Senior Cloud Solutions Architect

Aman Singh.

I turn complex cloud challenges into secure, practical systems.

I design secure AWS, DevSecOps, and Generative AI platforms for healthcare, research, SaaS, and growing organizations—from discovery through production.

Current Focus

  • AI & Cloud Architecture
  • Governance & Security
  • DevSecOps
  • Technical Pre-sales
10+ Years IT Experience
6+ Years AWS Architecture
200+ Projects Delivered
100% HIPAA / NIST Audits Passed
The Founder's Advantage

Engineered for Business Outcomes, Not Just Infrastructure

Having co-founded a SaaS startup and advised over 200 clients globally across Singapore, Europe, Africa, and the Americas, I don't look at systems in isolation. My engineering decisions are driven by time-to-market, budget boundaries, and client communication—skills honed through years of technical sales, team leadership, and public auditorium workshops.

Explore My Core Competency Profiles

Select a tab below to pivot the portfolio layout and view my achievements tailored specifically to that professional domain.

Generative AI & Cloud Architecture Focus

Designing secure, VPC-isolated cloud environments and integrations that enable enterprise organizations to leverage Large Language Models (LLMs) safely within regulated frameworks.

  • Bedrock Research Environments: Architected secure, private networking and VPC endpoints to connect Amazon Bedrock with secure data storage for ENACT and UCSD Health.
  • EPIC & Fitbit API Integrations: Deployed containerized backends combining clinical health APIs, OAuth identity flows, and Fitbit activity streams for health analytics.
  • AI-Assisted Software Frameworks: Established versioned prompt governance, custom guardrails, and automated code generation standards utilizing Codex.
6+
AI Platforms Designed
10+
Years Software Exp.

Cloud Governance, Security & Regulatory Compliance

Establishing guardrails and compliance pipelines to ensure large-scale, multi-account infrastructures conform strictly to HIPAA, NIST, and FISMA compliance models.

  • Multi-Account AWS Landing Zones: Implemented Landing Zone frameworks using Control Tower, Service Catalog, and custom SCPs for healthcare groups.
  • Compliance Automation: Designed serverless alert pipelines that evaluate configurations using AWS Config rules and aggregate findings into Security Hub.
  • VPC Isolation Protocols: Configured cross-account secure transit pathways and directory setups, ensuring zero exposure for internal RCRAN/PyPI code networks.
6+
Landing Zones Built
100%
Audit Readiness Rate

DevSecOps Engineering & Infrastructure Automation

Automating software delivery pipelines, provisioning secure multi-account environments, and integrating compliance-as-code guardrails to embed security into the development lifecycle.

  • Secure Landing Zone Automation: Designed and standardized enterprise AWS Landing Zones utilizing AWS Landing Zone Accelerator (LZA), Control Tower, and Boto3 orchestration to enforce strict SCPs and Vault Locks.
  • Compliance & Drift Monitoring: Automated real-time configuration evaluations using custom AWS Config rules and aggregated compliance metrics directly into AWS Security Hub.
  • GitLab Pipeline Consolidation: Consolidated distributed development tools into a centralized GitLab workflow, standardizing CI/CD pipelines, container registries, and secrets scanning.
6+
Environments Governed
40%
Delivery Timeline Saved

Technical Pre-Sales & Solution Architecture

Translating ambiguous business requirements and founder visions into scalable solution designs, scoping cloud budgets, and serving as a primary advisor throughout project lifecycles.

  • Global Pre-Sales & Scoping: Guided technical discovery sessions, led pre-sales presentations, and estimated architectures for over 200 startups and SMBs globally.
  • MVP Design & Delivery: Translated startup ideas into production-ready MVPs, successfully launching 15+ early-stage platforms to accelerate time-to-market.
  • Executive Solution Workshops: Partnered with clinical researchers, IT admins, and C-level stakeholders to lead architecture workshops and cloud migration reviews.
200+
Consulting Projects Delivered
15+
Startups Launched (MVPs)

Professional Experience

Over a decade of cloud engineering and architecture leadership

2024 - Present

Senior Cloud Solutions Architect

Xpertech Solutions

At Xpertech, I lead the design and delivery of secure cloud platforms for healthcare, research, and enterprise organizations, working directly with technical leaders, researchers, and executive stakeholders. My role extends beyond cloud architecture—I participate in solution discovery, translate business requirements into technical designs, guide engineering teams, and oversee projects from initial discussions through production deployment.

Enterprise Cloud Architecture & Governance
  • Designed and standardized secure multi-account AWS environments for healthcare and research organizations by implementing AWS Landing Zone Accelerator (LZA) with our proprietary deployment platform, Xperlock, enabling secure, compliant cloud foundations aligned with HIPAA, NIST 800-53, and FISMA.
  • Led cloud architecture initiatives for leading healthcare and clinical research organizations including UCSD Health, UCI Health, UC Riverside, ACTRI, ENACT, Qualcomm Institute, and CIPRA.ai by directing architecture strategy, conducting executive design reviews, and implementing multi-account governance.
  • Established governance models aligned with HIPAA, NIST 800-53, and FISMA using AWS Organizations, Control Tower, Security Hub, AWS Config, IAM Identity Center, KMS, and centralized logging.
  • Conducted architecture workshops, solution reviews, and executive design discussions, helping customers evaluate cloud strategies, security trade-offs, and implementation roadmaps.
  • Worked closely with customers throughout the engagement lifecycle, from gathering business and compliance requirements to designing scalable cloud architectures and guiding production deployments.
Product Design – Xperlock
  • One of my primary responsibilities has been designing Xperlock, an internal cloud deployment platform built to standardize AWS Landing Zone deployments. Rather than being a simple automation tool, Xperlock was designed to bridge the gap between customer discovery and infrastructure deployment.
  • Key Responsibilities:
    • Interviewed delivery teams and identified repetitive deployment challenges.
    • Defined product vision, user journeys, and functional requirements.
    • Designed guided customer intake workflows that convert business requirements into structured infrastructure configurations.
    • Prioritized features and managed the engineering roadmap.
    • Led the development team through implementation and technical reviews.
    • Designed automation that generates AWS Landing Zone configurations and organization-level governance policies using AWS Boto3.
  • Automated Deployments Include: Service Control Policies (SCPs), Backup Policies, AWS Backup Vault Lock, IAM Permission Boundaries, VPC Endpoint Policies, Network Firewall Policies, and organization-level governance configurations.
  • Impact: Reduced enterprise deployment timelines from approximately three months to four weeks while improving consistency across customer implementations.
AI Platform Architecture
  • Designed secure AI research environments for regulated healthcare organizations by combining Amazon Bedrock, AWS WorkSpaces, PostgreSQL, private VPC networking, AWS Cognito, enterprise Single Sign-On (SSO), EPIC FHIR integration, and Fitbit API integration.
  • Enabled clinicians and researchers to securely experiment with Generative AI while remaining strictly within HIPAA security boundaries.
Engineering Productivity & DevSecOps
  • Designed an AI-assisted engineering workflow using OpenAI Codex to improve development consistency across engineering teams, including version-controlled prompt libraries, Markdown-based engineering standards, reusable prompt templates, AI-assisted code generation, and team adoption guidelines.
  • Established a repeatable development process that improved developer productivity while maintaining engineering standards.
  • Led the internal adoption of GitLab as a consolidated platform for CI/CD and codebase management, standardizing repository structures, pipeline rules, and secret management.
Hosting Platform Modernization
  • Redesigned the hosting architecture supporting more than 60 production websites.
  • Major Improvements: Complete separation of development and production environments, site-level Linux user isolation, dedicated PHP-FPM pools, automated backup and restore workflows, AWS Systems Manager automation, secure deployment pipelines, and improved disaster recovery processes.
  • Impact: Significantly reduced operational risk associated with customer-managed WordPress plugins while improving maintainability.
2021 - 2024

Cloud Engineer & Developer

Xpertech Solutions

My role initially focused on engineering and cloud operations before gradually evolving into solution architecture. During this period I was responsible for modernizing legacy platforms, building serverless architectures, operating production AWS infrastructure, and supporting healthcare research initiatives.

HPWREN Cloud Modernization
  • Led one of the organization's largest modernization initiatives by migrating more than two decades of historical wildfire camera images and environmental sensor data to AWS S3.
  • Key Responsibilities: Designed scalable ingestion pipelines, built serverless processing using Lambda and Step Functions, orchestrated events via EventBridge, implemented lifecycle-based storage optimization, disaster recovery planning, cost optimization, CloudWatch monitoring, and security auditing.
  • Impact: Modernized legacy Perl-based applications into event-driven Python services, reducing operational overhead by 40% while improving maintainability.
AWS Infrastructure Operations
  • Managed cloud infrastructure supporting more than 60 production websites and research applications utilizing EC2, Application Load Balancers, Route 53, AWS WAF, S3, automated backup systems, cloud monitoring, security hardening, and infrastructure troubleshooting.
  • Worked closely with researchers, IT administrators, and technical stakeholders to plan migrations, conduct architecture reviews, and deliver cloud solutions.
2019 - 2021

Independent IT Consultant / Solutions Architect

Self-Employed (Global Consulting)

Built an independent consulting practice focused on helping startups transform business ideas into production-ready software. Unlike traditional freelance development, my work involved understanding customer problems, designing technical solutions, and delivering complete systems from concept through production.

Consulting Highlights
  • Delivered more than 200 cloud and software consulting engagements for startups and SMBs worldwide, designing AWS-based application architectures and production hosting environments.
  • Successfully launched 15+ Minimum Viable Products (MVPs) for early-stage startups by leading technical discovery sessions, translating business ideas into scalable cloud architectures, and accelerating concept-to-production delivery.
  • Designed AWS hosting environments for startups with cost optimization and future scalability in mind.
  • Modernized legacy applications through cloud migration, API redesign, and microservices adoption, improving scalability, maintainability, and long-term operational efficiency.
  • Served as the primary technical advisor throughout project lifecycles, managing customer communication, architecture, implementation, deployment, and post-launch support.
  • Built integrations with numerous third-party services including payment gateways, social platforms, communication APIs, and analytics systems, enabling customers to accelerate product delivery without reinventing common functionality.
2016 - 2019

Co-Founder & Technical Lead

Cybercreek Solutions (Zixana)

Zixana was my first experience building a technology business from the ground up. As a co-founder, I wasn't responsible only for technology—I was responsible for understanding customer problems, designing solutions, building the product, supporting customers, and growing the business.

Product Strategy
  • Before writing software, I met with school principals, administrators, teachers, and staff to understand the operational challenges they faced in managing schools. Those conversations shaped the product roadmap and user experience.
  • Translated customer feedback into product requirements, prioritized features, and worked closely with the development team throughout implementation.
Engineering Leadership
  • Led technical architecture across the platform by designing AWS infrastructure, building backend systems, developing core application modules, reviewing engineering work, mentoring developers, and managing releases.
Product Growth
  • The platform was adopted by 12 schools, supporting more than 25,000 students. One of the largest deployments managed fee collection for over 10,000 students across four campuses.
  • Enabled schools to digitize student management, automate fee collection and payment reminders, improve financial reporting, maintain audit-ready records, and streamline day-to-day academic operations.
Community Development
  • Alongside building the company, I designed and delivered practical software engineering workshops for more than 200 students. Training focused on web development, software engineering fundamentals, project-based learning, end-to-end application development, and industry best practices.
  • Many students built their first production-style applications through these sessions.

Featured Projects

Real-world systems delivering scalability, compliance, and impact

01

HPWREN Ingestion

Lead Cloud Architect & Migration Engineer

Migrated 20+ Years environmental sensors and camera telemetry into S3. Built Lambda/Step Functions pipelines for time-lapse video generation and metadata ingestion, reducing admin overhead by 40%.

AWS Lambda Step Functions S3 Lifecycle Python
Read Case Study →
02

Xperlock Secure Landing Zone

Lead Cloud Architect

Standardized AWS organizations using Control Tower, custom Service Catalog items, and automated compliance policies matching HIPAA and NIST 800-53 controls for ACTRI, UCSD Health, UCR, and UCI-Hub.

Control Tower AWS Config Security Hub KMS Keys
Read Case Study →
03

ENACT Compliance Suite

Cloud Architect & DevOps Engineer

Implemented HIPAA Config Conformance Packs, private package repositories (RCRAN/PyPI) inside secure boundaries, AD password reset application, and secure cross-account SFTP transfers.

VPC Endpoints Active Directory AWS Transfer AWS Config
Case Study Coming Soon
04

DCE Account Purger

Lead Architect

Designed management, audit, and log accounts enabling disposable student sandboxes with consolidated billing, applying AWS SCP policies as budget guardrails and Lambda for lifecycle automation.

AWS Lambda SCP Guardrails Control Tower Lifecycle Auto
Case Study Coming Soon
05

Qualcomm Inst. Infrastructure

AWS Infrastructure Manager

Managed AWS infrastructure supporting 40+ research and public websites. Implemented WAF protection, cross-account backup automation, and permission control with a Windows Bastion application.

EC2 ALB WAF Bastion App
Case Study Coming Soon
06

Biosync Clinical Pipeline

Backend Developer

Constructed a serverless system in Python following Domain-Driven Design (DDD) patterns. Synced real-time physical telemetry streams (Fitbit API) and authenticated clinical users using EPIC FHIR tokens.

AWS SAM Python (DDD) EPIC FHIR Fitbit API
Case Study Coming Soon
07

Willo Clinician Portal

Backend Developer

Contributed to a Django-based mental health application for UCSD students. Configured secure database interactions, REST API endpoints, and scheduling modules for clinician coordination.

Django Python REST APIs PostgreSQL
Case Study Coming Soon
08

UCSD-RLApp Safety Tracker

Project Coordinator & AWS Consultant

Coordinated Next.js generative AI application for UCSD Health safety event tracking, implementing secure Cognito user directories and on-premise Active Directory SSO access management.

Next.js AWS Cognito GenAI Integration SSO Auth
Case Study Coming Soon
09

GEH Heatmap Repository

Project Manager & Cloud Consultant

Directed AWS deployment of a public research repository, coordinating the software development lifecycle for custom elasticsearch modules and coordinate heatmap visualization features.

Elasticsearch Heatmap Engine AWS Hosting JavaScript
Case Study Coming Soon
10

Emerge Ingestion Engine

Project Manager

Oversaw the timeline and development of a custom search and analytics backend, integrating with the Qualtrics API to ingest, structure, and query qualitative research survey response datasets.

Qualtrics API Search Engine REST APIs Data Processing
Case Study Coming Soon
11

HRSA Analytics Dashboard

Developer & AWS Architect

Programmed interactive metrics reporting panels using RShiny and set up secure supporting AWS infrastructures to serve dashboards to healthcare program research coordinates.

R Shiny AWS EC2 Data Visuals Statistics
Case Study Coming Soon

Technical Expertise

Categorized view of my core engineering competencies

Cloud Architecture

  • AWS Control Tower
  • Multi-Account Strategy
  • VPC & Transit Gateways
  • IAM Identity Center (SSO)

Security & compliance

  • HIPAA Alignment
  • NIST 800-53 / 171
  • AWS Config Trackers
  • KMS Encryption Policies

DevSecOps & Code

  • GitLab & GitHub CI/CD
  • Terraform / CloudFormation
  • Docker Containers
  • Python Automation

App Development

  • FastAPI / Django
  • RESTful API Design
  • Next.js Framework
  • PostgreSQL / DynamoDB

Verified Certifications

Click on any badge below to view certification details and assets

AWS Solutions Architect Professional Badge

Solutions Architect

AWS Professional
AWS Solutions Architect Associate Badge

Solutions Architect

AWS Associate
AWS Cloud Practitioner Badge

Cloud Practitioner

AWS Foundational

Let's Architect Your Next Project

Whether you need help establishing multi-account cloud governance, securing Generative AI models, or building high-performance serverless backends, I'd love to help you build it.