Available for opportunities

Hongqian
Li

AI & Cloud Engineer — Tampere, Finland

Specialising in secure and privacy-conscious AI systems on Azure.

I build AI systems — and I can explain them to anyone in the room.

View WorkGet in Touch
hongqi4nli@gmail.com·GitHub·LinkedIn
Hongqian Li
Scroll
Selected Work

Projects

01

Privacy-Conscious AI Support System

Tech Stack

PythonFlaskChromaDBOllamaMCP ServerRAG

Context

Derived from the thesis architecture, for the student housing queries I handled at HAMK's service desk.

System

RAG pipeline over a verified knowledge base with a custom MCP server exposing four live tools (VR train schedules, weather, housing listings, web search). Deterministic classifier routes sensitive queries to human support before any LLM processing. Fail-safe design: uncertain inputs route to human support, not to the model.

Engineering Highlight

LLM-first routing was abandoned due to inconsistent behaviour across models, which led to adopting deterministic-first classification for auditability and GDPR compliance.

GitHub
02

Azure Private Network File Sharing System

Tech Stack

AzureTerraformPythonFlaskBlob StorageAzure SQL

Context

Erasmus cloud computing capstone at UAS Technikum Wien (2025/26): secure file sharing deployed on Azure with no manual portal configuration.

System

Three-tier private network: Application Gateway as the only public entry point, App Service on a delegated subnet, Blob Storage and SQL behind private endpoints. Application Insights for monitoring; secrets injected via Terraform environment variables, no hardcoded credentials.

Engineering Highlight

Entire infrastructure across five phases provisioned through Terraform, with an estimated monthly cost of €237 (Norway East, Dec 2025). App Gateway accounts for 78% of spend.

GitHub
Bachelor's Thesis

Security by Design
for Enterprise AI Chatbots

Graduating June 2026 · HAMK Häme University of Applied Sciences

PythonFlaskAzureTerraformChromaDBRAGGDPREU AI Act
Read full thesis →

System Context

A GDPR Article 9 sensitive query was processed directly by an LLM in HAMK's public chatbot without prior detection or routing controls. It was treated like any other request. This thesis designed a privacy-first RAG architecture combining a verified knowledge base (ChromaDB), deterministic classification layers, and selective LLM inference: safe queries answered from the knowledge base; sensitive ones routed to human support.

Decision Point

An initial prototype used an LLM-based classifier as the primary routing mechanism. The system showed inconsistent outputs across models (gpt-4o-mini vs llama3.2), making the LLM-based classifier unreliable for auditability. This led to a redesign: deterministic rules became the primary control layer, with LLMs downgraded to a fallback role.

Defense-in-Depth Architecture

01Most reliable layer

Keyword Detection

GDPR Article 9

Rule-based filtering for GDPR Article 9 special categories: health, religion, ethnicity, political opinion, biometric data. Flags both direct mentions and indirect references before any model is involved.

02Stops manipulation

Prompt Injection Filter

Anti-manipulation

Pattern-based detection for attempts to override privacy constraints ("Ignore previous instructions..."). Stops adversarial inputs before they reach the LLM.

03Last resort only

LLM Fallback

Context classification

llama3.2 (local) and gpt-4o-mini (Azure) serve as last-resort classifiers for ambiguous inputs. LLMs are the weakest layer, used only after deterministic checks pass.

Engineering Insights

LLM behaviour on sensitive inputs is model-dependent and cannot be reliably audited across deployments.

Deterministic preprocessing is required for GDPR-compliant systems in production.

Rule-based filters will generate false positives, but under GDPR this is acceptable compared to missed sensitive data.

Key Outcome

The system prioritises auditability and regulatory compliance over model autonomy, making it suitable for production systems handling sensitive personal data under GDPR.

Test Coverage · Local & Azure

4 input categories · verified across local and Azure · correct classification on all test inputs

Type 1

General queries

Type 2

Direct sensitive data

Type 3

Indirect sensitive data

Type 4

Prompt injection attacks

Tech Stack

What I Build
With

Python, Azure, Terraform, and privacy-first AI. Experience in both local development and cloud deployment on Azure.

Core
AzureTerraformPythonFlaskDockerLinuxSQLGitGitHub ActionsRAG PipelinesChromaDB
Working knowledge
KubernetesMCP ServersLLM IntegrationHugging FacePrompt EngineeringAzure DevOps
Focus
Secure AI SystemsGDPR-compliant DesignCloud-native InfrastructurePrivacy by Design
Also worked with
NginxApacheJavaUiPathRobot FrameworkOutSystemsGoogle Analytics
Also exploring
LangChainN8N
Background

Not a straight
line

My path from broadcast hosting and client-facing roles to software engineering is non-linear. I have led presentations across professional and academic settings: Demola National Finals (Business Finland), Hämeenlinna City Hall, and RUN-EU BIP Smart Everything, where I was recognised as one of the best presenters. The same applies to technical demos and explaining AI systems to non-technical audiences.

RUN-EU: Future Explorations

FHV, Vorarlberg, Austria

Apr – May 2026

Designed a smart curtain prototype for Getzner Textil AG that regulates indoor temperature, lighting, and wellbeing (simulated daylight for vitamin D) using embedded intelligence. Multicultural international team project.

Thesis – Security by Design for Enterprise AI Chatbots

HAMK Häme University of Applied Sciences, Hämeenlinna, Finland

Feb – May 2026

Designed and built a GDPR-compliant AI chatbot on Azure with Terraform. Researched Security by Design for enterprise AI. Grade 5/5.

Exchange Semester – IT Infrastructure & Cloud Computing

UAS Technikum Wien, Vienna, Austria

Sep 2025 – Jan 2026

Five months in Vienna as an Erasmus student. Worked alongside students from many different countries across Europe, Asia, and the Americas. Focused on cloud computing and IT infrastructure, with additional courses spanning industrial informatics, Python, and international marketing.

Project Intern

HAMK Häme University of Applied Sciences, Hämeenlinna, Finland

Jun – Aug 2025

Invited to join based on my previous experience at HAMK and local knowledge of Hämeenlinna. The project aimed to increase the number of students staying in Hämeenlinna after graduation. Ran a full design thinking cycle: user research with 30+ student interviews, problem definition, prototype design (Figma, 8 screens), and presented findings and implementation decisions to non-technical stakeholders at Hämeenlinna City Hall.

RUN-EU: BIP Smart Everything

Universidad de Burgos, Burgos, Spain

Apr – May 2025

Built an AI tool to process paper and digital invoices: automatic data extraction, calculations, and summaries. Coded front-end and integrated AI models using Python and Hugging Face. Recognised as one of the best presenters at the final showcase.

GitHub ↗

Demola Global Innovator

Tampere, Finland

Oct – Dec 2024

Collaborated on the 'AI where you need it?' innovation project. Designed and prototyped Content Pilot, a concept for an AI tool for content creators. Conducted user research, iterated on product design, visited M-Files office, and presented at Demola National Finals supported by Business Finland.

View Certificate ↗

RUN-EU: Game Changing Games

IPCA, Barcelos, Portugal

Oct – Nov 2024

Designed 3D game environments in Unity (modern and ancient eras). Coded game menu and NPC panel in C#.

View Certificate ↗

Summer Employee / Customer Service

HAMK Häme University of Applied Sciences, Hämeenlinna, Finland

May – Aug 2024

First summer job in Finland. Handled 30+ daily student inquiries about housing, arrival, and orientation. Tracked 900+ requests in Excel. Coordinated arrival logistics for 100+ international students. Received positive recognition from the HAMK kiinteistöpalvelut team.

Started BBA – Degree Programme in Computer Applications (DevOps / Delivering Software Products)

HAMK Häme University of Applied Sciences, Hämeenlinna, Finland

Aug 2023

Career pivot: moved from China to Finland to build a core IT foundation, covering programming, web development, data, machine learning, and automation. The degree led to a focus on software and cloud engineering.

Student Development Coach

Easyke · Beijing Fanyou Education Technology, Chengdu, Sichuan, China

Oct 2020 – Aug 2023

Guided 100+ Chinese students pursuing education abroad (Australia, Canada, UK) with study plans and course selection. Weekly check-ins with students and parents. Handled daily administrative issues, subscription renewals, and customer follow-ups.

Progress Advisor & MC

EF English First, Chengdu, Sichuan, China

Dec 2018 – Apr 2020

Worked with students aged 3–8 on study planning. Served as NPS specialist, helped drive campus NPS into the top 10 nationally across all EF China campuses. Managed student retention. Hosted the annual gala event twice as MC and provided voice-over for awards ceremony videos.

Bachelor of Fine Arts – Broadcasting and Hosting

Sichuan University of Media and Communications (SUMC), Chengdu, China

2014 – 2018

Trained in broadcast journalism, on-camera presentation, and deadline-driven production.

Personal

Beyond the
Terminal

Photography is how I slow down and pay attention. The same instinct that frames a shot frames a problem, a system, an explanation.

Photography 1
Photography 2
Photography 3
Photography 4
Photography 5
Photography 6
Photography 7
Photography 8
Contact

Let's
talk.

I'm looking for roles in AI application development and cloud engineering, particularly where privacy-aware AI or Azure infrastructure is part of the brief. Based in Finland, open to hybrid or remote across the EU.

Emailhongqi4nli@gmail.comGitHubgithub.com/hongqian-liLinkedInlinkedin.com/in/hongqian-li
Languages
Chinese NativeEnglish ProfessionalFinnish A2

Hongqian Li · Tampere, Finland · 2026

Built with Next.js · Deployed on Vercel