Senior Solutions Architect · Multi-Cloud · Domain-Driven Design · Event-Driven Architecture
Twelve years architecting cloud-native platforms across the MENA region — Saudi Arabia, the United Arab Emirates, and Egypt — for government, banking, retail, and healthcare clients. I work at the seam where business intent becomes runnable architecture: my deliverables are High-Level Designs that engineering organisations can build from — every container labelled, every integration sequenced, every trade-off recorded as an Architectural Decision Record. Since joining the National Housing Company Innovation in 2024 I have authored more than eleven canonical HLDs that are now the agreed architecture across multiple programmes.
I treat C4 diagrams and ADRs as living artefacts, version-controlled and re-rendered on every change. The platforms I design are typically built on Kubernetes and Apigee, with Spring Boot or ASP.NET Core on the application tier; RabbitMQ Streams, Apache Kafka, and Debezium CDC on the messaging tier; and PostgreSQL, Oracle 19c, MongoDB, and Elasticsearch on the data tier.
Most architecture mistakes are made before the first line of code.
By the time a system is in production, the trade-offs are already in concrete — the cost of a wrong decomposition is measured in years, not weeks. So I spend my time at the front: ADRs and C4 diagrams as conversation tools, not write-once deliverables. If a decision can't be explained in one paragraph and one diagram, it isn't a decision yet.
Three opinions I hold strongly:
Six microservices that share state are worse than one monolith. The Commercial Licence decomposition worked because we found the natural seams — Approval, User, Commercial, Location, Invoice, Salama — before splitting code.
The Debts Hub started life as a REST callback flow. After it failed in production, we switched to RabbitMQ. The lesson scaled across the platform: every gating integration in the Balady ecosystem now consumes events, not synchronous callbacks.
PDPL data masking, consent validation, and commercial-terms enforcement belong at the gateway, not in each consumer. The Event Distribution Hub counter-proposal was built on that principle.
The job is finding the right constraints early. Execution follows.
Each area below is grounded in production work at NHCI and earlier engagements.
Multi-bounded-context decompositions backed by Camunda BPMN/DMN workflows.
RabbitMQ Streams, Apache Kafka, Debezium CDC, transactional outbox, saga compensation.
On-prem ↔ OCI, AWS, Azure, IBM Cloud. Strangler Fig at multi-terabyte scale.
Production K8s, Helm, service mesh, multi-cluster topologies, Apigee API gateway.
Camunda Self-Managed BPMN/DMN, saga compensation, custom rule engines.
Apigee, OAuth 2.0 / OIDC, webhook security stacks (HMAC, replay protection, idempotency).
PostgreSQL, Oracle 19c, MongoDB, Redis Cluster, Elasticsearch, ArcGIS.
Self-managed Sentry, ELK Stack, Elastic APM, Prometheus, Grafana, SonarQube.
PCI DSS, GDPR, PDPL data masking, Nafath SSO, MOMAH SSO, signed-webhook security.
A curated selection of the most architecturally substantive work I have led at NHCI. Click any card to read the full case study.
Decomposed a legacy government licence monolith into a modern microservices target across six DDD bounded contexts on Camunda BPMN/DMN — now the agreed target architecture across engineering.
Centralized debts substrate gating Balady service issuance on outstanding-debt resolution. Replaced REST-based confirmations with RabbitMQ after resilience issues, eliminating that class of failure.
Multi-terabyte, multi-million-record migration from on-premise NFS storage to Oracle Cloud Infrastructure object storage (in-region) using Strangler Fig with per-document backend-flag tracking — zero-downtime cutover.
Canonical microservices ensemble for NHC-integrated payment processing, points conversion, and wallet management. 13 services with saga-style compensation, dual-verification on every callback, and circuit breakers on every external dependency.
Container-based mini-apps with a JS Bridge runtime, a 9-stage CI/CD pipeline, and a two-tier identity model (Mobile OTP / Nafath SSO) with per-app encryption keys carried in the SSO token.
Single governed source-of-truth for translations and cross-system code mappings. Transactional outbox + RabbitMQ Streams for cache-invalidation only; MongoDB + Redis read-through; BFF page-level aggregation; mobile offline bundle.
Real-time monitoring platform for government employees across Saudi municipalities. Event-driven replication into Elasticsearch + ArcGIS via dedicated RabbitMQ Streams with replay capability.
Centralized notification platform — ingest → templating → per-channel dispatch (SMS / mobile / web) with persist-before-dispatch invariants, bounded retry, and per-channel queue isolation.
Platform-level proposal decomposing a shared database into per-business-domain stores via Debezium CDC + Kafka, with phased migration and Grafana / Prometheus monitoring.
Centralized campaign management for Balady Business merchants — lifecycle, subscriptions, AI-driven recommendations (mediated by a Sanitisation Service for PDPL compliance), POI + GIS integration, notifications, analytics.
Centralized Points-of-Interest system with multi-precision geohash + Redis geospatial cache. The EDH counter-proposal routes change events through Apigee for PDPL filtering, consent validation, attribute redaction, and commercial-terms enforcement.
Buy-Now-Pay-Later integration with Alrajhi Bank in the Unified Payment Page. Multi-provider architecture with signed-webhook security stack (HMAC-SHA256, IP allow-list, replay protection, idempotency) and encrypted single-use presigned URLs.
Architect for ~30 systems within the Balady citizen super-app and supporting platform services. Authored 11+ canonical HLDs, two governance frameworks (Architecture Contribution & Review; Technology Assessment & Decision), and the platform's Unified Logging Framework.
Cloud-native delivery for clients across banking (First Abu Dhabi Bank), telecommunications (Orange), retail (Nike), healthcare (Dubai Health Authority), and HR / SaaS (Panorama). Monolith-to-microservices on OpenShift; PCI-compliant integration patterns; IBM Watson SOA integrations.
Oracle EBS R11 → R12 upgrades; migration of Letter-of-Guarantee and Letter-of-Credit modules; Java + Oracle DB integration work and financial-data reporting.
AWS Web Services Boot Camp · Oracle Developer Diploma · Java SE Programming & ADF I.