$ ./introduce.sh

Omar Sharif.

Backend Engineer · Java / JVM ·6+ yrs on multi-tenant commerce & loyalty systems

/** I build the load-bearing middle of commerce platforms — catalog services, offer engines, CDC pipelines and the module boundaries that keep them from collapsing into each other. Currently owning Catalog + Offer Engine at Maxab (200K+ retailers); previously WalaPlus and Trade Point. I also run two production SaaS products on the side.

location: Fayoum → Cairo, EG · (UTC+2)
focus: Java 21 · Spring Boot · Kafka CDC · Mongo · Postgres
track: SE2 → Senior · program ownership
status: ● Commerce squad · CDC owner

wget resume.pdf $ open linkedin $ ls case-studies/

omar@maxab-prod: ~/portfolio — zsh6 commands · live

omar@maxab-prod:~/portfolio $

// 02

$ cat about.md

the arc · pin to top

# the arc
Six years, one through-line: go one layer deeper. I started in enterprise networks and infrastructure, pivoted into product — building a full Flutter + Laravel POS self-taught — then into distributed backend systems, and now into program ownership. Each layer informs the next; none of it got skipped.

# how I work
The best architecture is the one your on-call understands at 3am. I design codebases that explain themselves — package-per-feature, typed gateway interfaces, ArchUnit rules at the boundaries. I default to reversible, Git-controlled changes over big-bang rewrites, and I reach for the right tool — CDC, schema-per-module, modular monolith — before the problem fully calcifies into tech debt.

# currently
Back at Maxab as the squad lead's first-choice hire — owning the Catalog, Target Offers and Offer Engine services, CDC owner for the Commerce squad, and leading Rewards Consolidation as a senior-promotion program. Java 21, Spring Boot, Kafka, Mongo.

// 03

$ git log --author=omar

4 commits on branch career/main

commit a1f7b3cCairo · Commerce squad

Software Engineer II → Senior Track@ MaxabApr 2026 — present

Java 21Spring Boot 3/4Kafka CDCMongoDBProgram Lead

Returned as the squad lead's first-choice hire. Own the Catalog Service plus the Target Offers + Offer Engine services, and act as Kafka CDC owner for the Commerce squad across a 200K+ retailer platform.

Awarded Rewards Consolidation as a senior-promotion stretch — full program ownership: architecture, development, release and deployment plans, with a dedicated team of 3.
Own Catalog, Target Offers and Offer Engine end-to-end — contracts, data model, rollout.
Kafka CDC owner: the change-data-capture backbone the squad's services build on.

commit e44c9d2Saudi · Remote

Software Engineer@ WalaPlusSep 2025 — Mar 2026

Keycloak SPIRedis + LuaKafka · SQS · RabbitMQStrategy + Flags

Helped migrate a legacy PHP/Laravel loyalty platform — 10,000+ retailers, 7,000+ active vouchers — to Java/Spring Boot microservices. Served as a key production-incident contact.

Built a custom Keycloak Email-OTP authentication provider via Java SPI handling 2,000+ daily authentications.
Owned the Dalel AI-agent integration: change-trigger validation pipeline, a Lua-scripted Redis atomic rate-limiter with auto-rescheduling, and a dynamic schema mapper.
Revamped redemption with the Strategy pattern + feature flags for a zero-downtime dual-schema rollout; wired cross-service sync over Kafka, SQS and RabbitMQ.

commit b21f0aaCairo · Marketplace

Software Engineer — Launching Squad@ Maxab2024 — Sep 2025

Spring BootMongoDBKafka + DebeziumFirestoreAWS S3

Part of the Launching Squad migrating a legacy Laravel monolith to Spring Boot microservices. Owned the Catalog Service migration to MongoDB and led the Marketplace 'Edit Orders' feature (2,200+ active retailers).

Re-engineered a blocking 20,000-row Excel upsert into an async S3 → metadata → cron-batched pipeline — cut processing time 75% and eliminated DB table-locking.
Built a multi-tenant Firestore cart on raw FirestoreTemplate and wrote up the unconventional design in a Medium article.
Implemented multi-tenant, multi-localized Mongo queries with MongoTemplate; maintained 10+ Kafka + Debezium connectors daily.

commit c0d3l17Cairo · 5 years

De-Facto Head of Engineering@ Trade Point / CodeLytical2019 — 2024

FlutterLaravelNetworkingESXiSelf-taught

Began in enterprise network infrastructure, then pivoted hard into product engineering — building a full Flutter + Laravel POS self-taught — and grew into an informal, de-facto head-of-engineering role running infra and product at the same time.

Ran enterprise infra end-to-end: ESXi on Dell R720xd, Aruba switching, Sophos firewalls, MikroTik routing, Ubiquiti mesh.
Shipped a production restaurant POS in Flutter + Laravel with a real-time kitchen-display and call-center dispatcher — entirely self-taught.
Carried infrastructure and product ownership simultaneously, with no formal mentorship.

// 04

$ ls case-studies/

3 files · click to expand

▾ 01-async-upsert.md

Async Catalog Upsert Pipeline — 20k-row Excel, zero table locks

Maxab · 2024

# Problem

Catalog teams uploaded product changes as 20,000-row Excel files over a single blocking HTTP request. That request held a DB table lock for the whole upsert — timeouts, locked reads for everyone else, and an operator left staring at a spinner with no idea whether it worked.

# Approach

Broke the synchronous path into stages: the file lands in S3, metadata is written to the DB, and a cron drains the rows in 5,000-row batches. Each batch takes a short, scoped lock instead of one marathon lock, and the operator gets an automated email when the job finishes. The HTTP request now returns in milliseconds.

// representative slice @Scheduled(fixedDelay = 5_000)
void drainPendingUploads() {
  uploads.claimNext().ifPresent(job -> {
    var rows = s3.streamRows(job.key(), BATCH);  // 5_000
    catalog.upsertBatch(rows);          // ← short, scoped tx
    if (job.isComplete()) mail.notify(job.owner());
  });
}

Spring BootAWS S3Scheduler / CronPostgresAWS SES

# Impact

processing time

−75%

vs blocking path

table locking

eliminated

batch size

5k rows

per cron tick

per upload

20k rows

handled async

# Role

Owner

▾ 02-keycloak-otp.md

Keycloak Email-OTP Provider — Custom auth via Java SPI

WalaPlus · 2025

# Problem

The platform needed email one-time-password login, but Keycloak ships no first-class email-OTP flow. Bolting it on outside the IdP would have meant re-implementing session, brute-force and audit logic that Keycloak already does well.

# Approach

Implemented a custom Authenticator through Keycloak's Java SPI — OTP generation, email delivery, resend throttling and verification all run as a native authentication step inside the realm. It plugs into the existing flow engine, so MFA, lockouts and audit come for free.

// representative slice public class EmailOtpAuthenticator implements Authenticator {
  public void authenticate(AuthenticationFlowContext ctx) {
    var otp = otpService.issue(ctx.getUser());  // gen + store
    mail.send(ctx.getUser().getEmail(), otp);   // deliver
    ctx.challenge(otpForm(ctx));                // ← native step
  }
}

Keycloak SPIJavaSpringAWS SESRealm config

# Impact

authentications

2k+/day

in production

IdP-native

100%

no sidecar

resend abuse

throttled

server-side

scope

multitenant

realm-aware

# Role

Owner

▾ 03-dalel-ratelimiter.md

Atomic Redis Rate-Limiter — Lua-scripted, self-rescheduling

WalaPlus · 2025

# Problem

The Dalel AI agent fired change-triggers that could stampede downstream services. A naive GET-check-SET limiter races under concurrency — two requests read the same count and both pass. We needed a hard, atomic ceiling with automatic backoff rather than dropped work.

# Approach

Moved the entire check-and-increment into a single Lua script that Redis runs atomically on one shard — no race window exists. When the limit is hit, the script reschedules the work for the next window instead of dropping it, and a validation pipeline gates triggers before they ever reach the limiter.

// representative slice -- ratelimit.lua — atomic on one Redis shard
local n = tonumber(redis.call('INCR', KEYS[1]))
if n == 1 then redis.call('PEXPIRE', KEYS[1], ARGV[1]) end
if n > tonumber(ARGV[2]) then
  return redis.call('ZADD', KEYS[2], ARGV[3], ARGV[4]) -- requeue
end
return 0

RedisLuaJavaSpringSQS

# Impact

limiter

atomic

single round-trip

race window

Lua on one shard

dropped work

auto-rescheduled

triggers

validated

before dispatch

# Role

Owner

// 05

$ ls ~/side-projects/

built while employed · self-funded

SaaS · Active

Softphone Plus

SIP call-center suite for MENA

A native Java Windows agent app paired with a Nuxt 3 supervisor portal. Two paying customers, ~20 agents, running on AWS ECS — self-funded from day-job income.

JavaAsterisk · SIPNuxt 3AWS ECS

2paying customers

~20live agents

SaaS · Active

OrdRun

Multi-tenant restaurant POS + dispatch

Java 21 / Spring Boot 3 with DB-per-tenant and realm-per-tenant Keycloak. A Melos Flutter monorepo drives POS, KDS and Dispatch. Currently shipping offline mode for a connectivity dead-zone deployment.

Java 21DB-per-tenantKeycloakFlutter

287endpoints

68JPA entities

Personal · Hobby

Conquer Online Server

Private game server, patch 5517

Netty 4 TCP, TQ cipher + Blowfish, the CO binary protocol, an entity system and a spatial-grid game map — reverse-engineered from scratch. Pure curiosity engineering.

JavaNetty 4Blowfishbinary protocol

5517CO patch

∞for the joy of it

// 06

$ cat stack.md

shaped by production scars

core / backend

Java 21Spring Boot 3/4KafkaKafka ConnectDebezium CDCPostgreSQLMongoDBRedisSQSRabbitMQ

architecture

Multi-tenancyModular MonolithMicroservicesDB-per-tenantSchema-per-moduleArchUnitCDC framework

infra / ops

AWS ECS · SESKubernetesKeycloakAPISIXHashiCorp VaultTypesenseArgoCDElastic StackLogstashJenkins

front-end / mobile

Flutter · DartNuxt 3LaravelMelos monorepo

networking / voip

Asterisk PBXSIP · RTPESXi · iDRACMikroTikUbiquitiSophos

daily tooling

Claude CodeOllama (local M4)CLAUDE.mdGit

// 07

$ render --system commerce.dot

how I actually build things

ingress · http requests

service-to-service rpc

domain events → kafka

CDC → search · sync

// the pattern that shows up everywhere — module boundaries as code

interface CatalogGateway { // owned by offers · api.catalog pkgRetailerProfile findRetailer(RetailerId id); } // implemented by catalog's RetailerReader, wired in the integration layer // → no circular dependency, no event coupling // → boundary enforced by an ArchUnit CI rule

// 08

$ cat principles.md

how the work gets made

Evidence-first debugging

Never assume. Form a hypothesis, design the smallest reproducible test, look at the data, adjust. Impatient with “it should work” reasoning.

Reversibility as a constraint

Default to Git-reversible, controlled changes over big-bang rewrites. Ship foundations that extend without ripping out the seams.

Architecture as communication

Package-per-feature, typed gateway interfaces, ArchUnit rules — code structured so it explains itself. The best documentation is the structure.

Owns the whole problem

From high-level design to deployment plan to team shape. Not a hand-it-off engineer; carries the thread end to end.

Breadth without shallowness

Networks → mobile → full-stack → distributed systems. Each layer informs the next — not a generalist who skims.

Ships real systems

Production multi-tenant backends, PBX integrations, CDC pipelines — not portfolio toys. Measurable impact in production.

// 09

$ wget resume.pdf

4 pages · pdf · last updated jun 2026

omar_sharif_resume.pdf

Full CV covering the 6-year arc — infrastructure → product → distributed systems → program ownership — plus the two SaaS products. Same content as this site, formatted for ATS pipelines that still don't render JavaScript.

$ sha256sum resume.pdf → a315..d4f

download (pdf) connect on linkedin