Senior IAM Engineer · Identity Security | OpenText — Bengaluru, India
// privacy-first security engineering
Trust-minimized systems. Self-hosted infrastructure. I troubleshoot what others escalate.
Senior IAM Engineer with 11+ years of experience, deep in Identity and Access Management — NetIQ IDM, eDirectory, and NetIQ Access Manager (NAM) on the OpenText stack.
Scope covers IDM upgrade failures, eDirectory certificate chain issues, User Application (UA) performance bottlenecks, workflow design & provisioning logic, and Identity Governance — across RHEL, SUSE, and Windows Server environments. Disproportionate value through lab engineering: full-stack reproduction environments integrating Active Directory, Microsoft SQL Server, Azure Entra ID, and AWS IAM — isolating root causes before they become R&D handoffs.
Outside of work: running a self-hosted homelab with a privacy-first, trust-minimized approach, building mobile apps at Vee Labs, and experimenting with local LLMs and AI agents.
Core Stack
| Service | Category | Signal |
|---|---|---|
| Open WebUI | AI · Privacy | Local LLM inference via Ollama. Queries never leave the machine. |
| Paperclip | AI Agents | Autonomous agents running local models (qwen2.5-coder:7b, gemma-4-12b) |
| Ollama | LLM Runtime | qwen2.5-coder:7b — GPU-accelerated on GTX 1660 Ti (4.7GB VRAM) |
| LM Studio | LLM Runtime | gemma-4-12b-qat, qwen3.6-27b — larger models on CPU/RAM |
| Ente | Photos · Privacy | E2E encrypted. No vendor access. No cloud inference. |
| Immich | Photos · Intelligence | Local ML face recognition. No Google Photos. |
| MinIO | Storage | S3-compatible. Storage you own = data you control. |
| Cloudflare Tunnel | Networking | External access. Zero inbound ports. Home IP never exposed. |
| Uptime Kuma | Monitoring | Self-hosted service health. Own your observability. |
01 Default-Deny Thinking — What you don't allow can't be exploited.
02 Privacy by Design — Data you don't collect can't be breached.
03 Own Critical Infra — Infrastructure you control is infrastructure you understand.
04 Threat Model Everything — Without a threat model, you're guessing.
05 Practical Security — The best security is the security that actually runs.
Projects · Vee Labs
|
Privacy-first password and email breach monitor for Android & iOS. Passwords are never transmitted — SHA-1 is computed locally, only a 5-char prefix is sent via k-anonymity to HaveIBeenPwned.
|
Field service ticketing app for AC technicians. Role-based access for Admin, Office Staff, and Technicians. Real-time Firestore sync, spare sheet tracking, and activity logs.
|
- Local AI Stack — Paperclip agents + OpenCode CLI → Ollama (qwen2.5-coder:7b GPU) + LM Studio (gemma-4-12b-qat CPU). Full offline inference, no cloud dependency.
- Claude Agents — Custom agent configurations for research, incident response, and structured data extraction (claude-sonnet-4-6, claude-opus-4-6)
- Claude Code — Daily dev tool for architecture, refactors, and security reviews across BreachGuard and ACServiceApp
- Google AI — Certified in Agent Assist & Gen AI and Build AI Agents; working with Gemini, AI Studio, Vertex AI
In Progress:
IAM & Identity
Infrastructure & OS
Security
AI & Local LLMs
Mobile
Level 8 · Advent of Cyber 2024 completed
|
Personal site and working log. Security engineering, self-hosted infrastructure, IAM deep-dives, and architecture decisions.
|
App portfolio. Privacy-first mobile apps built with Flutter and Kotlin — BreachGuard and ACServiceApp.
|
// Built with intentional tradeoffs in mind.