Yaqoob Ahmed
SRE and systems engineer with a focus on distributed infrastructure, failure-resilient architecture, and applied cryptography. I build things that run unattended — self-healing clusters, edge compute nodes, serverless pipelines — and I care about what happens when they break at 3am more than when everything is fine.
Projects
Self-Healing SRE Trading Platform
A production SRE environment built from scratch — Kubernetes on GKE and Proxmox, Kafka event bus, MySQL with GTID-based replication, and a safety-governed incident control plane that automates failover without blindly trusting automation. Chaos tested. Error budget tracked. Not a tutorial project.
-
Global Egress Orchestration
In ProgressResidential edge nodes tunneled to Oracle Cloud over reverse WebSocket — zero inbound ports, zero hardware deaths, complete headless management via Cloudflare Zero Trust. CGNAT is a constraint to design around, not a problem to solve.
-
Distributed Cryptographic Signing Platform
AnonymisedImplemented an undocumented proprietary authentication protocol — byte-for-byte — across Go, Node.js, and GCP Cloud Functions. 2,000+ test vectors enforce cross-runtime parity. A wrong padding mode fails silently; the test suite is the spec.
-
The Pocket Data Center
Bare MetalWiped Android off a OnePlus 6, flashed PostmarketOS, and ran a full Docker stack on ARM64 at 4 watts. Battery charge limits via kernel sysfs, SSD on OTG for database I/O, SMS gateway through the Qualcomm modem, and ALSA routing for live cellular calls.
-
Edge API Gateway & Serverless Backend
Cloudflare Workers as a JWT-verified API gateway: Firebase JWKS verification at the edge, identity propagation without downstream re-verification, Stripe subscription lifecycle via a KV-backed state machine. Zero origin servers; V8 isolates in 300+ locations.
-
High-Performance Go Device Generator
Zero external dependencies. Pure Go standard library. Sub-millisecond generation per device. 2 million devices via goroutine fan-out. AES-CTR DRBG ensures identical output for identical seeds across runtimes. Ships as a 12 MB scratch Docker image.
-
TLS Certificate Chain Inspector
LiveCryptographic signature verification across the full certificate chain — not just expiry checking. OCSP revocation, CRL parsing, multi-trust-store comparison (Mozilla, Apple, Google), and SPKI hashes for pinning. Built after a real incident.
-
End-to-End Encrypted MQTT Gateway
The broker is structurally blind to payload content. AES-256-CBC at the publisher, ciphertext through Mosquitto, decrypt at the subscriber. The broker provides routing and reliability without requiring any trust in its confidentiality.
Stack
| Orchestration | Kubernetes (K3s, GKE), Docker, Helm, Terraform, Ansible |
| Reliability | Prometheus, Grafana, SLOs, error budgets, chaos engineering, HAProxy |
| Cloud | GCP (Cloud Run, GKE, Functions), Oracle Cloud, Cloudflare Workers |
| CI / CD | GitHub Actions, Cloudflare Pages, Wrangler, Docker Hub |
| Backend | Go, Python, Node.js / TypeScript, Dart — REST, event-driven, serverless |
| Messaging | Apache Kafka, MQTT (Mosquitto), Redis pub/sub, Cloudflare KV |
| Security | HashiCorp Vault, TLS/X.509, OAuth 2.0 + PKCE, AES, ECDSA, HMAC |
| Databases | MySQL (GTID replication), MongoDB, SQLite / D1, Redis |
| Networking | WireGuard, Cloudflare Zero Trust, NGINX, WebSocket tunneling, CGNAT traversal |
| Analysis | mitmproxy, Wireshark, JADX, static binary analysis, network traffic capture |
About
I got into systems engineering from the bottom up — repurposing old hardware, reading kernel documentation at odd hours, and building things that ran unattended because I wanted to understand what breaks when no one is watching. That curiosity led me into SRE work: understanding not just how systems behave under normal load, but how they fail, and more importantly, how they recover.
My interest in cryptography came from practical necessity — implementing authentication protocols from first principles requires reading the actual specs, not the blog posts. That habit of going to the source carries into everything: reading kernel interfaces directly, tracing syscalls, understanding what a tool actually does before trusting it in production.
I'm based in Canada and open to remote or relocation. I work best in environments where reliability is treated as an engineering discipline, not an afterthought.