Karim Serhan

A consumer mobile app for creating, sharing, and discovering animated stickers and GIFs—shipped solo end-to-end from idea to App Store in under 3 months.

The back end is a fully serverless AWS Lambda and API Gateway. DynamoDB is used for user and content data, SQS for async processing (moderation, encoding, notifications), and S3 and CloudFront for CDN-served media. The GIF/video transcoding pipeline is built on FFmpeg running in Lambda. The mobile client is built with React Native and Expo, with native FFmpeg integration for on-device media processing. The web client uses Next.js, and all infrastructure is defined in SST.

I used event-driven architecture throughout, with attention to consistency and ordering guarantees across the distributed pipeline.

A suite of shared TypeScript libraries and infrastructure-as-code modules providing a common stack for building and shipping multi-tenant SaaS applications on AWS.

It covers the repeatable components every SaaS product needs—cloud infrastructure primitives (VPCs, CDNs, and multi-tenant databases with schema-level isolation), application utilities (S3/CDN storage, parameter caching, and connection string builders), and cross-cutting helpers. I designed these so that new applications can bootstrap on proven infrastructure patterns with minimal set up—the foundation on which Gifbey, Safastech Console, and other apps in the ecosystem are built.

A hybrid-retrieval search platform for discovering local businesses, combining keyword search with vector-based semantic matching to improve relevance on natural-language queries.

The back end runs on AWS, with a custom ingestion pipeline that crawls, normalizes, and enriches business listings before indexing them in a self-hosted Typesense cluster for keyword search and in a vector store for semantic retrieval. Semantic relevance uses CLIP-based embeddings, with a PyTorch inference path that generates embeddings for both listings and user queries at query time. The ranking layer blends keyword and vector scores, tuned for local intent—proximity, category match, and listing quality. The stack is built on the same multi-tenant SaaS infrastructure framework behind my other products.

The front end follows a cross-platform pattern: a shared UI package on Gluestack and NativeWind powers three targets—a consumer web client (Next.js), a mobile app (Expo/React Native), and an admin console—all of which share the same component library, API client, and TanStack Query hooks.

A self-hosted deployment management console for SST-based AWS applications. It is built to replace manual tracking of deploys, environments, and app state across a growing portfolio of SST services and to avoid the cost of 3rd-party solutions.

The console provides a unified UI for deploying, rolling back, and monitoring SST applications across multiple AWS accounts and environments. It handles AWS credential management, deployment history, environment variable injection, and real-time status tracking.

I used full-stack TypeScript on an AWS serverless infrastructure, with a Next.js web console as the front end. I built it to be deployed into a team's own AWS account—no external service dependency.

Architected core components of a production ad-serving platform at Microsoft's Ads division—a revenue-critical ranking path processing hundreds of thousands of requests per second.

My work spanned system topology and data-flow design for ML-driven ranking workloads; A/B testing and canary-rollout systems enabling safe, staged deployment of ML models across a distributed serving infrastructure; and capacity analysis delivering 10% higher per-node throughput.

I also led cross-team technical design discussions, aligning back-end, ML, and platform teams on system contracts and rollout strategies for production ML systems.

Microsoft's official tool for converting existing Windows applications—legacy MSI installers, setup.exe packages, and scripted installs—into the modern MSIX packaging format. This was shipped as a 1st-party Windows product, used by enterprises and developers to modernize their application portfolios for the Microsoft Store and enterprise deployment.

I designed and built core components of the tool, including the conversion engine that captures application install behavior (file system changes, registry operations, services) inside an isolated environment—spawning an isolated Windows VM via native Hyper-V integration—and translates it into a valid MSIX package.

My work spanned isolation primitives, install-behavior capture, package generation, and validation—all operating under strict correctness constraints since incorrectly packaged apps would fail at scale across millions of end-user installs.

The system app that lets users install applications on Windows from outside the Microsoft Store—including sideloading local packages, streaming installs directly from HTTP sources, and automated developer workflows. This was shipped with Windows to hundreds of millions of devices.

I owned the Windows App Installer end-to-end as the primary engineer. I designed and shipped the HTTP-based streaming install path (enabling installations to begin before the full package has downloaded), sideloading flows, and the broader install pipeline that handles package validation, dependency resolution, and system integration.