diff --git a/content/cv.md b/content/cv.md index b019d94..ca3d434 100644 --- a/content/cv.md +++ b/content/cv.md @@ -8,16 +8,41 @@ nik@nik4nao.com | github.com/nikafiq | nik4nao.com ## PROFESSIONAL SUMMARY -Backend engineer with 3 years of professional experience designing and -operating distributed, high-throughput systems on GCP and AWS. Core -expertise in Go and Python, with hands-on production experience in -event-driven microservices, Kafka-based pipelines, Kubernetes, and -cloud-native data infrastructure. Comfortable operating systems at -hundreds of TPS with reliability and zero-downtime migration -constraints. Trilingual (English, Japanese N1, Malay) — routinely -bridges Japanese and overseas engineering teams. Actively integrates -AI tooling (GitHub Copilot, Gemini, Claude) into daily coding, -review, and documentation workflows. +Backend engineer with 3 years of professional experience designing, +building, and operating distributed backend systems on GCP and AWS. +Strong in Go and Python, with hands-on production experience in +high-throughput event-driven services, Kafka-based pipelines, +Kubernetes, and cloud-native data platforms. Experienced in designing +systems with strict reliability, ordering, idempotency, retry safety, +and production-safe migration requirements. Applies AI/LLM tools with +deliberate guardrails in daily workflows. Trilingual in English, +Japanese (JLPT N1), and Malay. Strong typed-language foundation and +able to ramp quickly into Java backend development. + + +--- + +## SELECTED HIGHLIGHTS + +- Designed and operated a Kafka + GKE + Cloud Spanner backend pipeline + for correctness-sensitive, high-throughput user data synchronization + with per-account_id ordering, at-least-once delivery, and durable + retry handling. + +- Architected event-driven backend services under constraints including + 100–120 TPS steady load, 600 TPS burst, 1500 TPS downstream cap, and + 1500 TPS sustained Spanner read traffic across two production services. + +- Achieved ~30% fewer duplicate downstream calls via singleflight + coalescing; separately refactored a 1500 TPS Spanner read service + (hashed phone number lookup, removed non-indexed searches), cutting + CPU by ~30%. + +- Built cloud-native platforms across GCP, AWS, and Azure using + Kubernetes, ECS/Fargate, Lambda, Aurora, DynamoDB, and Kafka. + +- Bilingual/trilingual engineer (EN/JA/Malay) with daily + cross-functional communication across Japanese and overseas teams. --- @@ -27,98 +52,79 @@ review, and documentation workflows. ### 株式会社ホープス (Hopes Co., Ltd.) — Tokyo **Backend Engineer** | Aug 2025 – Present -Designing and operating a distributed consent management pipeline on -GCP/GKE connecting a high-traffic notification delivery system to a -downstream fulfillment API. +Dispatched to a major domestic telecommunications carrier as part of a +next-generation carrier messaging platform initiative. Designing and +operating a distributed GCP/GKE backend pipeline bridging high-volume +upstream message delivery with a downstream consent fulfillment API. -- Proposed and led adoption of a Kafka-based queuing architecture - to handle concurrent notification fan-out, identifying it as the - correct solution for account_id ordering under 20–40 TPS load -- Designed the request coalescing strategy using singleflight to - suppress duplicate in-flight downstream calls per account_id -- Architected the full event-driven pipeline: GKE + Managed Kafka - (8 partitions, keyed by account_id) + Cloud Spanner, with a - 200 TPS global cap and 10-second downstream timeout budget -- Designed graceful shutdown sequence for the consumer service, - ensuring in-flight requests complete cleanly before pod termination -- Designed reliable offset commit ordering: offsets committed only - after durable Spanner write, ensuring at-least-once delivery with - no data loss on crash -- Implemented retry cronjob requeuing up to 5 failed Spanner rows - back to Kafka every 5 minutes with configurable backoff -- Designed a zero-downtime interleaved index migration on a Cloud - Spanner accounts table under 400 TPS sustained read traffic -- Designed OpenTelemetry integration with Datadog, defining trace, - span, and metrics strategy across services; integrated with Wiz - for unified observability and security posture -- Built CI pipeline with semantic version tag enforcement — prevents - image tag overwrites while allowing latest to update freely; - scoped Workload Identity permissions to read-only minimum -- Led performance testing with Locust (40 TPS steady / 120 TPS - burst); applied results to right-size GKE CPU/memory configs -- Led TDD adoption for the team and authored development guidelines - covering milestone structure, ticket definition-of-done standards, - and code review expectations -- Identified a 1-month deadline slip during mob programming, - escalated to leadership, facilitated full task breakdown and - schedule re-baseline across the team -- Stepped up as informal tech lead during a leadership gap — - created progression guidelines, maintained ticket quality, and - kept formal leadership informed of all decisions and scope -- Tasked with onboarding and upskilling Phase 2 application team - members to raise codebase quality ahead of next release +- Proposed and led adoption of a Kafka-based queuing architecture; + designed the end-to-end pipeline with GKE, Managed Kafka + (8 partitions keyed by account_id), and Cloud Spanner under a + 1500 TPS downstream global cap with strict per-account_id ordering +- Designed request coalescing with singleflight, reliable offset commit + ordering (offsets committed only after durable Spanner writes), + graceful shutdown, and a cronjob-based retry pipeline — achieving + at-least-once delivery with no data loss on crash +- Refactored the user-info-fetch API (a separate Spanner read service + accessed by the Gateway aggregator team at 1500 TPS): guided a junior + engineer through initial implementation, then led a full refactor + introducing hashed phone number lookup, removing non-indexed searches, + and tuning indexes — cutting CPU usage by ~30% under sustained load +- Led Locust performance testing at 120 TPS steady and 600 TPS burst; + used results to right-size GKE CPU and memory for stable production + behavior +- Designed OpenTelemetry + Datadog + Wiz observability stack; built CI + controls with semantic version tag enforcement and least-privilege + Workload Identity +- Led TDD adoption, authored team dev guidelines, identified and + escalated a 1-month deadline slip, and stepped up as informal tech + lead during a leadership gap +- Applied AI tools (Copilot, Claude, Gemini, ChatGPT) in daily + workflows with deliberate guardrails: output validated through testing + and review, AI excluded from security-sensitive logic ### 株式会社ニッポンダイナミックシステムズ — Tokyo **Full Stack Engineer, IT Solutions — Pharma Market Team** | Apr 2023 – Jul 2025 -- Built a scalable analytical DWH on Amazon Aurora (RDS) for a - pharmaceutical client, integrating Salesforce and multiple - external data sources via daily/weekly ETL batch pipelines using - ECS/Fargate and Lambda; designed for HA with Multi-AZ failover -- Constructed a SaaS data lake using AWS CDK + Glue + - TypeScript/Python, fully automating ETL ingestion across - heterogeneous data sources -- Developed an internal AI application using AWS Bedrock (Claude - Sonnet) + React, implementing RAG-based document retrieval and - SES-based user matching in a small cross-functional team -- Built a license authentication service (Node.js + Docker + Azure - Web Apps + ADB2C), owning requirements definition, auth logic - design, and client-facing communication -- Designed and automated monthly maintenance operations: AMI image - updates, security patching, automated regression testing, and - blue/green deployments via AWS CodePipeline and Azure Pipelines -- Conducted Docker image vulnerability scanning as part of CI/CD - pipeline; managed VPC, WAF, and Security Group configurations -- Mentored junior engineers on cloud architecture patterns; - functioned as bilingual (EN/JA) liaison between domestic and - overseas engineering teams +Backend, cloud infrastructure, data platforms, and internal application +development for enterprise clients, primarily on AWS with some +Azure-based delivery. + +- Built a scalable analytical DWH on Amazon Aurora for a pharmaceutical + client, integrating Salesforce and multiple external sources via + ECS/Fargate and Lambda ETL pipelines; designed for HA with Multi-AZ + failover +- Constructed a SaaS data lake using AWS CDK, Glue, TypeScript, and + Python, automating ETL ingestion across heterogeneous data sources +- Built a license authentication service using Node.js, Docker, Azure + Web Apps, and Azure AD B2C; owned requirements definition through + client delivery +- Automated monthly maintenance operations (AMI updates, patching, + regression testing, blue/green deployments) via AWS CodePipeline and + Azure Pipelines +- Mentored junior engineers on cloud architecture; functioned as + bilingual (EN/JA) liaison between domestic and overseas engineering + teams --- ## SKILLS -**Languages:** Go, Python, TypeScript/JavaScript -**Frameworks:** Gin, Flask, Next.js, Node.js -**Cloud — AWS:** ECS/Fargate, Lambda, Aurora/RDS, DynamoDB, Glue, - CDK, CodePipeline, Bedrock, Secrets Manager -**Cloud — GCP:** GKE, Cloud Spanner, Managed Kafka, BigQuery, - Cloud Trace -**Cloud — Azure:** Web Apps, ADB2C, Azure Pipelines -**Data:** MySQL, Aurora, PostgreSQL, DynamoDB, Cloud Spanner, - Kafka, Redis -**DevOps:** Docker, Kubernetes, ArgoCD, CI/CD, IaC (AWS CDK, - Ansible) -**Observability:** OpenTelemetry, Datadog, distributed tracing -**AI Tooling:** GitHub Copilot (daily coding + code review), - Gemini (documentation + research), Claude (architecture - reasoning + coding), AWS Bedrock RAG (production) -**Security:** VPC, WAF, Security Groups, Secrets Manager, - Workload Identity, Wiz, Docker vulnerability scanning -**Other:** Homelab (k3s, self-hosted services, Ansible/IaC), - personal dev blog at nik4nao.com +| Category | Details | +|---|---| +| **Languages** | Go, Python, TypeScript/JavaScript, Java (learning; strong typed-language foundation) | +| **Backend** | Distributed systems, event-driven architecture, REST APIs, pub/sub, concurrency, retry design, idempotency, fault tolerance | +| **Cloud — AWS** | ECS/Fargate, Lambda, Aurora/RDS, DynamoDB, Glue, CDK, CodePipeline, Bedrock, Secrets Manager | +| **Cloud — GCP** | GKE, Cloud Spanner, Managed Kafka, BigQuery, Cloud Trace | +| **Cloud — Azure** | Web Apps, ADB2C, Azure Pipelines | +| **Data** | MySQL, Aurora, PostgreSQL, DynamoDB, Cloud Spanner, Kafka, Redis | +| **DevOps** | Docker, Kubernetes, ArgoCD, CI/CD, IaC (Terraform, AWS CDK, Ansible) | +| **Observability** | OpenTelemetry, Datadog, distributed tracing | +| **AI Tooling** | GitHub Copilot, ChatGPT, Gemini, Claude — applied with guardrails: test-validated output, excluded from security-critical paths | +| **Security** | VPC, WAF, Security Groups, Secrets Manager, Workload Identity, Wiz | --- @@ -146,12 +152,12 @@ Major: Electrical and Electronic Engineering Minor: Information Technology Graduated: March 2023 + --- ## ADDITIONAL -- **Languages:** English (business), Japanese (JLPT N1), Malay (native) -- **Homelab:** Self-hosted k3s cluster, Gitea, Jellyfin, Cloudflare - Tunnel, Ansible-based IaC on Minisforum UM790 Pro +- **Languages:** English (business), Japanese (business, JLPT N1), Malay (native) +- **Homelab:** Self-hosted k3s cluster, Gitea, Ansible/IaC, ArgoCD — + gitea.nik4nao.com (mirrored to github.com/nikafiq) - **Dev blog / personal site:** nik4nao.com -- **Self-hosted Git:** gitea.nik4nao.com (mirrored to github.com/nikafiq) diff --git a/static/cv/nik-afiq-cv.pdf b/static/cv/nik-afiq-cv.pdf index ec702c9..99404fa 100644 Binary files a/static/cv/nik-afiq-cv.pdf and b/static/cv/nik-afiq-cv.pdf differ