# Arnold Cartagena

> Senior Platform Engineer | AI Deployment & Technical Enablement

Location: Bern, Switzerland
Email: cartagena.arnold@gmail.com
Website: https://cv.arnoldcartagena.com
GitHub: https://github.com/acartag7
LinkedIn: https://linkedin.com/in/arnold-cartagena

Availability: open to opportunities — Open to AI infrastructure, runtime governance, and platform engineering opportunities

CV last updated: Apr 2026

## Summary

Senior Platform Engineer with 8+ years building scalable infrastructure. Currently Tech Lead for Kafka and API Platforms at Swiss Post, where I design and ship production AI-enhanced developer workflows — MCP servers and LLMs with AWS Bedrock, achieving 70%+ reduction in manual DevOps tasks (4 hours → 5 minutes per batch). Creator of Edictum, an open-source runtime governance library for AI agents, and co-author of Mind the GAP (arXiv, Feb 2026) on tool-call safety. Kubestronaut: CKS, CKAD, KCSA, KCNA, CKA.

## Experience

### Tech Lead, Kafka and API Platforms — Swiss Post
May 2023 – Present · Bern, Switzerland

Designed and shipped a production AI agent platform for Kafka operations, including self-service intake, queueing, approval workflow, live run tracking, operational analytics, and run-cost tracking. Built an AI replication agent that automates Kafka replication setup, reducing a workflow that previously took hours of senior engineering time to minutes of supervised execution. Integrated runtime governance so agents with real tool access can operate inside explicit safety boundaries and produce auditable decisions for security review. Extended the same platform pattern toward multiple AI workflows, including replication, onboarding, SRE investigation, and connector migration. Lead the Kafka platform migration from on-premises infrastructure to Confluent Cloud while owning observability, reliability, DevSecOps integration, and developer tooling.

**Achievements:**
- Designed and shipped a production AI agent platform for Kafka operations with self-service intake, approvals, live run tracking, analytics, and auditability
- Built a replication agent that reduces a manual hours-long workflow to minutes of supervised execution while preserving review and auditability
- Integrated runtime governance so write-capable AI agents can operate inside explicit safety boundaries and survive enterprise security review
- Established a reusable platform pattern now extending toward onboarding, SRE investigation, and connector migration workflows

**Technologies:** AI Agents, MCP, AWS Bedrock, Claude Agent SDK, Edictum, AI Factory, Runtime Governance, Approvals, Audit Trail, Kafka, Confluent Cloud, OpenShift, EKS, Grafana, Prometheus, ELK, Splunk, Terraform, GitLab CI, DevSecOps, Elasticsearch

### Member Of Technical Staff - Bitnami Team — VMware
Mar 2022 – May 2023 · Remote

Integrated Vault with Sealed Secrets enterprise operator, enabling secure secret management across Kubernetes clusters with automatic rotation.
Designed vulnerability scanning pipeline using Trivy, tfsec, and Checkov for container images, IaC, and
misconfigurations in CI/ CD workflows.
Managed hardened, minimal container images with pinned versions; CI/ CD runners used custom images with only required tooling.
Mentored engineers on security practices and infrastructure patterns; authored runbooks still in use by teams.

**Achievements:**
- Designed multi-cloud infrastructure (AWS, GCP , Azure) using Terraform modules, managing multiple Kubernetes clusters (EKS, GKE, TKG).
- Built Internal Developer Platform with RBAC and comprehensive audit logging, all cluster access and actions logged to Splunk for security monitoring.
- Standardized GitOps workflows with ArgoCD and GitLab CI templates, reducing manual intervention in deployments.

**Technologies:** Terraform, AWS, GCP, Azure, Kubernetes, EKS, KOPS, GKE, TKG, ArgoCD, GitLab CI, Prometheus, Grafana, Fluentd, ELK

### Senior Cloud Platform Consultant — Hitachi Vantara
Sep 2021 – Mar 2022 · Madrid, Spain

Developed and maintained robust CI/CD pipelines across all stages using GitLab CI, Vault, and Ansible. Implemented cloud-native monitoring and logging solutions using ELK Stack, Prometheus, Alertmanager, and Grafana. Managed GKE Kubernetes clusters for optimal performance and reliability. Resolved escalated issues on Linux, cloud platforms, and Kubernetes environments.

**Achievements:**
- Including automated QA workflows with Cypress and seamless GCP environment provisioning with terraform
- Proactive incident management and comprehensive system monitoring

**Technologies:** GitLab CI, Vault, Ansible, ELK Stack, Prometheus, Alertmanager, Grafana, GKE, Kubernetes, Terraform, Cypress

### DevOps Engineer — knowmadmood
Jun 2021 – Sep 2021 · Remote

Developed and supported Terraform pipelines in Jenkins for AWS and GCP deployments. Designed CI/CD pipelines with GitHub, for Java apps deployed with Helm to Kubernetes clusters (GKE/EKS). Diagnosed and resolved infrastructure issues on GCP and AWS. Leveraged automation to increase efficiency and consistency in application deployments.

**Achievements:**
- Contributed to the design and troubleshooting of infrastructure-as-code solutions

**Technologies:** Terraform, Jenkins, AWS, GCP, GitHub, Java, Helm, Kubernetes, GKE, EKS

### Senior Systems Engineer — Orange Spain
Oct 2018 – Jun 2021 · Madrid, Spain

Responded to security incidents including DDoS attacks and authentication bypass attempts; wrote F5 iRules and WAF policies to mitigate threats.
Analyzed logs to identify attack patterns and brute force attempts; tuned WAF rules to block malicious traffic while minimizing false positives.
Automated monitoring with Bash, Python, and Ansible; collaborated on infrastructure with F5 load balancers and Fortinet firewalls.
Authored incident response runbooks and playbooks still used by operations teams.
Provisioned CDN infrastructure with Edgeware and Akamai; monitored and resolved incidents across broadcast ecosystem.

**Achievements:**
- Optimized TV platform performance and reliability through innovative solutions
- Successfully mentored and developed junior team members
- Streamlined operations through automation and monitoring improvements

**Technologies:** Bash, Python, Ansible, NetApp, EMC, F5, Fortinet, TV Platform, Infrastructure

### Support Engineer L2 — Orange Spain
Nov 2017 – Oct 2018 · Madrid, Spain

Managed IPTV and OTT equipment from Harmonic and Ericsson. Configured and supported IPTV, OTT, and VOD middleware platforms, optimizing for performance and reliability. Monitored and verified signals from external providers for critical live broadcast events. Provisioned and deployed CDN servers with Edgeware and Akamai technology, improving content distribution. Investigated and resolved incidents affecting CDN, the Headend, and the broader television ecosystem.

**Achievements:**
- Ensured optimal performance and reliability of IPTV/OTT platforms
- Successfully managed critical live broadcast events
- Improved content distribution through CDN optimization

**Technologies:** IPTV, OTT, VOD, Harmonic, Ericsson, Edgeware, Akamai, CDN, Middleware

### System Administrator — Roche
Apr 2017 – Nov 2017 · Madrid, Spain

Managed over 20k VM in Roche's global infrastructure, making certain of robust and continuous operations. Installed, configured, and maintained both Windows and Linux servers. Administered middleware platforms and executed application deployments to support mission-critical services.

**Achievements:**
- Maintained robust operations across 20,000+ virtual machines
- Ensured continuous operations for mission-critical services
- Successfully managed complex global infrastructure

**Technologies:** VMware, Windows Server, Linux, Middleware, Application Deployment, Global Infrastructure

## Skills

### Production AI Systems
Enterprise AI agents that run real workflows with human approval and operational analytics
AI Agents (2y), MCP (1y), AWS Bedrock (1y), Claude Agent SDK (1y), Prompted Workflows (2y)

### Runtime Governance
Tool-call enforcement, auditable decisions, approval gates, and process control for AI agents
Edictum (1y), Workflow Gates (1y), Tool-Call Enforcement (1y), Audit Trails (3y), Human Approval Flows (2y)

### AI Factory
Governed multi-agent execution with task graphs, evidence, approvals, and repeatable delivery
Internal AI Factory (1y), Multi-Agent Orchestration (1y), Task Graphs (1y), Evidence Tracking (1y), Cost Tracking (1y)

### Event Streaming
Kafka platform engineering, migration, replication, and managed streaming operations
Kafka (4y), Confluent Cloud (2y), Kafka Connect (3y), Flink (1y)

### Platform Engineering
Cloud-native platforms, Kubernetes, GitOps, and developer infrastructure
Kubernetes (5y), OpenShift (3y), EKS (4y), Backstage (2y), GitOps (4y)

### Cloud & Infrastructure as Code
Cloud platforms and repeatable infrastructure automation
AWS (6y), GCP (4y), Azure (2y), Terraform (5y), Ansible (4y)

### Observability & Security
Monitoring, logging, runtime safety, and secure platform operations
Grafana (5y), Prometheus (5y), Splunk (2y), Vault (3y), DevSecOps (4y)

### Delivery Automation
CI/CD, scripting, and automation across engineering platforms
GitLab CI (5y), GitHub Actions (3y), ArgoCD (3y), Python (5y), Shell Scripting (8y)

## Certifications

- **CKS: Certified Kubernetes Security Specialist** — The Linux Foundation, issued Jun 2022 (expires Jun 2025) · ID LF-123458
- **KCSA: Kubernetes and Cloud Native Security Associate** — The Linux Foundation, issued Jan 2023 · ID LF-123460
- **CKA: Certified Kubernetes Administrator** — The Linux Foundation [expired], issued Jan 2022 (expires May 2025) · ID LF-123456
- **CKAD: Certified Kubernetes Application Developer** — The Linux Foundation, issued Mar 2022 (expires Mar 2025) · ID LF-123457
- **HashiCorp Certified: Terraform Associate** — HashiCorp, issued Jan 2022 (expires Jan 2025) · ID HC-123456
- **KCNA: Kubernetes and Cloud Native Associate** — The Linux Foundation, issued Sep 2021 · ID LF-123459
- **GitOps Certified for Argo** — Codefresh, issued Jun 2022 · ID CF-123456
- **Jenkins Level 1: Administration** — CloudBees, Inc., issued Jun 2021 · ID CB-123456
- **Microsoft Certified: Azure Fundamentals** — Microsoft, issued Mar 2021 · ID MS-123456

## Education

### Bachelor of Science in Cybersecurity — The Open University
Jan 2019 – Present · Milton Keynes, United Kingdom

Comprehensive cybersecurity program covering network security, cryptography, ethical hacking, and security architecture

## Achievements

### Production AI Agent Platform — Swiss Post
Apr 2026 · project

Designed and shipped an internal AI platform for Kafka operations with intake, approvals, live runs, analytics, and auditability.

### Edictum Runtime Trust Layer — Open Source
Feb 2026 · project

Built an open-source runtime enforcement layer that governs AI agent tool calls and produces auditable decisions.

### Internal AI Factory — Open Source
Apr 2026 · project

Built a local-first AI factory orchestrator for governed multi-agent execution, evidence, approvals, and cost tracking.

### Mind the GAP — arXiv
Feb 2026 · publication

Published research showing that text-level safety does not reliably transfer to tool-call safety in LLM agents.

## Languages

- **Spanish** — NATIVE (native)
- **English** — C2
- **Portuguese** — C1
- **German** — B1