Principal AWS Engineer · AI-Native · 25+ years hands-on

Zachary Buckholz

Principal AWS Infrastructure Engineer & AI-Native Architect
Zachary Buckholz

Twenty-five years architecting and scaling mission-critical infrastructure for the highest-stakes environments — from scaling identity platforms to 4 billion+ transactions a day to building production systems for Twitter, PayPal, Ticketmaster, and Pearson. Now applying that depth hands-on: solo-architecting and shipping production serverless AI systems on AWS.

See a live build → MenuComply Career highlights AI builds
4B+/dayIAM transactions scaled (ForgeRock)
0.8 → 0.99APDEX improvement
10ms → 3msauth/authz response time
20M+/daymessages handled (mail platform)
The short version

A deeply hands-on infrastructure engineer — now AI-native

Twenty-five years deep in the systems themselves: scaling, hardening, automating, and reverse-engineering complex production infrastructure. I'm an individual contributor by choice — I do the work, not just direct it. Recently I've been using AI-assisted workflows to reverse-engineer legacy systems, find optimization opportunities, and ship full production systems solo. The builds below are proof: real serverless AWS architectures (Bedrock, Lambda, Cognito, DynamoDB, CDK) designed, deployed, and hardened end-to-end by one person.

Open to fully-remote senior / principal / staff AWS infrastructure & platform engineering roles, and AI-infrastructure work. AWS-native focus.

Have an idea? Let's build it.

I'm also open to collaboration and contract work as time permits. I genuinely love building, architecting, and securing optimal solutions — that's the part I'd do for fun. I'm not a business-acumen guy and I don't pretend to be. So bring me your concept and your idea, and let me help you achieve it — securely, soundly, and profitably.

Career highlights

25 years on high-stakes infrastructure

Selected roles. Full history available on request / LinkedIn.

TwitterPayPalLive Nation / Ticketmaster PearsonBank of AmericaCharles Schwab GoDaddyUniversity of Phoenix
Health Insurance & Fitness (confidential)
Senior AWS Engineer & AI Training Lead
Driving multimillion-dollar AWS cost savings via Compute Optimizer, rightsizing, and refactoring across compute/storage/networking. Adding value through infrastructure automation and performance work for fraud detection and company-wide automation. Leading an AI-enablement program training 100+ employees. Building QuickSight dashboards on serverless data pipelines — no external tooling.
Live Nation / Ticketmaster
Senior Linux Systems & Automation Engineer
Automation engineer managing thousands of systems with Chef. Owned the Chef IaC environment for the EU business unit; US Managed Linux OS team (base images, OS automation). Heavy Git-pipeline automation with Chef, Ansible, Python, Terraform on AWS + Apache CloudStack. Reverse-engineered decade-old code to keep critical systems stable.
Availity, LLC.
Senior Identity & Access Management / Backend Systems Integration Engineer
Ran the IAM stack (ForgeRock) that transacts and audits external requests between payers and payees through the IDM system, at massive scale for the insurance industry. Grew daily IAM transactions from <1B to 4B+, lifted APDEX 0.8 → 0.99, and cut full-stack auth/authz response from 10ms → 3ms.
Pearson Learning Solutions
Infrastructure Architect & Engineer · Identity & Access Management
Architected, deployed, and maintained IAM stacks across three continents (US, EU, APAC) — ForgeRock OpenAM/OpenDJ/OpenIDM + RadiantLogic. Multi-region AWS via CloudFormation + Ansible (EC2, Route53, VPC/VPN, S3, IAM, Lambda, ELB, CloudTrail). Protecting student data — including my own children's — was the top priority. Also ran the internal Atlassian/DevOps stack as IaC — Stash, Confluence, Jira, Jenkins, Bitbucket, Nexus, Crowd — and supported Pearson developers worldwide.
Twitter
Linux Engineer
During a period of substantial growth: pushing out new infrastructure and managing multi-thousand-node Hadoop clusters before lunch. Deployed Linux infrastructure with Kickstart, Puppet, and custom automation; maintained Twitter production systems.
PayPal
Linux Engineer
Upgraded PayPal Linux environments and built out a new data center, with automation as the core tool for standing up the new infrastructure. Linux/Solaris/Windows administration and scripting.
GoDaddy
Linux Administrator
Ran the mail platform handling 20M+ messages/day — plus OpenLDAP (slapd), MySQL clusters, qmail, spam filtering, reverse-engineering of viruses, security-posture hardening, and performance improvements across the board. Also responsible for the customer hosting environments and the support ticketing systems, and built HA hosting environments.
Apollo Group / University of Phoenix
Senior Linux Engineer / Architect
Lead architect on the VMware virtualization project; architect on the Informatica deployment project; led the Oracle Linux adoption project that drove multimillion-dollar savings; project lead / architect for Documentum. Built the enterprise SOX and PCI compliance programs — and was the original inspiration for company-wide adoption of the Ubuntu philosophy. (Earlier roles: Bank of America, Charles Schwab, Zencon — full history on request.)
Hands-on AI builds

Production serverless AI, shipped solo

Not slideware — real, deployed systems. Each was architected, built, and hardened end-to-end by one person using AWS-native services and AI-assisted workflows. Two flagships, then the breadth.

Live

MenuComply ↗ menucomply.com

Regulatory compliance · AI document pipeline

A web app for California's SB-68 allergen-disclosure law: upload a menu (PDF / photo / URL), AI extracts every item and suggests likely allergens, a human verifies each one, and it generates an SB-68-format digital menu, QR code, and printable chart with an audit trail. Strict integrity model — AI suggests, a human verifies, the restaurant owns accuracy. Built around real production constraints: client-side PDF extraction to cut cost ~100×, decoupled parallel AI calls under the API-gateway 30s ceiling, per-account/IP rate limits, a daily Bedrock spend cap, full access logging, and Playwright end-to-end verification on the live site.

AWS CDKLambdaAPI GatewayCognitoDynamoDBBedrock (Claude 4.5 / Nova)CloudFront + S3Next.jsPlaywright
Production · ended externally

Drift MCP Server

DeFi tooling · Model Context Protocol

A production Model Context Protocol server for Drift Protocol perpetual-futures trading on Solana — multi-wallet support, balance management, documented test harness — letting AI agents trade on-chain. Ran in production until Drift Protocol itself was frozen following the April 2026 $285M North-Korean (DPRK) exploit, the largest DeFi hack of 2026. The platform was destroyed; the tooling worked.

MCPSolanaTypeScriptmulti-wallet
Browser Next.js · pdfjs CloudFront S3 static + /api/* API Gateway HTTP API Auth (Cognito) custom screens process-menu extract items suggest-allergens parallel batches menus CRUD JWT-scoped Bedrock Claude 4.5 / Nova DynamoDB menus · limits · audit
Also built
MenuDropTelegram bot + Mini App. Ingested multi-GB Overture places data into DynamoDB; on-the-fly AI menu extraction with heavy input-sanitization & rate limiting. (Retired.)
DrinksDictionaryBot6,200+ cocktail recipes with AI chat and customizable AI bartender personalities, group-chat party games, and AI poker & blackjack dealers. 72 automated tests. Fully serverless. (Live.)
Neural EmpireA functional turn-based multiplayer strategy game re-theming the classic BBS door games (Solar/Barren Realms Elite) around a near-future AI compute arms race — async bot turns, group-chat leagues, deep interlocking economic systems and rock-paper-scissors balance. (Functional game.)
VintageVaultAI-governed autonomous marketplace concept — orchestrator + advisor models, fraud detection, human kill switch. (Prototype.)
Osmosis BotServerless Cosmos/Osmosis trading bot — Python CDK, Docker Lambda, EventBridge, Secrets Manager, trade journal. (Prototype.)
Core competencies

Depth across the stack

Cloud & Infrastructure

AWS — EC2, Lambda, EKS, VPC, Route53, S3, IAM, CloudFormation, CloudTrail, ELB, QuickSight, Compute Optimizer, Bedrock. Apache CloudStack, VMware/vSphere.

Automation & IaC

Terraform, Ansible, Chef, Puppet, CloudFormation, AWS CDK, GitLab CI/CD, Jenkins, Rundeck.

Identity & Access

ForgeRock (OpenAM, OpenDJ, OpenIDM), RadiantLogic, SAML, OAuth, Cognito.

Languages & low-level

Python, Ruby, Bash/Shell, TypeScript, Perl, PHP, C, C++. Low-level kernel/system debugging (e.g. SoftICE). These days I'm 100% AI-first — I direct and review rather than hand-type code.

Platforms

Linux (RHEL, Oracle, Ubuntu), Solaris, AIX, Hadoop.

AI & Analytics

Generative AI, AI-assisted workflows, Amazon Bedrock, serverless data pipelines, QuickSight, MLOps.

Methodologies

DevOps, SRE, Infrastructure as Code, SOX/PCI compliance, large-scale cost optimization.

Scale delivered

4B+ daily IAM transactions · 20M+ daily messages · multi-region production · sub-3ms auth at scale.