Legara

Lead Infrastructure & Data Engineer · Aug 2024–present

Legara

AWSPythonPostgreSQLMongoDBDockerRocket.ChatETLEdgeRouter-12+6 more

Overview

Architected complete healthcare infrastructure from scratch: HIPAA-compliant cloud architecture (AWS, ERP, ETL) and enterprise network (dual-WAN, VPN, IPsec, 5+ isolated zones). Achieved 99.9% uptime with self-healing automation and zero manual intervention during failures.

Part 1: Cloud Infrastructure & Healthcare ERP

Architected HIPAA-compliant AWS infrastructure and healthcare data management system

What I Built

  • Architected HIPAA-compliant AWS infrastructure with public/private subnets, ALB for high availability, and centralized secrets management
  • Deployed Rocket.Chat with Docker Compose on EC2 and secured MongoDB connections with TLS
  • Designed and optimized HIPAA-compliant ERP system for multi-client healthcare data management
  • Built ETL pipelines and data solutions that automate invoice generation for various clients
  • Implemented comprehensive logging/audit trails to S3/CloudWatch with access controls, MFA, and SSO

Technologies Used

AWSPythonPostgreSQLMongoDBDockerRocket.ChatETL

Part 2: Enterprise Network & Security Infrastructure

Built resilient network with dual-WAN, VPN tunnels, and self-healing automation

What I Built

  • Architected EdgeRouter-12 network with dual-WAN (AT&T Fiber + FirstNet cellular), load balancing, and automatic failover
  • Implemented 5+ isolated network segments: Management, General, DMZ, HIPAA-compliant ePHI zone with zone-based firewalls
  • Deployed dual-layer VPN infrastructure: OpenVPN remote access (UDP 443, certificate-based auth) + IPsec site-to-site tunnel (IKEv2, AES-256)
  • Developed bash automation script for self-healing infrastructure: monitors load balancer, detects WAN failover, dynamically reconfigures IPsec via Vyatta API
  • Enabled secure remote access to eCW Electronic Medical Records system for clinical staff from any location

Technologies Used

EdgeRouter-12EdgeOS/VyattaOpenVPNIPsec/strongSwanLinuxBashZone-Based Firewalls

Combined Impact & Results

  • Achieved 99.9% uptime with zero manual intervention during WAN failures
  • Automatic recovery from failover events in under 60 seconds
  • Transformed data infrastructure for scalable, real-time data access and reporting
  • Automated invoice generation, significantly reducing manual workload and increasing accuracy
  • Maintained strict HIPAA compliance through network isolation, encryption, and comprehensive audit trails
  • Enabled secure remote EMR access while eliminating dependency on less secure methods