Software Engineer
Jun 2020 — May 2022 | Perth, Australia
About
AI-powered radiology reporting platform. Automates ultrasound image analysis, DICOM measurement extraction, and diagnostic report generation for sonographers and radiologists. Integrates with hospital PACS and HIS systems.
Responsibilities
No infrastructure existed. No CI/CD, no monitoring, no automation, no security posture. I built everything from the ground up across 4 environments (dev, test, staging, prod). Worked across infrastructure, deployment pipelines, security compliance, and server management for a platform handling DICOM medical imaging data with strict healthcare privacy requirements.
Highlights
The ultrasound reporting platform ran at full capacity 24/7 despite predictable radiologist usage patterns, peak from 7AM to 8PM with quiet evenings and weekends. Proposed and implemented scheduled scaling to match radiologist shifts with warm instance strategies so the system was ready before the morning rush. Off-peak infrastructure costs dropped by 40% with no slowdowns during peak hours.
Redesigned the deployment from a flat network to a 3-tier architecture with public, private, and data tiers. Web servers in public subnets behind a load balancer, application servers in private subnets accessible only through a bastion host, and databases in isolated subnets with no internet access. All production access required VPN connection first. Before this, every server was reachable from everywhere.
Server configuration was manual and inconsistent across 30+ machines. Wrote Ansible playbooks to standardise everything. Configuration time dropped by 50%. New server setup went from a full day to under an hour.
Built a single-pane support dashboard in CloudWatch so the support team could enter a case ID and see the full request lifecycle in one place — frontend logs, backend API responses, database queries, and error traces. Before this, support was raising tickets to engineering for every customer issue. After, they resolved 60-70% of issues themselves without waiting for an engineer.
Deployed Wazuh across all production servers for intrusion detection, file integrity monitoring, and vulnerability scanning. Completed PCI, ISO, and VAPT audits. First time the company had proper security tooling in place.