The Problem
High-criticality IT infrastructure requires ongoing maintenance, security updates, and feature development to keep up with evolving needs. The system needs to support a global community of 10k+ users with a full complement of application service provider (SP) systems, and numerous identity providers (IdP) for authentication.
What I Maintain
The entire backend stack:
- Multi-tenant data model — Terraform infrastructure-as-code (IAC) for tenant provisioning and application deployment
- Authentication and authorization — SAML-based authentication with multiple IdPs and group-based authorization
- REST API — OpenAPI spec generated from code annotations for each service
- Real-time notifications — Transactional emails via AWS SES with internal retry logic for guaranteed delivery
- Background job system — periodic tasks (user reminder notifications, data housekeeping, security alerts) run as scheduled jobs with failure alerting
Technical Highlights
Built in PHP with MariaDB database. Authentication username/password, TOTP, and Webauthn passkey. DynamoDB used for access log. The entire system is deployed on AWS ECS and Lambda, with separate environments for staging and production.