
Deep Dive on Distroless + Multi-Stage Build Patterns
Why your container images are probably too large and insecure. A practical guide to distroless base images combined with multi-stage builds for production-grade Docker images.
5 min readFeb 25, 2026Read
DockerSecurityContainer
Your Pods Are Healthy. Your Service Is Correct. Your Ingress Is Fine. So Why Are You Still Getting 5xx?
The most frustrating Kubernetes debugging journey — when everything looks right but nothing works. A systematic approach to diagnosing mysterious 5xx errors.
6 min·Feb 23, 2026
KubernetesDebuggingNetworking
Cluster Mesh vs Service Mesh in Kubernetes
When do you need a Cluster Mesh (Cilium), a Service Mesh (Istio), or both? A practical comparison with real deployment scenarios.
6 min·Feb 1, 2026
KubernetesCiliumIstio
From Packets to Identity: How Cilium Rewrites Kubernetes Security
How Cilium uses eBPF to replace traditional kube-proxy with identity-based security. Understanding the shift from IP-based to identity-based network policies.
3 min·Dec 29, 2025
CiliumeBPFSecurity
How eBPF Transformed Kubernetes Networking
The technology behind Cilium, Falco, and modern Kubernetes networking. A deep dive into eBPF's architecture and how it enables programmable kernel-level observability.
5 min·Dec 12, 2025
eBPFKubernetesNetworking
Multi-Cluster Service Discovery with Cilium Cluster Mesh
Connecting Kubernetes clusters across regions with Cilium Cluster Mesh. Service discovery, network policies, and load balancing across cluster boundaries.
4 min·Nov 15, 2025
CiliumMulti-ClusterKubernetes
05.Open Source
Live from GitHub
Trusted by
Real feedback from people I've worked with
TD
Torsha Dasgupta
Human Resources Manager
Bipolar Factory·Manager
“Sanmarg has been an honest, hardworking and ambitious individual. He has proved to be a diligent young guy with attention to detail. He has excelled at whatever he takes on and would be an asset to have on any team.”
attention to detailexcelled at whatever he takes onasset to have on any team
S
Sahil
Technology Leader
Bipolar Factory·Senior Colleague
“Had the chance to work with Sanmarg, and he was an absolute asset to the team. Super quick to pick things up, always curious, and took real ownership — from infra to CI/CD and monitoring. Solid teammate and someone I'd happily vouch for!”
absolute asset to the teamtook real ownershiphappily vouch for
??
Your recommendation here
Edit in Recommendations.tsx
??
Your recommendation here
Edit in Recommendations.tsx
Work with me
I'm open to platform engineering, cloud infrastructure, and DevOps roles — or freelance projects involving Kubernetes, CI/CD, and automation.