Open to new opportunities

Edward
Rerkphuritat

DevSecOps & Cloud Engineer — Building secure, automated infrastructure
across AWS and Azure that scales without compromise.

View Projects → Get In Touch
Scroll to explore
01 // About

Security isn't
an afterthought.

I'm a DevSecOps & Cloud Engineer with 8+ years of experience designing and securing multi-cloud infrastructure on AWS and Azure. I don't bolt security on at the end — I architect it in from day one.

At Tevora, I've led complex projects including hub-and-spoke network architectures, VMware Cloud on AWS hybrid environments, and AWS landing zones — all built with Terraform and aligned to PCI-DSS, HIPAA, and SOC compliance frameworks.

I also teach the next generation of security professionals as a Cybersecurity Instructor at ThriveDX, covering Azure AD, IAM, and identity management best practices.

Let's talk →
8+
Years experience
3
Cloud platforms
30%
Faster provisioning
5+
Certifications
02 // Skills

What I work with.

Tools and technologies I use to build secure, automated, and scalable cloud infrastructure.

☁️
Multi-Cloud Infrastructure
Resilient, highly available architectures across AWS and Azure with cost governance and compliance built in.
AWSAzureEC2S3VPCLambda
🏗️
Infrastructure as Code
Reusable Terraform modules enabling consistent, 30% faster provisioning across multiple environments.
TerraformAWS CDKCloudFormationHCL
🔒
Cloud Security
Compliance-aligned controls across PCI-DSS, HIPAA, and SOC. IAM least-privilege, centralized logging, continuous threat detection.
Security HubCloudTrailOrca SecurityRapid7IAM
⚙️
DevOps & CI/CD
Automated pipelines from commit to production. Docker golden images, GitHub Actions, zero-downtime deployments.
GitHub ActionsDockerECRCI/CD
🌎
Networking
Hub-and-spoke topologies, Transit Gateways, VPN, and Direct Connect for complex hybrid environments.
Transit GatewayVPNDirect ConnectRoute53
💻
Automation & Scripting
Eliminating manual toil through code. If it's repeatable, it's automated.
PythonBashPowerShellCloudWatch
03 // Projects

Things I've built.

Cloud infrastructure and security engineering work.

Project 01 — Featured
This Portfolio — DevSecOps in Practice
This site demonstrates DevSecOps principles end-to-end. Containerized with Docker as a golden image, infrastructure provisioned via Terraform, auto-deployed via GitHub Actions on every push. Zero-downtime deployments, SSL via Let's Encrypt, and security headers baked in.
TerraformDockerGitHub ActionsAWS ECREC2Let's Encrypt
View on GitHub →
1# golden image pipeline
2FROM nginx:alpine
3COPY ./website /usr/share/nginx/html
4EXPOSE 80 443
5
6# push -> deploy -> https
Project 02
Multi-Account AWS Architecture
Designed and implemented a secure multi-account AWS architecture using Organizations, Control Tower, and Transit Gateway for a retirement finance client. Full compliance alignment.
AWS OrganizationsControl TowerTransit GatewayTerraform
Project 03
Hybrid Cloud — AWS + VMware
Implemented a hybrid AWS-VMware solution for seamless workload migration between on-premises and cloud. Hub-and-spoke network with Transit Gateways across dev, prod, and shared services.
VMware CloudAWSTransit GatewayVPN
Project 04
DR Solution — 30min RTO
Architected a disaster recovery solution using AWS services achieving a 30-minute RTO for critical business applications. Automated failover with Route53 health checks and cross-region replication.
AWSRoute53RDSTerraform
Project 05
GitHub Actions OIDC Federation
Eliminated long-lived IAM access keys from the CI/CD pipeline by implementing OIDC federation between GitHub Actions and AWS IAM. GitHub now requests a short-lived token scoped to the exact repo and branch at runtime. Trust policy and IAM role fully automated via Terraform. Previously implemented for enterprise clients in production.
OIDCIAM FederationGitHub ActionsTerraformAWS STS
View writeup →
Project 06
Rerkt.AI — AI Portfolio Assistant
Built and deployed an AI assistant at ai.rerktserver.com on the same $6.50/mo EC2 infrastructure. A Node.js proxy container holds the API key server-side, rate limits requests per IP, and validates request origin before forwarding to the Anthropic API. The chat UI, proxy, and SSL cert are all deployed through the same GitHub Actions pipeline.
Claude APINode.jsDockernginxEC2GitHub Actions
Try it live →
Project 07
Infrastructure AI Agent — 4-Layer AIOps
Built a production-grade AI agent that understands live AWS infrastructure. Four-layer architecture: natural language request analysis (Claude), real-time state discovery (boto3 scans EC2, VPCs, SGs, ECR), intelligent planning (Claude reasons over current state to generate phased execution plans), and a human-gated executor. WebSocket-based chat UI streams each layer’s output in real time. Mutating operations require explicit approval before anything changes.
PythonFastAPIClaude APIboto3WebSocketDockernginxEC2
Try it live →
Project 08
Centralized Log Observability — Grafana + Loki
Deployed a dedicated observability stack on a separate EC2 instance. Promtail collects Docker container logs from the portfolio EC2 and ships them to Loki over a private VPC connection. Grafana visualizes real-time logs from all containers (portfolio, rerkt-ai, agent-ai) at grafana.rerktserver.com. Access restricted to whitelisted IP via AWS Security Group.
GrafanaLokiPromtailDocker ComposeEC2VPCnginxTerraform
ⓘ This instance is stopped when not in use to save cost. Reach out if you'd like a live demo.
View dashboard →
Project 09
Zero Hardcoded Infrastructure — SSM Parameter Store
Eliminated all hardcoded IPs and instance IDs from GitHub secrets and CI/CD pipelines. EC2 instance IDs and Elastic IPs are now written to AWS SSM Parameter Store by Terraform on every apply. GitHub Actions workflows query SSM at runtime to discover targets dynamically — no manual secret rotation when infrastructure is destroyed and recreated. The Grafana security group automatically locks to the portfolio EC2’s current EIP, and Promtail reads the Loki endpoint from SSM at boot. Zero static credentials, zero manual updates.
AWS SSM Parameter StoreTerraformGitHub ActionsIAMDynamic Config
04 // Experience

Where I've worked.

A track record of building secure, scalable infrastructure at every level.

July 2021 — Present
Senior Cloud Engineer
Tevora — Remote
  • Architected centralized AWS hub-and-spoke network with Transit Gateways across dev, prod, and shared services.
  • Deployed VMware Cloud on AWS for hybrid workload migration between on-premises and cloud platforms.
  • Developed reusable Terraform modules, reducing provisioning time by 30% across multiple environments.
  • Conducted AWS Well-Architected Framework reviews, improving reliability and reducing operational costs.
  • Contributed to PCI-DSS, HIPAA, and SOC compliance initiatives across cloud infrastructures.
  • Centralized logging and monitoring via AWS Security Hub, CloudTrail, and CloudWatch.
October 2022 — Present
Cybersecurity Instructor
ThriveDX — Remote
  • Delivered training on Azure AD, LDAP integrations, MFA, and identity management best practices.
  • Provided hands-on guidance for complex IAM configurations and cloud security troubleshooting.
  • Conducted GPO training in Windows environments demonstrating effective security policy controls.
February 2017 — June 2021
Cloud Engineer
MVRKETREE
  • Utilized AWS services (S3, CloudFront, EC2) for scalable web solutions optimized for performance and security.
  • Conducted regular security audits and managed SSL/TLS certificates ensuring secure communications.
  • Developed secure, responsive websites implementing security best practices throughout.
05 // Certifications

Credentials.

Industry certifications validating cloud, security, and infrastructure expertise.

🏆
AWS Solutions Architect
Amazon Web Services — Associate
☁️
AWS Cloud Practitioner
Amazon Web Services
🏗️
Terraform Associate
HashiCorp
🔒
CompTIA Security+
CompTIA
🔑
Okta Professional
Okta
🎓
Cybersecurity Program
UC Irvine Continued Education
06 // Contact

Let's build
something secure.

Open to senior cloud, DevSecOps, and platform engineering roles. Also available for consulting on AWS architecture, security compliance, and infrastructure automation.

Email
[email protected]
GitHub
github.com/rerkted
LinkedIn
/in/ererkphuritat