Iași, Romania · Open to remote roles, EU & US
I design production systems where complexity is bounded by intent, not accident. From security engineering work at Bitdefender to a graph-based indoor navigation platform I founded, my focus is the small set of architectural decisions that determine whether a system holds under load, scales with the team, and survives its second year.
01 · Engineering Philosophy
The choice of database matters less than the choice of consistency model. The framework matters less than the boundary it draws. I optimise for the small number of decisions that everything else inherits — domain model, transactional shape, failure semantics — and treat tooling as replaceable.
A system isn't designed until it has run in production for a quarter. Until then it is a hypothesis. I build with that in mind: observability before features, rollout strategy before launch, and the assumption that the worst incident will happen on the worst day.
Trust boundaries, tenant isolation, secret lifecycle, blast radius — these are decided at the schema, not the firewall. My security work at Bitdefender and Aperio reinforced what my SaaS work taught me: the cheapest place to fix a vulnerability is the one before it exists.
Every system I have rescued from a scaling problem turned out to have a clarity problem first — implicit ownership, fuzzy contracts, mutable state where there should have been events. Make the model legible, and the bottleneck usually moves to a place you can actually fix.
Founding two SaaS products taught me that the most expensive engineering decision is usually building the wrong thing precisely. I write code that I am willing to delete, and I treat "we don't need this yet" as a senior-level skill.
02 · Systems I've Designed
Each of the systems below is presented as the engineering team would discuss it: the problem, the constraints that bounded the solution, the architectural decisions and their tradeoffs, and what I learned in production.
SaaS · Spatial systems · Multi-tenant
Founder & engineer · 2026 → present · mazely.app
SaaS · Workflow engine · DAG execution
Founder & engineer · 2026 → present · processly.app
Multi-tenant SaaS · Platform architecture
Lead full-stack engineer · 2023 — 2025
03 · Professional Experience
Bitdefender
Engineering on production security systems within Bitdefender's security platform. Working at the intersection of distributed systems and security, with a focus on services that scale with the trust they require. Specifics under NDA.
Took an indoor-navigation product from problem statement to multi-tenant production platform as a single founder-engineer. Architected the spatial graph model, photo-guided wayfinding, analytics pipeline, and admin platform — the kind of end-to-end ownership that forces every architectural decision to also be an operational one.
Designed a DAG-based workflow engine and visual authoring surface that turns operational runbooks into live, schedulable, role-aware project runs. The hard call — immutable templates, mutable runs — eliminated whole classes of failure that other workflow tools accept as inevitable.
Enovis Software
Drove the architecture of a multi-tenant SaaS platform spanning BI, ERP, DMS, and BPMS. Set the tenant-isolation contract, RBAC model, and CI/CD baseline; introduced system design reviews as a precondition for new features — the change with the largest compounding effect on platform stability.
Aperio Intelligence
Designed and built a centralized auth platform and a payment service with end-to-end encryption, secret lifecycle management on Azure Key Vault, and least-privilege IAM. Made the cloud footprint defensible at the identity and network layer, not just at the application boundary.
Codefy Software
Shipped client-facing web platforms in hospitality and marketplace domains, owning the full path from schema to UI. The engineering reps that built the instinct for which decisions stay in code and which need to live in the data model.
Freelance · Web & mobile
Delivered ten-plus client projects end-to-end across web and mobile, including apps published on Google Play and the App Store. Sole technical owner — every decision had a name attached to it, which is still the way I prefer to work.
04 · Core Expertise
Technologies appear as evidence, not as identity. The expertise is in the judgment that decided when to use them.
Event-driven pipelines, partitioned consumers, idempotent processing, and the operational discipline to keep them legible. I design for the day the throughput doubles and the day the consumer crashes mid-batch.
KafkaKubernetesNode.jsNestJSPythonRedis
Detection rule design, anomaly baselines, tenant isolation, secret lifecycle, and the integration of LLM-assisted automation behind validation gates. Security as a property of design, with observability as the proof.
Detection engineeringOpenSearch / ELKAzure Key VaultRBACJWT / OAuth
Multi-tenant data modelling, organizational RBAC, audit trails, and the difference between tenancy as a feature versus tenancy as an invariant. Two founder-built SaaS products and a four-domain enterprise platform behind it.
PostgreSQLPrismaNext.jsReactTypeScripti18n
Container-first delivery, environment parity, CI/CD pipelines that are aware of dependency and security state, and cloud footprints that are defensible at the identity layer. Boring infrastructure in service of fast product work.
DockerKubernetesAzureVercelGitHub ActionsTeamCity
Graph models for spatial and process domains, immutable-template / mutable-instance separations, schema evolution under live traffic. The work that decides whether the next year of features compounds or fights the model.
Graph modelsDAGsSchema designMigrations
Education
B.Sc. Computer Science — Alexandru Ioan Cuza University, Iași (2021–2024)
Security
SOC Level 1, DevSecOps, Security Engineer, Jr Penetration Tester — TryHackMe
Data
Meta Data Analyst · Google Business Intelligence · Advanced SQL, Data Cleaning, AI Ethics (Kaggle) · Advanced Tableau (CFI)
Languages
Romanian (native) · English (C2)
05 · Selected Technical Writing
Long-form technical writing on the decisions behind the systems above — graph data models, workflow engines, detection pipelines, multi-tenant invariants. Drafts are in flight; pieces will be linked here as they ship.
In draft
The case for branch-parallel execution as the authoring primitive — and the cost of admitting it.
In draft
Why a 20-entity graph beat a flat coordinate map the moment accessibility constraints arrived.
Planned
Treating model output as untrusted input, and why detection pipelines force the discipline.
06 · Collaboration
Currently selective about Staff Engineer, founding engineer, and senior systems / security roles — remote, EU or US time zones. Open to advisory conversations on multi-tenant SaaS architecture and detection pipelines.