Khemmapon
Tawantham
DevSecOps & Cybersecurity Engineer · Tech Lead

About
I secure systems before they become incidents.
DevSecOps & Cybersecurity Engineer with 3+ years in security on top of a 10-year engineering background spanning full-stack development → DevOps (AWS, CI/CD) → DevSecOps — embedding security into every layer of the development lifecycle while tech-leading distributed teams from architecture to production. Specialties: Zero-Trust networking (NetBird), SIEM deployment and tuning (Wazuh, Zabbix), pipeline security (Jenkins, SonarQube, Semgrep, Trivy), and secrets management (Infisical). Off the clock, I run a Proxmox-based homelab where I pressure-test hardening and segmentation ideas before they touch production.
Skills
Security & Infrastructure
Infrastructure & Platforms
DevSecOps Toolchain
Development
Version Control & OS
Bio
- Grew from junior developer into a tech lead role over 5 years, leading junior developers across concurrent client projects — code reviews, standards, and delivery.
- Shipped client-facing web and mobile products for enterprise clients including Sansiri PCL, SCG, and One Asset Management — Ruby on Rails, React.js, Vue.js, Nuxt.js, React Native — from requirements through production deployment on AWS.
- Delivered cross-platform iOS/Android apps with React Native, including a government app for the Ministry of Industry.
- Designed and built internal business applications from scratch (NestJS, React.js, React Native), streamlining operational workflows for internal teams.
- Began owning DevOps responsibilities — built CI/CD pipelines with GitLab CI and Jenkins, Dockerized applications, managed deployments to AWS, and set up Grafana for infrastructure monitoring.
- Led a team of junior developers — set technical direction, unblocked delivery, and hit all project milestones.
- Led full-stack development of a production e-commerce platform — Ruby on Rails backend, React.js web, React Native mobile — owning features end-to-end across all three surfaces.
- Continued DevOps ownership alongside development — maintained GitLab CI/Jenkins pipelines, AWS deployment workflows, and Grafana monitoring dashboards for web and mobile releases.
- Mentored junior developers through code reviews and pairing; diagnosed high-impact production bugs across the stack, reducing downtime.
- Standardized UI/UX patterns across web and mobile for a consistent brand experience.
- Architected and maintain a Zero-Trust internal network on NetBird VPN, securing access for distributed engineering teams across multiple countries.
- Led migration of production infrastructure from AWS to on-premise servers, cutting recurring infrastructure costs to near zero with a hardware investment that paid for itself within 7 months — owned planning, execution, and post-migration hardening.
- Tech lead for internal services built from scratch with the Morocco engineering team — owned architecture, technical direction, and delivery through to production deployment with security embedded from day one; report incidents and risk posture directly to the Country Director.
- Built an internal sales analytics dashboard with daily data sync from the order management system (designed around the provider's server load limits), replacing manual reporting for the sales team.
- Deployed and operate a Wazuh + Zabbix SIEM/monitoring stack with Grafana dashboards across all on-premise servers and supported company devices — covering security log analysis, vulnerability detection, threat hunting, and File Integrity Monitoring.
- Automated compliance monitoring (PCI DSS, GDPR, NIST 800-53, HIPAA), CIS benchmark assessment (SCA), and VirusTotal malware scanning in Wazuh — blocking threats before execution and replacing manual audits.
- Drove shift-left security by embedding SonarQube, Semgrep, and Trivy (container scanning) into Jenkins CI/CD pipelines, catching vulnerabilities pre-production; deployed Sentry for runtime error monitoring.
- Rolled out Infisical for centralized secrets management, eliminating hardcoded credentials across all services.
- Championed company-wide AI adoption — rolled out Claude and ChatGPT workflows, built custom internal Claude plugins/skills, and created n8n automations for engineering (incl. Morocco team), marketing, graphic design, sales, and product — eliminating manual processes and saving hours of work per week across teams.