Skip to content
Portfolio

Hi, I'm
Kevin Maximiliano Palma Romero.

Azure Cloud Engineer | Platform Engineering | Infrastructure Automation

I build cloud infrastructure that scales, automate what should be automated, and design internal platforms that eliminate silos between code and operations. If the cloud has a problem, I like solving it with engineering.

Contact me Download CV
Kevin Maximiliano Palma Romero
Scroll
Career

About me

I transform complex infrastructures into scalable, secure solutions by converging software engineering and cloud architecture. My background as an Associate Degree in Software Development graduate lets me approach Microsoft Azure with an engineering mindset, prioritizing automation and custom tooling that streamlines operations. I lead technical consulting processes for high-maturity corporate environments, ensuring cloud adoption is resilient, secure, and financially efficient under Cloud Adoption Framework (CAF) standards.

0

Azure Certifications

1

months

0+

Cloud Projects

A1

English

Experience
Readymind

Readymind

~1 year · Full-time

Azure Cloud Engineer

Oct 2025 – Present · Buenos Aires, Argentina · Hybrid

Current
  • Automation & Tooling (ACIM & ARGUS): Designed and developed full-stack internal platforms (Astro, Tailwind, Azure Functions) to automate Service Principal management, secure Key Vault storage, and advanced tenant auditing via KQL with Azure Resource Graph.
  • Resource Migrations: Complex resource movements between subscriptions and Resource Groups (Lift & Shift / Re-platforming) using ARM Templates. Migratability analysis, cross-RG/subscription dependency mapping, and maintenance window coordination.
  • Migration Assessment (Azure Migrate): Led on-premise → Azure assessment projects. TCO comparative analysis across PAYG, 1y RI, and 3y RI scenarios to support strategic investment decisions.
  • Tenant Auditing: Full analysis from the portal, Azure Advisor, and Azure Resource Graph. Best practice identification across cost (right-sizing, Reserved Instances, backups, orphan resources, Spot VMs), governance (tags, naming convention, RBAC, Least Privilege, Policies), and security (Zero Trust, Hub & Spoke, Entra ID, Landing Zone).
  • Governance & FinOps: Azure Advisor and Resource Graph audits. Optimization recommendations (Reserved Instances, Right-sizing) and security hardening (RBAC Least Privilege, Azure Policy) across multi-region environments.
  • AI-Assisted Scripting: PowerShell scripts developed with AI agents for high-privilege role extraction, bulk RG deletion, cross-server database migration, and module installation.
  • Consulting & Troubleshooting: Technical client sessions, remote-hands guidance, live troubleshooting, and critical incident resolution in hybrid and cloud-native architectures.
  • Commercial & Post-sales: Meetings with the commercial team to define next steps and craft post-sales service proposals for clients.
  • Agile DevOps: Task management in Azure DevOps under Scrum: planning, daily stand-up, weekly sprint review, and monthly retrospective. Bulk operation automation with PowerShell.
Azure PowerShell KQL ARM Templates FinOps Azure Migrate Hub & Spoke Astro Azure Functions Key Vault Azure Resource Graph Scrum ADO

Cloud Engineer

May 2025 – Sep 2025 · Remote

  • Azure Infrastructure (IaaS & PaaS): Provisioning and management of virtual machines (VMs) and SQL Databases. Governance best practices: Resource Groups, strategic Tagging, and RBAC for access control.
  • Business Automation (Low-code): Design and deployment of enterprise applications with Power Apps. Workflow automation with Power Automate to improve internal operational efficiency and reduce repetitive manual tasks.
  • Data Analytics & BI: Interactive Power BI dashboards integrating SQL data sources for KPI visualization and data-driven decision support.
Azure Power Apps Power Automate Power BI SQL Azure VMs Azure SQL RBAC Azure CLI
Education
UADE

UADE

Mar 2026 – Nov 2030

Bachelor of Science in Computer Engineering

In progress

Undergraduate program aimed at deepening scientific and methodological foundations of computing. Goal: complement practical experience as a Software Developer and Cloud Engineer with a solid foundation in complex systems engineering, distributed architectures, and applied research methodology.

Systemic Thinking: Analysis and modeling of information systems and systems theory for the optimization of complex organizational processes Engineering Fundamentals: Strengthening logical, algorithmic, and mathematical foundations (Algebra and Geometry) applied to solving high-complexity technical problems Professional Soft Skills: Development of critical thinking and effective communication, essential for technical team leadership and strategic project management
IFTS N°11

Instituto de Formación Técnica Superior N° 11

Aug 2023 - Nov 2025

Associate Degree in Software Development

Graduated

Higher technical education focused on scalable system design, distributed architectures, and Cloud deployment. Graduated with a real-impact final project: the Inquiro SaaS platform.

Inquiro Project (SaaS): Co-developed a SaaS platform for intelligent survey management and AI-driven analysis using generative language models Cloud Architecture (AWS): Resilient infrastructure with VPC and public/private subnet segmentation across multiple Availability Zones (AZ), ensuring high availability and workload isolation Networking & Security: Elastic Load Balancing (ELB) and NAT Gateways for high availability and secure outbound traffic from private instances AI & Data Insights: Language model integration via Groq to automate semantic analysis of survey responses and generation of automated executive reports Tech Stack: Full-Stack development with Node.js (Express), Angular, TypeScript, and Tailwind CSS. DynamoDB as scalable NoSQL database for survey and response persistence Leadership & Management: Technical team leadership under Scrum methodology, with project lifecycle managed in Notion. Technical documentation and architecture decisions owned by the team
Certifications
AZ-104 — Azure Administrator Associate

AZ-104

Azure Administrator Associate

Cloud Administrator

Validates the ability to manage identities and access, implement storage, administer virtual machines, configure virtual networks, and monitor resources in Microsoft Azure.

RBAC & IAM VMs & Compute VNets & NSGs Azure Monitor Storage
Verify credential
AZ-700 — Azure Network Engineer Associate

AZ-700

Azure Network Engineer Associate

Network Engineer

Validates designing and implementing Azure network solutions: hybrid connectivity, VPN Gateway, ExpressRoute, private DNS, load balancing, and perimeter security.

VPN & ExpressRoute Private DNS Load Balancing Private Endpoints App Gateway
Verify credential
AZ-900 — Microsoft Azure Fundamentals

AZ-900

Microsoft Azure Fundamentals

Cloud Fundamentals

Certifies understanding of cloud concepts, core Azure services, security, privacy, compliance, and pricing and support models.

Cloud Concepts Azure Services Security Pricing
Verify credential
DP-900 — Microsoft Azure Data Fundamentals

DP-900

Microsoft Azure Data Fundamentals

Data Fundamentals

Certifies knowledge of core data concepts, relational and non-relational Azure data services, and data analytics and intelligence fundamentals.

Azure SQL Cosmos DB Analytics Data Factory
Verify credential
Projects

Cloud Solutions & Case Studies

Real-world cases of infrastructure, governance, and optimization on Microsoft Azure.

01 ACIM — Azure Client Identity Manager

Challenge

Azure client identities (Service Principals) needed to be managed securely and centrally, preventing secrets from being stored in plain text. Additionally, the generated HTML audit files required controlled access without exposing direct storage paths.

Solution

A full-stack internal platform (Astro, Tailwind, Azure Functions) was built to automate Service Principal registration: tenant-id and app-id are persisted in Azure Table Storage, while secrets are stored encrypted in Key Vault. An Azure Function detects HTML file creation in a Storage Account and auto-generates a Web App endpoint with custom authentication, blocking direct HTML access without login.

Impact

Secrets eliminated from plain text via Key Vault. Automated audit file delivery with access controlled by custom authentication and dynamic endpoints generated by Azure Functions.

Astro Tailwind CSS Azure Functions Azure Table Storage Azure Key Vault Azure Web Apps
02 ACIM-ARGUS — Azure Resource Graph Universal Scanner

Challenge

Auditors needed to mass-analyze resources across multiple Azure tenants without writing KQL manually or relying on persistent access credentials. The manual process was slow, repetitive, and provided no way to export results for downstream analysis.

Solution

An internal auditing tool (Astro, Tailwind, Azure Resource Graph) was built with a visual query interface: users select subscriptions, resource groups, and resource types with dynamic filters — no KQL required. Includes pre-built templates for the most common audit cases (orphan resources, public IPs, unconfigured Private Endpoints) and CSV export for downstream raw-data analysis.

Impact

Mass auditing of Azure tenants without writing KQL. Ready-made templates for the most common audit cases and CSV export for downstream analysis with raw data.

Astro Tailwind CSS Azure Resource Graph KQL CSV Export
03 Complex Cross-Subscription Migration

Challenge

Critical resources (VMs, databases, App Services) needed to be moved between different subscriptions with minimal downtime, in scenarios where Azure's native move was not supported. The production environment could not tolerate extended maintenance windows.

Solution

A migration strategy was executed using database backups, App Service cloning, and IaC-based resource recreation at the destination. Each phase was coordinated with agreed maintenance windows, with cross-RG and cross-subscription dependency validation before every move.

Impact

Zero-downtime migration of 15+ VMs and databases across subscriptions. Business continuity maintained throughout the entire process.

Azure Backup App Service Cloning Disaster Recovery
04 Security Automation & Governance

Challenge

The client needed to audit excessive permissions and enforce security policy compliance across multiple Azure subscriptions. Manual review was slow, error-prone, and unable to scale with the growing environment.

Solution

Advanced PowerShell scripts were developed to generate automated RBAC assignment reports, extract high-privilege roles, and surface access anomalies. Deliverables were structured to directly support the security team's decision-making process.

Impact

80% reduction in permission assignment time. Proactive detection of access anomalies across multiple subscriptions.

Azure RBAC PowerShell
05 Infrastructure Analysis & Remediation Plan

Challenge

The client's Azure environment lacked visibility into orphaned resources, suboptimal configurations, and governance gaps accumulated over time. There was no centralized inventory or periodic review process in place.

Solution

A deep analysis was performed using Cloudockit and Azure Resource Graph to inventory all assets, identify ownerless resources, and detect configuration gaps. The outcome was a prioritized corrective action plan delivered with estimated impact per item.

Impact

Full visibility of 200+ Azure resources in a single report. Prioritized remediation plan delivered to the client.

Azure Resource Graph Cloudockit Governance
06 Cost Optimization (FinOps)

Challenge

The client struggled to estimate and control spending in their dynamic Azure environment, with no tools to translate technical costs into business-understandable terms. The lack of visibility made it hard to justify investments in Reserved Instances or other optimizations.

Solution

Custom calculators and cost estimation reports were designed comparing PAYG, 1y Reserved Instances, and 3y Reserved Instances scenarios. The deliverables allowed the client to align technical spending with their strategic budget and make investment decisions backed by data.

Impact

Identified 30% potential infrastructure cost savings. Technical spending aligned with the client's strategic budget.

Azure Cost Management Excel/PowerBI FinOps
07 Technical Communication & Documentation

Challenge

There was a significant gap between technical teams and business stakeholders when presenting complex architectures or justifying cloud adoption decisions. Purely technical reports failed to generate executive buy-in or shared understanding.

Solution

Detailed documentation and high-impact visual presentations were created using Canva and diagramming tools, aligned with the Cloud Adoption Framework (CAF). The presentations translated technical concepts into business value, facilitating initiative approval and cross-team alignment.

Impact

Technical documentation adopted as the team standard. Reduced comprehension gap between technical and business areas.

Technical Writing Canva Cloud Adoption Framework
Tech Stack

Skills

Technologies, tools and skills I apply in real cloud infrastructure projects.

Cloud
Microsoft Azure
Azure DevOps / ADO
🖥️ Azure Virtual Machines
Azure Functions
🌐 Azure App Service
🗄️ Azure SQL Database
🔑 Azure Key Vault
📦 Azure Storage Account
🔍 Azure Resource Graph + KQL
📊 Azure Advisor
🚀 Azure Migrate
📋 Azure Policy
🛡️ RBAC / Entra ID
🔗 Hub & Spoke Networking
🔒 Private Link / App Gateway
📄 ARM Templates
💰 FinOps
🛡️ Zero Trust
Amazon Web Services
Automation
PowerShell
>_ Azure CLI
📄 ARM Templates
🔍 KQL
Git
GitHub
Terraform
Platform Engineering
Astro
Tailwind CSS
Azure Functions
TypeScript
VS Code
Soft Skills
🤝 Teamwork
🧩 Problem Solving
🗣️ Communication
📋 Organization
🚀 Continuous Learning
🌐 Adaptability
🎯 Negotiation
Professional Ethics
Languages
🇪🇸 Español — Nativo
🇬🇧 English — B2
Contact

If you like my profile, have a proposal, or just want to chat — feel free to reach out.

Email

Send email

LinkedIn

View profile

GitHub

View projects