Senior Platform, Infrastructure & AI Inference Engineer

Anupam Ojha

15+ years building secure, scalable platform infrastructure. Kubernetes orchestration, OpenTelemetry observability, and DevSecOps at Ford Motor Company and GE Healthcare. Currently building production agentic AI systems with multi-provider LLM inference, prompt-cache optimization, and on-device model fine-tuning.

GitHub LinkedIn

Featured Project

Sentinel

Autonomous CVE Remediation Agent

View on GitHub →

Most security tools find vulnerabilities. Sentinel fixes them — autonomously, with a verified PR. Three CLI commands cover the full remediation surface.

sentinel fix — fix CVEs in a single repo, end-to-end
sentinel scan-org — scan every repo in a GitHub org, generate an HTML report
sentinel fix-antipatterns — fix dangerous code patterns (yaml.load, pickle, shell=True) without a CVE trigger
1Forks the repo and resolves the full dependency tree, including transitive CVEs via OSV API
2Identifies dangerous call sites using a Semgrep-backed dynamic knowledge base; falls back to LLM pattern detection for novel CVEs
3Patches build files and source code via multi-provider LLM inference (Anthropic Claude, Google Gemini, or local Ollama)
4Verifies the build passes in an isolated Docker sandbox; feeds compiler errors back for up to 3 self-correcting retries
5Opens a pull request — no human in the loop

LLM Inference

Three provider backends selected at runtime from environment variables — no code changes needed to switch.

☁️ Anthropic Claude

Default cloud provider (claude-opus-4-8). Uses ephemeral cache_control to cache stable context (rules + file contents) across retries — saves 80–90% on input-token costs per retry.

☁️ Google Gemini

Cost-effective alternative (gemini-2.5-flash). Activated via GEMINI_API_KEY or LLM_PROVIDER=gemini.

🖥️ Local / Ollama

Fully offline via SENTINEL_LOCAL_MODEL. Runs any Ollama model — including the fine-tuned sentinel-patcher-7b — through the OpenAI-compatible API. No API key required.

MLOps / Fine-tuning Pipeline

Sentinel can improve its own patch quality over time via a full LoRA/QLoRA fine-tuning loop.

1Training data collected from OSV vulnerability database and verified GitHub patch history
2LoRA/QLoRA fine-tuning on Modal GPU cloud produces sentinel-patcher-7b
3Model exported to GGUF format and deployed locally via Ollama — zero-latency, zero API cost
4Quality gate CI evaluates patch accuracy before promoting the new model to production

Live PRs

Python yaml.load() RCE → yaml.safe_load(), PyYAML upgraded, pickle → JSON Java log4j-core 2.14.1 → 2.17.1

Observability

Every run emits OTel traces and metrics. Ships to any backend via OTLP — Grafana, Datadog, Honeycomb. Prints a token cost report at the end of each run.

Traces

  • sentinel.remediation — root span
  • sentinel.scan — OSV API scan
  • sentinel.patch — LLM patching
  • sentinel.verify — Docker sandbox
  • sentinel.pr_create — GitHub PR

Metrics

  • cves_found_total
  • patch_attempts_total
  • pr_opened_total
  • llm_tokens_total — by model, stage, repo
  • llm_cost_usd_total — with cache savings
Python Java Docker LLM DevSecOps OpenTelemetry Anthropic Claude Google Gemini Ollama OSV API Semgrep Modal LoRA/QLoRA GGUF PyPI

Technical Skills

Cloud & Platform

AWSGCPKubernetes DockerTerraformCrossplane Istio

Observability

OpenTelemetryGrafana PrometheusDatadogHoneycomb

Languages & Frameworks

JavaGoPython Spring BootgRPC GraphQLKafka

CI/CD & Security

GitHub ActionsArgoCD JenkinsChainguardSAST

Databases

PostgresYugabyteDB RedisMongoDBMySQL

AI / LLM Inference

Anthropic Claude APIGoogle Gemini API OllamaPrompt Caching LoRA/QLoRAModal GGUFSemgrep

Experience

Senior Software Engineer

Ford Motor Company

Jun 2022 – Present
  • Standardized enterprise observability with unified OpenTelemetry libraries in Java and Go; built PII redaction and a local Otel testing library for realistic integration testing
  • Led transition from KubeVela to a custom OAM-based hydrator for automated orchestration of Yugabyte, Pulsar, and Redis
  • Enforced secure-by-default pipelines with Chainguard image hardening and build-breaker logic mandating security headers (CSP/XFO/HSTS)
  • Reduced command cancellations by 33% via pod-based internal load balancing that rewarded healthy pods and penalized failing nodes
  • Served as Incident Commander for platform outages, coordinating multi-team responses and embedding post-mortem lessons into runbooks

Staff Software Engineer

GE Healthcare

May 2019 – Jun 2022
  • Led two engineering teams building microservice-based hospital monitoring solutions at Tampa General Hospital and OHSU Portland
  • Created Gremlin chaos attacks replicating production pod disruptions; ensured graceful degradation of critical clinical clients
  • Designed high-throughput EMR/EHR and HL7 data ingestion pipelines using Spring Batch and RabbitMQ
  • Built a GraphQL data store for ML teams querying predictive models across ICU, Surgery, and Maternity departments

Consulting Roles

Citi Group · Verizon · US Bank · Daimler Trucks · Southwest Airlines / Walgreens

2010 – 2019
  • Migrated legacy monoliths to Spring Boot microservices at Verizon; implemented Quick-hull algorithms for geofencing
  • Led Sabre-to-Amadeus reservation system migration at Southwest Airlines; built automated validation tools saving $36k/year
  • Integrated Eclipse RCP with IBM MQ to automate truck part documentation for Mercedes engineers globally (Daimler)

Education

MS, Computer Science (Data Science)

University of Illinois Urbana-Champaign

GPA 3.8

BTech, Electronics & Communications Engineering

SRM University, India

Recruiter Tool

Job Fit Checker

Paste a job description below to see how Anupam's background aligns with the role.