1. Security Architecture Construction

• Responsible for the implementation and optimization of open-source security components, including:
• Configuration of WAF protection strategies for LeiChi (to prevent CC/API abuse)
• Development of intrusion detection rules for Wazuh HIDS (detecting reverse shells and mining behaviors)
• VPC traffic auditing and DNS external connection control (based on Route53 Resolver + ELK)
• Leading security compliance practices: baseline reinforcement for level protection 2.0, DDoS protection plans (optimization of Cloudflare + AWS Shield)

2. Cloud Environment Maintenance

• Managing the AWS production environment (EC2/ALB/RDS), optimizing costs and performance (reserved instance utilization > 90%)
• Implementing infrastructure as code (Terraform managing over 200 resources)
• Kubernetes platform operation and maintenance: Responsible for the daily operation and maintenance of the Kubernetes production cluster, including establishing performance baselines, troubleshooting resource bottlenecks, and conducting regular version upgrades to ensure platform security and stability.
• Designing disaster recovery plans (RPO < 15 minutes, RTO < 30 minutes)

3. Database Management

• Responsible for performance tuning of MySQL/PostgreSQL (solving slow queries > 95%)
• Formulating data backup strategies (cross-region snapshots + Binlog recovery point validation)
• Encrypting sensitive data (application layer + storage layer)

4. Research and Development Collaboration

• Building GitLab CI/CD pipelines (integrating SAST tools: Semgrep/SonarQube)
• Providing secure coding standards for the development team (fixing the TOP 10 vulnerabilities)