Senior IAM Engineer Β· Identity Security | OpenText β Bengaluru, India
// privacy-first security engineering
Trust-minimized systems. Self-hosted infrastructure. I troubleshoot what others escalate.
Senior IAM Engineer with 11+ years of experience, deep in Identity and Access Management β NetIQ IDM, eDirectory, and NetIQ Access Manager (NAM) on the OpenText stack.
Scope covers IDM upgrade failures, eDirectory certificate chain issues, User Application (UA) performance bottlenecks, workflow design & provisioning logic, and Identity Governance β across RHEL, SUSE, and Windows Server environments. Disproportionate value through lab engineering: full-stack reproduction environments integrating Active Directory, Microsoft SQL Server, Azure Entra ID, and AWS IAM β isolating root causes before they become R&D handoffs.
Outside of work: running a self-hosted homelab with a privacy-first, trust-minimized approach, building mobile apps at Vee Labs, and experimenting with local LLMs and AI agents.
Core Stack
| Service | Category | Signal |
|---|---|---|
| Open WebUI | AI Β· Privacy | Local LLM inference via Ollama. Queries never leave the machine. |
| Paperclip | AI Agents | Autonomous agents running local models (qwen2.5-coder:7b, gemma-4-12b) |
| Ollama | LLM Runtime | qwen2.5-coder:7b β GPU-accelerated on GTX 1660 Ti (4.7GB VRAM) |
| LM Studio | LLM Runtime | gemma-4-12b-qat, qwen3.6-27b β larger models on CPU/RAM |
| Ente | Photos Β· Privacy | E2E encrypted. No vendor access. No cloud inference. |
| Immich | Photos Β· Intelligence | Local ML face recognition. No Google Photos. |
| MinIO | Storage | S3-compatible. Storage you own = data you control. |
| Cloudflare Tunnel | Networking | External access. Zero inbound ports. Home IP never exposed. |
| Uptime Kuma | Monitoring | Self-hosted service health. Own your observability. |
01 Default-Deny Thinking β What you don't allow can't be exploited.
02 Privacy by Design β Data you don't collect can't be breached.
03 Own Critical Infra β Infrastructure you control is infrastructure you understand.
04 Threat Model Everything β Without a threat model, you're guessing.
05 Practical Security β The best security is the security that actually runs.
Projects Β· Vee Labs
|
Privacy-first password and email breach monitor for Android & iOS. Passwords are never transmitted β SHA-1 is computed locally, only a 5-char prefix is sent via k-anonymity to HaveIBeenPwned.
|
Field service ticketing app for AC technicians. Role-based access for Admin, Office Staff, and Technicians. Real-time Firestore sync, spare sheet tracking, and activity logs.
|
- Local AI Stack β Paperclip agents + OpenCode CLI β Ollama (qwen2.5-coder:7b GPU) + LM Studio (gemma-4-12b-qat CPU). Full offline inference, no cloud dependency.
- Claude Agents β Custom agent configurations for research, incident response, and structured data extraction (claude-sonnet-4-6, claude-opus-4-6)
- Claude Code β Daily dev tool for architecture, refactors, and security reviews across BreachGuard and ACServiceApp
- Google AI β Certified in Agent Assist & Gen AI and Build AI Agents; working with Gemini, AI Studio, Vertex AI
In Progress:
IAM & Identity
Infrastructure & OS
Security
AI & Local LLMs
Mobile
Level 8 Β· Advent of Cyber 2024 completed
|
Personal site and working log. Security engineering, self-hosted infrastructure, IAM deep-dives, and architecture decisions. |
App portfolio. Privacy-first mobile apps built with Flutter and Kotlin β BreachGuard and ACServiceApp. |
// Built with intentional tradeoffs in mind.


