Senior Solutions Architect · Multi-Cloud · Domain-Driven Design · Event-Driven Architecture
AS
Twelve years architecting cloud-native, microservices-based, and event-driven platforms across government, banking, retail, and healthcare. Currently leading more than thirty systems within the Balady citizen super-app ecosystem at NHCI.
Location · Riyadh, Saudi Arabia
Languages · Arabic, English
Availability · Open to senior roles
LinkedIn · linkedin.com/in/ahmedmshalaby
AWS Certified Solutions Architect — Associate
Red Hat Application Development II — Microservices
Java SE 8 Programmer I — Oracle 1Z0-808
Oracle Certified Professional — OCP
Currently pursuing: Arcitura Digital Transformation Solution Architect; AWS Solution Architect Professional; Advanced Kubernetes Administrator.
I work at the seam where business intent becomes runnable architecture. My deliverables are High-Level Designs that engineering organisations can build from — every container labelled, every integration sequenced, every trade-off recorded as an Architectural Decision Record. Since joining the National Housing Company Innovation in 2024 I have authored more than eleven canonical HLDs that are now the agreed architecture across multiple programmes.
I treat C4 diagrams and ADRs as living artefacts, version-controlled and re-rendered on every change. The platforms I design are typically built on Kubernetes and Apigee, with Spring Boot or ASP.NET Core on the application tier; RabbitMQ Streams, Apache Kafka, and Debezium Change Data Capture on the messaging tier; and PostgreSQL, Oracle 19c, MongoDB, and Elasticsearch on the data tier.
Each area below is grounded in production work at NHCI and earlier engagements. Hover any card for emphasis.
Multi-bounded-context decompositions with Camunda BPMN/DMN workflows and ADR-backed trade-offs.
RabbitMQ Streams, Apache Kafka, Debezium CDC, transactional outbox, saga compensation, replay.
On-prem ↔ OCI, AWS, Azure, IBM Cloud. Strangler Fig transitions at multi-terabyte scale.
Production K8s, Helm, service mesh, multi-cluster topologies, OpenShift, Apigee API gateway.
Camunda Self-Managed BPMN/DMN, saga compensation, custom rule engines.
Apigee, OAuth 2.0 / OIDC, webhook security stacks (HMAC, replay protection, idempotency).
PostgreSQL, Oracle 19c, MongoDB, Redis Cluster, Elasticsearch, ArcGIS, TimeScaleDB.
Self-managed Sentry, ELK Stack, Prometheus, Grafana, Jaeger, OpenTelemetry, SonarQube.
PCI DSS, GDPR, PDPL data masking, Nafath SSO, MOMAH SSO, signed-webhook security.
Monolith-to-microservices on OpenShift, hybrid-cloud document migration, Strangler Fig rollouts.
Multi-stage CI/CD pipelines with security scan, compliance, approval gates, registry, deploy.
System Context, Container, and Component diagrams as PlantUML, version-controlled and re-rendered.
A curated selection of the most architecturally substantive work I have led at NHCI. The complete catalogue spans twelve programmes and forty-three systems.
Decomposed the legacy government licence monolith into six DDD bounded contexts — Approval, User, Commercial, Location, Invoice, and Salama — on Camunda BPMN/DMN. RabbitMQ payment-confirmation flow with the Billing System. Now the agreed target architecture for the licence platform.
NHC-integrated payment processing, points conversion, and wallet management across thirteen microservices. Saga-style compensation, dual-verification on every NHC callback, and circuit breakers on every external dependency. Apigee + Spring Boot + Kafka + Oracle 19c + Redis Cluster.
Centralised debts substrate gating Balady service issuance on outstanding-debt resolution. After resilience issues with REST-based confirmations, drove the V1.0.1 revision switching consuming-service integration to RabbitMQ — eliminating that class of failure.
Migrated a multi-terabyte, multi-million-record dataset from on-premise NFS storage to Oracle Cloud Infrastructure object storage (in-region) over site-to-site IPSec VPN. Per-document backend-flag tracking in Oracle metadata; Strangler Fig with a pilot product as the first cut — production traffic migrated with no big-bang cutover.
Container-based mini-apps with a JS Bridge runtime, a nine-stage CI/CD pipeline, and a two-tier identity model (Mobile OTP / Nafath SSO) with per-mini-app encryption keys carried in the SSO token.
Single governed source-of-truth for translations and cross-system code mappings. Transactional outbox + RabbitMQ Streams for cache-invalidation only (RDM never writes to consumer DBs), MongoDB + Redis read-through, BFF page-level aggregation, mobile critical-flow bundle for offline screens.
Real-time monitoring platform for government employees nationwide. Event-driven replication into Elasticsearch (search, KPIs, prohibition flags) and ArcGIS Server (spatial, map, radius) via RabbitMQ Streams with seven-day replay. Three-tier role scope via MOMAH SSO claims; nine ADRs.
Centralised POI system with multi-precision geohash + Redis geospatial cache, ESRI Geodatabase. The EDH counter-proposal routes POI-change events through Apigee for PDPL filtering, consent validation, attribute redaction, and commercial-terms enforcement before delivery.
Buy-Now-Pay-Later integration with Alrajhi Bank in the Unified Payment Page. Signed-webhook intake via Apigee (HMAC-SHA256, IP allow-list, replay protection, idempotency), encrypted single-use presigned URLs with double-validation. ASP.NET Core + Redis HA + RabbitMQ.
Platform-level architecture decomposing a shared database into per-business-domain stores via Debezium CDC + Kafka + Airbyte / DBT, with phased migration and Grafana / Prometheus monitoring. Three ADRs.
Wireless drainage and flood-sensing platform deployed entirely in the MOMAH datacentre. Seven-container topology (WebApp, Atlas, Go API, MQTT broker, PostgreSQL, TimeScaleDB, NGINX LB) on Kubernetes. Approval secured by overriding the earlier vendor-cloud plan for data sovereignty.
Centralised notification platform — ingest → templating → per-channel dispatch (SMS, mobile, web) with persist-before-dispatch invariants, bounded retry (max 10 attempts), and per-channel queue isolation.
Architect for approximately thirty systems within the Balady citizen super-app and supporting platform services in Riyadh, Saudi Arabia. Authored eleven or more canonical High-Level Designs, two governance frameworks (Architecture Contribution & Review; Technology Assessment & Decision), and the platform's Unified Logging Framework.
Delivered cloud-native solutions for clients across banking (First Abu Dhabi Bank), telecommunications (Orange), retail (Nike), healthcare (Dubai Health Authority), and HR / SaaS (Panorama). Monolith-to-microservices digital-transformation on OpenShift; PCI-compliant integration patterns; IBM Watson SOA integrations. Coverage spanned KSA and Egypt.
Upgraded custom Oracle E-Business Suite solutions from Release 11 to Release 12 in Cairo, including the migration of the Letter-of-Guarantee and Letter-of-Credit modules, plus Java programs interfacing with Oracle databases for financial-data analysis and reporting.
Bachelor of Accounting — Mansoura University, 2008 – 2012
AWS Web Services Boot Camp; Oracle Developer Diploma; Java SE Programming & ADF I.