Backend Security &Authorization Engineer
I design high-performance authorization engines,zero-trust architectures, and secure multi-tenant systems.
Specializing in systems where a single authorization bug can leak millions of records.
What I Build
Four domains where I operate at production depth — not tutorial depth.
IAM & Authorization
Policy Decision Points, RBAC/ABAC engines, OAuth 2.1 / FAPI 2.0, DPoP token binding.
SaaS & Multi-Tenant Data
PostgreSQL RLS, tenant isolation at database layer, WORM audit ledgers, IPFS archiving.
Zero Trust Networks
OpenZiti dark services (0 open ports), mTLS X.509, cross-layer identity binding.
Distributed Systems
gRPC + Protobuf microservices, in-memory data structures, lock-free concurrency, sync.Pool.
Numbers That Matter
Measured on production-grade hardware under sustained load. Not synthetic. Not average.
Case Studies
Three production systems built from scratch. Each solving a real, high-severity security problem.
Microservice Authorization Bottleneck
- Generic engines (OPA) suffer from AST traversal latency spikes under heavy load.
- High GC memory pressure due to dynamic JSON object allocation per evaluation.
- Mutex lock contention blocks parallel policy reads during hot reloads.
- OPA requires ~150 MB+ RAM for 10K policies vs 25 MB for custom trie.
Defense-in-Depth
Security is not a feature. It's a layered architecture. Each layer assumes the one above it has already been breached.
Never Trust, Always Verify
Every request is authenticated and authorized regardless of network location. Internal does not mean trusted.
Assume Breach
Design systems as if the perimeter is already compromised. Lateral movement must be impossible even for authenticated identities.
Least Privilege
Every principal (user, service, token) receives the minimum permissions required — enforced at the database layer, not the UI.
Verify Explicitly
Authorization decisions use all available signals: identity, device state, location, and time — not just a valid token.
System Architecture
Interactive architecture diagrams for each project. Each layer is independently verifiable.
Skills Matrix
Technologies I use at production depth — each backed by a real shipped system.
Commit Telemetry
Real commit activity pattern across 3 active security projects.
Ready to BuildSecure Systems?
Available for backend security contracts, architecture consulting, and authorization system design.