Work

Real-Time Event Streaming Platform

The existing batch-based ETL pipeline introduced 15–20 minutes of data lag, making it impossible to power live dashboards or trigger time-sensitive automated workflows for enterprise customers.

• Architected a Kafka-based event streaming topology replacing a legacy cron-driven ETL system.
• Designed idempotent consumer groups with exactly-once semantics, eliminating duplicate processing across service restarts.
• Built a backpressure mechanism that gracefully degrades under traffic spikes without dropping events.
• Instrumented end-to-end latency with OpenTelemetry; set up alerting on p99 lag metrics.
• Wrote comprehensive runbooks and onboarded 3 engineers to own the system post-launch.

Reduced data lag from ~18 minutes to under 3 seconds at p99. Pipeline now processes 500k+ events/day with no data loss incidents since launch.

Monolith-to-Microservices Migration

A tightly-coupled Rails codebase with 300k+ lines had become a bottleneck: a change in the billing module required a full-suite test run and risked breaking unrelated features. Deploy frequency was capped at twice per week.

• Facilitated domain-modelling workshops with product and engineering to define service boundaries using Domain-Driven Design principles.
• Established an inter-service API contract protocol (OpenAPI + contract testing) before writing a single line of service code.
• Introduced a service mesh (Linkerd) for mTLS, observability, and load balancing between services.
• Used the Strangler Fig pattern to route traffic incrementally — zero big-bang cutover.
• Migrated 6 domains over 14 months with no production outages attributable to the migration itself.

Teams can now deploy independently up to 15× per day. Incident blast radius dropped significantly — a bug in one domain no longer cascades across the platform.

Internal Component Library & Design System

Four separate product teams were maintaining their own button components, form primitives, and modal patterns — leading to a fragmented product experience and duplicated engineering effort.

• Conducted a component audit across all four products to identify overlapping primitives and diverging patterns.
• Designed a token-based theming architecture (color, spacing, typography) that allowed product-level customisation without forking components.
• Built 60+ accessible components (WCAG 2.1 AA) with TypeScript, React, and Radix UI primitives.
• Set up Storybook with Chromatic for visual regression testing on every PR.
• Wrote migration guides and held office hours to support adoption across teams.

All 4 product teams migrated within 3 months. New feature UI now takes 30–40% less time to build. Zero accessibility audit findings on components covered by the library.

Multi-Tenant SaaS Platform

The company was entering a new enterprise market that required strict data isolation, SSO integration, and per-customer permission models — none of which existed in the existing product.

• Chose a hybrid multi-tenancy model: shared compute with schema-level data isolation in PostgreSQL.
• Built a RBAC engine supporting up to 4 role tiers and 200+ granular permissions, evaluated at the API gateway layer.
• Integrated with SAML 2.0 and OIDC for enterprise SSO (Okta, Azure AD, Google Workspace).
• Implemented per-tenant feature flags backed by a lightweight flag service, enabling safe rollouts to specific customers.
• Designed audit logging that captured every state-changing operation for compliance requirements.

Platform onboarded first 3 enterprise customers within 6 weeks of launch. Passed SOC 2 Type I audit with no major findings.

End-to-End Encrypted Messaging

Healthcare regulations required that message contents be unreadable to the platform itself. Existing solutions were either too complex to implement correctly or didn't integrate with the existing React Native mobile client.

• Implemented the Signal Protocol (libsodium bindings) for key exchange and message encryption.
• Designed a key management service that handled device registration, key rotation, and multi-device sync.
• Built the React Native client-side encryption layer with a clean abstraction so product engineers didn't need to reason about cryptography.
• Wrote a threat model document reviewed by an external security auditor.
• Shipped with 100% unit test coverage on the encryption primitives.

Feature passed HIPAA technical safeguards review. Zero security findings in subsequent penetration test. Became a key differentiator in enterprise sales conversations.

CI/CD Pipeline Optimisation

A monorepo with a slow, unparallelised test suite meant engineers waited nearly 30 minutes per PR. CI costs were unsustainable, and the slow feedback loop was degrading morale and merge frequency.

• Audited the existing GitHub Actions pipeline to identify bottlenecks — 60% of time was in a single sequential test job.
• Introduced affected-package detection (using nx affected) to run only tests relevant to changed code.
• Parallelised the test suite across 8 workers using Jest's --shard flag and GitHub Actions job matrices.
• Set up remote build caching (Nx Cloud) to skip unchanged build artifacts.
• Added pre-merge lint and type-check as a fast-fail step (< 90 seconds) before the full test suite.

Median CI time dropped from 28 min to 6:45 min. Monthly CI costs reduced by 62%. PR merge frequency increased by ~2× within the first month.

Open-Source Contributions

• Contributed a query-batching optimisation to Prisma ORM that reduced N+1 query patterns in many-to-many relations.
• Fixed a type inference bug in tRPC that affected nested router procedures — PR merged within 48 hours.
• Authored an open-source CLI scaffolding tool for Go microservices (100+ GitHub stars).
• Regularly review issues and mentor first-time contributors in the communities I am part of.