╔══════════════════════════════════════════════════════════════════╗
║ THIAGO PANTOJA · Principal Solutions Architect (Staff+) ║
║ Business Strategy × Platform Engineering × Multi-cloud ║
╚══════════════════════════════════════════════════════════════════╝
_98801--0667-25D366?style=flat-square&logo=whatsapp&logoColor=white){kind=icon}
_98456--1928-25D366?style=flat-square&logo=whatsapp&logoColor=white){kind=icon}
Principal Solutions Architect (Staff+) na interseção entre estratégia de negócio e Platform Engineering.
Projeto arquiteturas multi-account / multi-region em AWS, Azure, GCP e OCI com Cloud Governance, Security by Design e FinOps como pilares — não como afterthought.
Padronizo o SDLC com IaC (Terraform / CDK / Ansible), Kubernetes (EKS / AKS / GKE / OKE) e pipelines CI/CD que entregam escala, resiliência e otimização de custo em ambientes multi-cloud de alta complexidade.
"Architecture is a conversation between constraints and possibilities — I make sure cost, risk, and time-to-market sit at the same table."
domains:
modernization_and_migrations:
- Landing Zones & AWS Organizations
- Policy-as-Code (OPA/Conftest/SCPs)
- Networking: TGW, Direct Connect, VPC design
- Containers: ECS/Fargate, EKS, service mesh
- API Gateway + event-driven (EventBridge / SQS / Step Functions / Lambda)
security_and_compliance:
- Zero Trust architecture
- IAM, KMS, Secrets lifecycle management
- WAF / ALB, account segregation
- DR / Backup with compliance (LGPD, SOC2)
- Supply-chain security: SBOM, cosign image signing
platform_engineering_and_devex:
- IDP / Backstage: service catalog & golden paths
- Opinionated templates: Terraform / CDK / K8s
- Reusable pipelines (GitHub Actions)
- PR preview environments
- Self-service with guardrails
observability_and_reliability:
- OpenTelemetry end-to-end instrumentation
- Prometheus · Grafana · Loki stack
- SLOs from day one (not day two)
- DORA metrics & continuous improvement
-0078D4?style=flat-square&logo=linux&logoColor=white){kind=icon}
Automated cost ingestion pipeline with serverless ETL and executive-grade reporting.
✔ CUR ingestion → Glue ETL → Athena queries → scheduled Lambda exports
✔ Cost allocation by tag/account | rightsizing suggestions
✔ Savings Plans / RIs coverage | monthly deltas and KPIs
✔ PDF/HTML insights auto-delivered to stakeholders
🔗 thiagorpantoja/finops-automation
Production-grade multi-tenant deployment with security and observability baked in.
✔ ECS Fargate + RDS + Redis | ALB rules per host | WAF + TLS 1.2/1.3
✔ Blue/green ready | autoscaling policies | least-privilege IAM + KMS
✔ Full observability pack included
Reference platform for app teams with golden paths, guardrails, and SLOs from day one.
✔ EKS + Karpenter | OTel + Prometheus + Grafana + Loki
✔ IDP/Backstage onboarding | PR environment previews
✔ Golden Paths templates | self-service with guardrails
🔗 thiagorpantoja/eks-blueprints-slo
| Metric | Reference Value |
|---|---|
| 🏦 Cloud cost reduction via FinOps | up to 40% |
| 🚀 Deployment lead time improvement | DORA Elite tier |
| 🛡️ Security findings remediation | automated & policy-gated |
| ☁️ Clouds managed simultaneously | 4 (AWS · Azure · GCP · OCI) |
| 🧩 Platform golden paths delivered | catalog-driven, self-service |
✅ Complex multi-cloud architecture reviews
✅ Platform Engineering / IDP setup & maturity
✅ FinOps strategy & cost governance programs
✅ DevSecOps pipeline hardening
✅ Staff-level technical mentorship
✅ Consulting & fractional CTO engagements
"Ship fast. Stay secure. Optimize relentlessly."
