Service Design
APIs, service boundaries, data contracts, and event flows shaped around maintainable production behavior.
Backend & Cloud Engineer
Backend engineer with production ownership mindset.
I build and operate backend services on AWS — serverless architecture, customer identity (Auth0/IAM), observability, and the engineering discipline that keeps systems reliable at scale.
Canadian Open Work Permit (IEC) — no sponsorship or LMIA required. Targeting Calgary or remote across Canada.
Work focus
Production systems work with operational ownership.
The same theme runs through the page: I care about backend work that can be understood, operated, and improved after launch.
Identity & Access
Auth0, IAM, customer identity, permission scopes, and the cross-team coordination those systems demand in regulated environments.
Delivery Quality
Small, explainable changes backed by CI/CD, observability, dependency hygiene, and practical incident response.
Delivery approach
How I ship and maintain software.
- Design backend services around clear contracts, predictable failure modes, and maintainable delivery paths.
- Make platform tradeoffs explicit before they become production constraints.
- Keep delivery, monitoring, and ownership close to the feature work.
Engineering stance
Clear interfaces, predictable operations, and systems that surface problems before they escalate.
Strong ownership signals come from the same basics every time: clear interfaces, deployment confidence, and visibility early enough to act.
Achievements
What I have shipped and improved.
IAM Platform Ownership
Built and maintain Auth0-based customer login and authorization services used by multiple internal teams across freenet Mobilfunk and Klarmobil.
Cloud Infrastructure Delivery
Developed and operated serverless AWS services with IaC, scalable architectures, and Glue-based data pipelines across a 3-year tenure at Fielmann.
Operational Reliability
Introduced Datadog and CloudWatch observability with dashboards, alerting, and incident response. Established Sentry triage turning production alarms into actionable tickets.
Team Enablement
Onboarded and mentored engineers, drove knowledge transfer, and improved technical documentation across 3 years. Invited into an internal software architecture group.
AI-Assisted Engineering
Active practitioner of AI-first development with GitHub Copilot, Cursor AI, repository-level AI instructions, and MCP-based context integration.
Security & Compliance
Implemented penetration testing, GDPR-compliant logging, authentication security controls, and dependency hygiene across production services.
Selected Engineering Patterns
Selected work I contributed to in team-built backend systems.
These examples focus on the architecture patterns, responsibilities, and engineering tradeoffs behind the work: the parts that are useful to discuss without showing private source code or internal project material.
Backend work made tangible
API contracts, consent gates, private connectivity, event flows, canaries, and reliability controls are the visible artifacts of systems that otherwise live behind the scenes.
Digital Wallet Integration
A wallet-pass backend for mobile pass creation, registration, updates, callbacks, and deletion flows across wallet providers.
Flow
01
Client app
02
Pass API
03
Wallet provider
04
Lifecycle events
Turns wallet provider callbacks into an auditable pass lifecycle.
Contribution
Led the Apple Wallet implementation and helped shape the shared API contract, lifecycle behavior, callback handling, CORS/security controls, and synthetic test coverage.
TypeScriptAWS LambdaAPI GatewayCDKWallet APIs
Consent-Gated Order Data API
A typed order-data boundary that unified multiple order sources behind a consent-aware GraphQL/API layer for consuming applications.
Flow
01
Order sources
02
Mapping layer
03
Consent gate
04
Typed API
Makes multiple order sources appear as one consent-aware product API.
Contribution
Worked with a teammate and an external AWS architect on the domain model, data mapping, resolver behavior, canary coverage, and private connectivity inside a solution-architecture-led AppSync design.
GraphQLAppSyncDynamoDBVPCCanaries
Serverless Backend Skeleton / Medical Measurement APIs
A broad REST API surface for medical measurement domains that became a reusable template for later serverless backends.
Flow
01
Clients
02
API/WAF/Auth
03
Lambda services
04
Data stores
Shows how a strong backend template reduces repeat architecture work.
Contribution
Built and extended REST APIs on top of a strong shared foundation, then helped carry the proven patterns into later services: contracts, deployment structure, monitoring, and operational safeguards.
RESTWAF/AuthDynamoDBS3EventBridge
Privacy Workflow & Private Connectivity
An asynchronous privacy workflow around deletion requests, private service access, request tracking, and status-oriented API design.
Flow
01
Request API
02
Private network
03
Workflow
04
Status API
Separates request handling, private access, workflow progress, and status checks.
Contribution
Focused on the private-network integration and surrounding API layer, connecting services through VPC access patterns while the broader workflow orchestration stayed team-owned.
GDPRPrivate APIVPCLambdaStatus tracking
Toolkit
The tools behind the work.
A compact stack map for the systems above: backend delivery, cloud infrastructure, identity, and production feedback loops.
Runtime
TypeScript services, serverless AWS architecture, Infrastructure as Code, and CI/CD pipelines.
Identity
Auth0, IAM, authorization scopes, client permissions, and privacy-aware access boundaries.
Feedback
Datadog, CloudWatch, Sentry, dashboards, alerting, and production error triage.
Experience
Six years of shipping backend systems.
From internal tooling to customer-facing IAM platforms — each role with increasing ownership of production services, cloud infrastructure, and cross-team delivery.
freenet DLS GmbH
Nov 2025 — PresentSoftware Engineer
Own backend services for Auth0-based customer login and authorization across freenet Mobilfunk and Klarmobil. Introduced Sentry triage and repository-care practices.
Fielmann Group AG
Nov 2022 — Oct 2025Software Engineer
Built and operated serverless AWS backend services for 3 years. Introduced observability with Datadog/CloudWatch, designed data pipelines, and owned operational reliability.
1&1 Versatel Deutschland GmbH
May 2019 — Jul 2022Working Student, Full-Stack
Internal tools and customer-contact systems in a telecom enterprise while completing a B.Sc. in Applied Computer Science.
Contact
Available for backend and cloud roles in Canada.
Holding a Canadian Open Work Permit (IEC) — no sponsorship or LMIA required. Targeting Calgary or remote positions. Open to conversations about backend, cloud, platform, and serverless engineering work.