Mohith Pukale

Principal Software Engineer · Identity & Cloud Infrastructure

I build the identity and access infrastructure that cloud regions depend on — authorization services, hardware-backed authentication, and the automation that turns a manual, multi-week region bring-up into a repeatable one. I care most about the unglamorous work: breaking dependency cycles, replacing runbooks with code, and leaving behind systems other teams can operate without me.

Seattle, WA Oracle Cloud Infrastructure MS Computer Science, UC Santa Barbara
Portrait of Mohith Pukale
What I do

Where I spend my time

Most of my work lives at the seam between identity, infrastructure, and the operational reality of running a cloud in places with hard constraints.

Identity & Access

Authorization services, identity provider federation, just-in-time access, directory synchronization, and periodic access review. Designing auth paths that stay correct when the network doesn't cooperate.

Hardware-Backed Auth

Security key programming and lifecycle tooling across Windows and Linux, certificate-based workstation login, and migrating login flows from one-time passwords to phishing-resistant U2F.

Cloud Region Automation

Turning region bring-up into infrastructure as code — provisioning providers, bootstrap sequencing, and removing the manual touch points that make each new region an exception.

Distributed Systems

Multi-region failover and disaster recovery, batching and backpressure in directory pipelines, dynamic configuration for degraded regions, and data platforms that recover from failure on their own.

Experience

Professional background

Work at Oracle is described in general terms — internal program and system names are omitted.

Principal Software Engineer

August 2019 — Present
Oracle Cloud Infrastructure · Seattle, WA

Access management and enforcement. I own identity and authorization infrastructure for isolated, sovereign, and dedicated cloud environments, and lead the cross-team programs that get those environments stood up and kept running.

  • Led design and delivery of the identity and permissions capabilities required for fully automated region bring-up, so new regions bootstrap policy provisioning and directory synchronization without manual intervention.
  • Broke a cyclic dependency between the internal authorization platform and a legacy corporate identity provider, clearing the path to a modern provider with phishing-resistant hardware login in place of one-time passwords.
  • Led the effort to identify users affected by that identity provider migration and to move them onto new credentials without loss of access.
  • Authored the infrastructure-as-code provider for the authorization service, letting partner teams declare access resources directly instead of filing requests. Cut resource-creation time roughly 50% for our largest partner team, and extended the provider with owner groups and membership separation as adoption grew.
  • Led automation of credential rotation for a security hardening initiative — standing up the rotator service, adding service-principal support across internal and customer-facing environments, and integrating an SSH certificate authority. Rotations dropped to under 5 minutes per secret with minimal manual involvement.
  • Built security-key programming and lifecycle tooling for Windows, Oracle Linux, and secure-facility environments, including certificate provisioning for multi-factor workstation login. Regional teams could then program and distribute keys for 1,000+ users locally instead of depending on shipping from a single site.
  • Reduced the entities under periodic access review from ~5,000 to ~200 by switching the reviewed entity from resources and groups to users carrying an eligibility attribute, cutting reviewer load without loss of coverage.
  • Led design and delivery of an isolated administrative environment that gives internal support engineers scoped, audited access to dedicated cloud distributions, integrating console, plugin, and partner applications, and drove it through architecture and security review boards. Bootstrapped the resulting environments and automated their resource creation to remove most manual touch points.
  • Built disaster recovery and multi-region administrative login with downstream partner teams, so dedicated regions stay reachable during a regional failure, and added per-region timeout controls with dynamic adjustment for regions on degraded networks.
  • Stood up a Windows Active Directory proof of concept end to end — network, jump hosts, gateway, directory, and group policy login — then designed the pre-production and production architecture as a reusable blueprint for future customers.
  • Refactored a single-purpose directory syncer into a generic job that synchronizes to multiple identity domains, and added batching to the directory update pipeline — splitting a bulk change across ~40k accounts into batches of 500 so it landed incrementally instead of blocking the pipeline on a single long-running thread.
  • Mentor engineers through onboarding and their first designs, run brown-bag sessions and runbooks for the processes I own, and act as the technical point of contact for partner teams and program managers.

Graduate Student Researcher

June 2018 — August 2018
UC Santa Barbara

Built a fault-tolerant oblivious data store — cloud storage that provides availability and privacy by hiding data access patterns from the storage provider itself.

  • Adapted existing fault-tolerant storage systems to incorporate Oblivious RAM.
  • Designed the components responsible for concealing access patterns, and analyzed the resulting security and throughput trade-offs.

Software Developer

August 2015 — August 2017
Amazon · Seattle, WA

Consumer Knowledge Platform — a data engineering team building the platform for data access and big-data workflows.

  • Re-architected the core service with a new data model and metrics, leading to 25% faster response times.
  • Reduced operational load 15% by decomposing a monolithic service into a federated one.
  • Implemented automated recovery for big-data analytics workflows, along with failure and delay notification.

Software Developer Intern

January 2015 — July 2015
Amazon

Consumer Marketing Analytics — measuring downstream impact and customer behavior.

  • Improved the analytics portal with interactive graphing, report generation, and pagination.
  • Automated aggregation and publishing of customer scores using Apache Pig and AWS workflow services.

Software Developer Intern

June 2014 — August 2014
Intuit

QuickBooks Online — accounting and ledger software for small and medium businesses.

  • Built a service that masks sensitive production data for use by QA engineers.
  • Reduced request time for that service 20% by moving its backend from MySQL to MongoDB.
Toolkit

Skills & technologies

Languages

  • Go
  • Java
  • Python
  • C
  • Bash
  • SQL
  • PowerShell

Identity & Security

  • OAuth 2.0
  • SAML
  • OIDC
  • LDAP
  • Active Directory
  • PKI & certificates
  • FIDO U2F
  • YubiKey
  • SSH CA
  • Secret rotation
  • Cryptography

Cloud & Infrastructure

  • Oracle Cloud Infrastructure
  • AWS
  • Infrastructure as code
  • Terraform-style providers
  • Network & VCN design
  • Disaster recovery
  • CI/CD
  • Linux

Data & Platforms

  • Distributed systems
  • MySQL
  • MongoDB
  • Apache Hadoop
  • Apache Pig
  • NumPy & SciPy
  • Elasticsearch
  • Solr
Education

Academic background

University of California, Santa Barbara

Master of Science, Computer Science
September 2017 — June 2019

GPA: 3.9 / 4.0

Coursework: Advanced Topics in Security, Advanced Topics in Cryptography, Cloud Computing, Information Retrieval.

PES Institute of Technology

Bachelor of Engineering, Information Science & Engineering
September 2011 — June 2015

GPA: 9.25 / 10

Electives: Computer & Network Security, Natural Language Processing, Data Mining.

Let's talk

I'm based in Seattle, WA. If you're working on identity, cloud infrastructure, or distributed systems — or just want to compare notes — I'd be glad to hear from you.