Jose Baez

Jose Baez

Cloud & Infrastructure Engineer

Hi, I'm Jose Baez — Cloud & Infrastructure Engineer

Jose Baez - Sr. Cloud Support Engineer

I'm a Cloud & Infrastructure Engineer with 13+ years of experience designing, supporting, and modernizing mission-critical environments across the financial and government sectors. My expertise includes AWS, Kubernetes, Linux, Infrastructure as Code, CI/CD, automation, cloud migrations, and production support, with a strong focus on building secure, reliable, and cost-efficient solutions.

I'm passionate about solving real infrastructure challenges through automation and AI, continuously exploring new AWS services, DevOps practices, and cloud-native technologies. This portfolio showcases hands-on projects, technical articles, and practical solutions that reflect how I approach engineering in real-world environments.

Based in New York City. When I'm away from the terminal, you'll usually find me hiking, skiing, or working on a DIY project just to learn how it works.

Explore my work on GitHub or connect on LinkedIn.

Projects

Weather Dashboard

A production-grade serverless weather app on AWS — real-time forecasts for any city, secure API key handling via SSM Parameter Store, DynamoDB caching, and a fully automated CloudFormation + CodePipeline CI/CD system deployed behind CloudFront.

Building a Serverless Docker Security Scanner on AWS

A deep dive into DocImgAnalizer — a production SaaS tool that analyzes Dockerfiles for security issues and retrieves Docker Hub image metadata, built entirely on serverless AWS infrastructure with zero long-lived credentials.

SecurityScanSkill

A single Claude Code slash command that auto-detects your project stack and runs 11 specialized security tools — covering secrets, dependency CVEs, container images, IaC misconfigurations, and SAST across 8 languages and 7 IaC frameworks.

GuardRailScan

Automated red-teaming and remediation tool for LLMs, RAG pipelines, and AI agents. Fires adversarial probes, scores every response with a judge LLM, classifies risk severity, and produces a step-by-step audit report.

URL Shortener with Real-Time Analytics

A production-grade Bitly-style URL shortener built on Kubernetes (AWS EKS) with real-time click analytics — geo data, referrer sources, and device breakdown updated via async background processing.

AI Slack Bot Agent

A serverless AI agent on AWS that receives natural language questions via Slack, reasons using AWS Bedrock (Claude Haiku), calls real AWS tools — DynamoDB, S3, web search — and posts structured answers back to the channel.

Writing

Terraform IaC Pipeline with GitHub Actions: A Production-Grade Guide

A complete walkthrough for building a production-grade Terraform CI/CD pipeline using GitHub Actions — covering the bootstrap problem, multi-layer architecture, OIDC authentication, security scanning, and automated deployment to AWS ECS Fargate.

Building a Security Scan Skill with Claude Code

How I built a single Claude Code custom slash command that automatically detects your project stack and runs 11 specialized security tools — covering secrets, dependency CVEs, container images, IaC misconfigurations, and SAST across 8 languages and 7 IaC frameworks.

Terraform Multi-Layer Architecture: Bootstrap, Foundation, Platform, Application

A practical guide to structuring Terraform into four independent layers — solving the chicken-and-egg bootstrap problem, isolating blast radius, enforcing least-privilege IAM per layer, and wiring everything together with remote state references.

Fine-Tuning a Private LLM on AWS — Task-Specific, Secure, and Cost-Effective

A practical guide to tuning an open-weight LLM for a specific business task on AWS — covering data preparation, LoRA/PEFT fine-tuning with SageMaker Spot instances, security hardening with KMS and VPC, and keeping the entire pipeline under $10.

AI Guardrails Security — Misconfigurations, Attacks, and Defenses

A deep-dive into the guardrail architectures of Claude, ChatGPT, Gemini, and Llama — covering the most common misconfigurations with fixes, real-world attack vectors, and a practical defense-in-depth checklist for production LLM deployments.