Updated cv and added downloadable pdf

content/cv.md

@@ -1,10 +1,3 @@
----
-title: "CV"
-type: "cv"
-date: 2026-03-17
-draft: false
----
-
 # NIK AFIQ
 
 Tokyo, Japan
@@ -38,23 +31,42 @@ Designing and operating a distributed RCS consent management pipeline
 (SO→FoRCE) on GCP/GKE connecting a high-traffic notice delivery
 system to a downstream fulfillment API.
 
-- Architected an event-driven pipeline using GKE + Managed Kafka
+- Proposed and led adoption of a Kafka-based queuing architecture
-  (8 partitions, keyed by account_id) + Cloud Spanner, handling a
+  to handle concurrent notification fan-out, identifying it as the
-  global cap of 200 TPS with a 10-second downstream timeout budget
+  correct solution for account_id ordering under 20–40 TPS load
-- Built the Go consumer service (so-notice-receiver) with
+- Designed the request coalescing strategy using singleflight to
-  singleflight coalescing to prevent duplicate in-flight requests,
+  suppress duplicate in-flight downstream calls per account_id
-  and circuit breaker logic to shed load under downstream failure
+- Architected the full event-driven pipeline: GKE + Managed Kafka
+  (8 partitions, keyed by account_id) + Cloud Spanner, with a
+  200 TPS global cap and 10-second downstream timeout budget
+- Designed graceful shutdown sequence for the consumer service,
+  ensuring in-flight requests complete cleanly before pod termination
 - Designed reliable offset commit ordering: offsets committed only
   after durable Spanner write, ensuring at-least-once delivery with
   no data loss on crash
-- Implemented a retry cronjob requeuing up to 5 failed Spanner rows
+- Implemented retry cronjob requeuing up to 5 failed Spanner rows
-  back to Kafka every 5 minutes, with configurable backoff
+  back to Kafka every 5 minutes with configurable backoff
 - Designed a zero-downtime interleaved index migration on a Cloud
   Spanner accounts table under 400 TPS sustained read traffic
-- Right-sized GKE resource configs (CPU/memory requests and limits)
+- Designed OpenTelemetry integration with Datadog, defining trace,
-  from Locust load test data at 40 TPS steady / 120 TPS burst
+  span, and metrics strategy across services; integrated with Wiz
-- Propagated distributed traces across service boundaries for
+  for unified observability and security posture
-  end-to-end production observability
+- Built CI pipeline with semantic version tag enforcement — prevents
+  image tag overwrites while allowing latest to update freely;
+  scoped Workload Identity permissions to read-only minimum
+- Led performance testing with Locust (40 TPS steady / 120 TPS
+  burst); applied results to right-size GKE CPU/memory configs
+- Led TDD adoption for the team and authored development guidelines
+  covering milestone structure, ticket definition-of-done standards,
+  and code review expectations
+- Identified a 1-month deadline slip during mob programming,
+  escalated to leadership, facilitated full task breakdown and
+  schedule re-baseline across the team
+- Stepped up as informal tech lead during a leadership gap —
+  created progression guidelines, maintained ticket quality, and
+  kept formal leadership informed of all decisions and scope
+- Tasked with onboarding and upskilling Phase 2 application team
+  members to raise codebase quality ahead of next release
 
 
 ### 株式会社ニッポンダイナミックシステムズ — Tokyo
@@ -92,18 +104,20 @@ system to a downstream fulfillment API.
 **Frameworks:** Gin, Flask, Next.js, Node.js
 **Cloud — AWS:** ECS/Fargate, Lambda, Aurora/RDS, DynamoDB, Glue,
   CDK, CodePipeline, Bedrock, Secrets Manager
-**Cloud — GCP:** GKE, Cloud Spanner, Managed Kafka (Pub/Sub),
+**Cloud — GCP:** GKE, Cloud Spanner, Managed Kafka, BigQuery,
-  BigQuery, Cloud Trace
+  Cloud Trace
 **Cloud — Azure:** Web Apps, ADB2C, Azure Pipelines
 **Data:** MySQL, Aurora, PostgreSQL, DynamoDB, Cloud Spanner,
   Kafka, Redis
-**DevOps:** Docker, Kubernetes, ArgoCD, CI/CD, IaC (AWS CDK)
+**DevOps:** Docker, Kubernetes, ArgoCD, CI/CD, IaC (AWS CDK,
-**Observability:** Distributed tracing, ELK stack, Kibana
+  Ansible)
+**Observability:** OpenTelemetry, Datadog, distributed tracing,
+  ELK stack, Kibana
 **AI Tooling:** GitHub Copilot (daily coding + code review),
   Gemini (documentation + research), Claude (architecture
   reasoning + coding), AWS Bedrock RAG (production)
 **Security:** VPC, WAF, Security Groups, Secrets Manager,
-  Docker vulnerability scanning
+  Workload Identity, Wiz, Docker vulnerability scanning
 **Other:** Homelab (k3s, self-hosted services, Ansible/IaC),
   personal dev blog at nik4nao.com
 
@@ -146,4 +160,4 @@ added IT minor upon return.*
 - **Homelab:** Self-hosted k3s cluster, Gitea, Jellyfin, Cloudflare
   Tunnel, Ansible-based IaC on Minisforum UM790 Pro
 - **Dev blog / personal site:** nik4nao.com
-- **Self-hosted Git:** git.nik4nao.com (mirrored to github.com/nikafiq)
+- **Self-hosted Git:** gitea.nik4nao.com (mirrored to github.com/nikafiq)