Enterprise Order Management Platform
Modular .NET order orchestration platform replacing a legacy monolith with bounded contexts, event-driven workflows, and multi-region deployment.
Strategic decomposition of a monolithic payment processor into PCI-scoped microservices with tokenization, idempotent transaction handling, and independent scaling of authorization and settlement paths.
The payment gateway operated as a single deployable unit handling authorization, tokenization, settlement, and merchant configuration, creating PCI audit scope that encompassed the entire codebase and blocking team parallelization. Transaction volume growth of 40% year-over-year stressed shared thread pools, causing authorization timeouts during flash sales. I defined a microservices decomposition aligned to PCI scope minimization, separating cardholder data environments from merchant-facing configuration services. Migration proceeds via the strangler pattern with dual-write validation on transaction IDs and amount checksums.
PCI DSS audit scope covered 120,000 lines of code unrelated to payment processing, extending audit cycles to 11 weeks and $380K in annual compliance costs. Authorization P99 latency reached 2.1 seconds during peak events, causing merchant cart abandonment rates to spike 8%. Refund processing shared the authorization thread pool, creating head-of-line blocking that delayed settlement batches. Independent scaling of read-heavy merchant dashboard APIs was impossible without scaling the entire monolith.
Cardholder data flows through dedicated tokenization and authorization services running in PCI-scoped Kubernetes namespaces with strict network policies and HSM-backed key management via HashiCorp Vault. Idempotency keys on all transaction APIs prevent duplicate charges during client retries, with Redis-backed deduplication windows aligned to network timeout profiles. Kafka carries transaction lifecycle events to settlement and notification services decoupled from the authorization hot path. Merchant configuration and reporting APIs operate in a separate trust zone without access to raw PAN data.
Istio service mesh enforces mTLS between microservices with authorization policies scoped to service identities. The authorization service implements a saga pattern for multi-step capture workflows with compensating refund transactions on partial failures. PostgreSQL stores transaction state with row-level tenant isolation; read replicas serve merchant reporting queries. Circuit breakers and bulkhead thread pools isolate authorization from batch settlement processing, with Prometheus alerts on pool saturation thresholds.
Key interfaces and system views from the engagement.
Additional work in adjacent domains and technology stacks.
Modular .NET order orchestration platform replacing a legacy monolith with bounded contexts, event-driven workflows, and multi-region deployment.
FHIR-native interoperability platform enabling secure clinical data exchange between hospitals, payers, and specialty networks with full audit trails.
Low-latency settlement and reconciliation platform processing equities and fixed-income trades with T+1 regulatory compliance and intraday risk controls.