Projects

Full-stack engineering work across aviation, healthcare, and fintech.

Work

Luvero

Software Engineer • Dec 2024–present

Designed and built a production-ready, zero-knowledge task management application with military-grade end-to-end encryption. The system ensures complete data privacy through client-side cryptography where passwords, encryption keys, and task data never reach the server in plaintext.

Responsibilities

→Implemented sophisticated 5-layer key hierarchy: Password → Root Key (Argon2id) → Master Data Key → User KEK (HKDF) → Org Master Key → Task Data Key
→Built sealed-box PKI system using X25519 elliptic curve + XChaCha20-Poly1305 AEAD for secure team invitations without pre-shared secrets
→Designed atomic PostgreSQL RPC procedures preventing orphaned encryption keys during invite acceptance
→Created comprehensive Row-Level Security (RLS) policies across database tables with JWT token validation
→Developed client-side registration flow with one-time recovery seeds and automatic legacy user migration
→Implemented multi-organization support with role-based access control (owner, superadmin, teammate, guest)
→Built encrypted collections, sections, and task attributes with AES-256-GCM
→Created complete audit trail with activity logging and membership lifecycle tracking
→Developed CSV batch import, search/filtering, and real-time collaboration features
→Designed human-friendly H-codes for easy member discovery and invitations

Impact

✓Server never accesses plaintext passwords, keys, or task data - true zero-knowledge architecture
✓Database admins cannot decrypt user content, ensuring complete data privacy
✓Forward secrecy via ephemeral keypairs in sealed boxes
✓Production-ready security with comprehensive cryptographic architecture documentation

Stack

React 19ViteTailwind CSSVercel ServerlessPostgreSQLSupabase@noble/curves@noble/hashes@noble/ciphersargon2-browserAES-256-GCMX25519XChaCha20-Poly1305

Legara

Lead Infrastructure & Data Engineer • Aug 2024–present

Architected complete healthcare infrastructure from scratch: HIPAA-compliant cloud architecture (AWS, ERP, ETL) and enterprise network (dual-WAN, VPN, IPsec, 5+ isolated zones). Achieved 99.9% uptime with self-healing automation and zero manual intervention during failures.

Responsibilities

→Architected HIPAA-compliant AWS infrastructure with public/private subnets, ALB for high availability, and centralized secrets management
→Deployed Rocket.Chat with Docker Compose on EC2 and secured MongoDB connections with TLS
→Designed and optimized HIPAA-compliant ERP system for multi-client healthcare data management
→Built ETL pipelines and data solutions that automate invoice generation for various clients
→Implemented comprehensive logging/audit trails to S3/CloudWatch with access controls, MFA, and SSO
→Architected EdgeRouter-12 network with dual-WAN (AT&T Fiber + FirstNet cellular), load balancing, and automatic failover
→Implemented 5+ isolated network segments: Management, General, DMZ, HIPAA-compliant ePHI zone with zone-based firewalls
→Deployed dual-layer VPN infrastructure: OpenVPN remote access (UDP 443, certificate-based auth) + IPsec site-to-site tunnel (IKEv2, AES-256)
→Developed bash automation script for self-healing infrastructure: monitors load balancer, detects WAN failover, dynamically reconfigures IPsec via Vyatta API
→Enabled secure remote access to eCW Electronic Medical Records system for clinical staff from any location

Impact

✓Achieved 99.9% uptime with zero manual intervention during WAN failures
✓Automatic recovery from failover events in under 60 seconds
✓Transformed data infrastructure for scalable, real-time data access and reporting
✓Automated invoice generation, significantly reducing manual workload and increasing accuracy
✓Maintained strict HIPAA compliance through network isolation, encryption, and comprehensive audit trails
✓Enabled secure remote EMR access while eliminating dependency on less secure methods

Stack

AWSPythonPostgreSQLMongoDBDockerRocket.ChatETLEdgeRouter-12EdgeOS/VyattaOpenVPNIPsec/strongSwanLinuxBashZone-Based Firewalls

Financial Engineering Firm

Lead Data Engineer • Oct 2024–present

Developed a comprehensive ledger management system to manage financial data for multiple clients with uniform data storage, automated data processing, and enhanced reporting capabilities.

Responsibilities

→Developed a ledger system used to manage financial data for multiple clients with uniform data storage
→Developed scripts to scrub and transform transactions from various financial institutions into standardized ledger entries
→Created reporting scripts to generate financial reports, enhancing data visibility and decision-making
→Automated extraction and conversion of data into ledger-compatible formats
→Ensured system scalability and consistency to support diverse client requirements

Impact

✓Unified financial data management across multiple clients with consistent ledger formats
✓Significantly reduced manual data processing time through automation
✓Enhanced data visibility and decision-making through comprehensive reporting capabilities
✓Improved stakeholder confidence through data accuracy and standardization

Stack

PythonETLData Pipelines

My Projects

Postflyte

Founder / Software Engineer • Aug 2025–present

A specialized networking platform for the aviation community that connects pilots for time-building partnerships, CFI services, and aircraft rentals.

Responsibilities

→Architected and built full-stack application using Next.js 15, TypeScript, and FastAPI with PostgreSQL
→Implemented real-time messaging, interactive aviation maps with Leaflet, and secure JWT authentication
→Designed and developed DPE checkride gouge sharing and pilot matching algorithms
→Integrated Stripe payment processing and deployed scalable infrastructure with CI/CD pipelines
→Created responsive UI/UX focused on pilot needs with intuitive navigation and seamless mobile experience