Verified Expert in Engineering
Stephen has over 18 years of software engineering experience across organizational sizes and sectors. He's a SpringOne Platform speaker and open source contributor to the JHipster, Spring Security, and Spring Boot projects. Besides Java/Spring, Google Kubernetes Engine (GKE), and React/Angular expertise, he specializes in identity and access management (IAM) with OAuth2/OIDC and its place in best-practice architecture.
GitHub, Git, Visual Studio Code (VS Code), IntelliJ IDEA, Linux
The most amazing...
...project I've built is the integration of systems for two companies by adding respective OpenID Connect identity providers for identity and access management.
Technical Architect/Lead Engineer
- Designed, built, documented, and advanced a framework based on React and Spring Boot to help AXA XL's hundreds of in-house apps with re-platforming on a preferred modern stack.
- Created a custom app generator for several common "prototypes" based on https://start.spring.io that utilized our framework.
- Proposed and passed architectures and frameworks to design authority groups within the organization for buy-in and agreed-upon adoption.
- Built a permission service to broker permissions for internal/external users and optionally against Active Directory groups.
- Built several apps and supported other app development teams using the framework while leading an engineering team of over a dozen people.
- Managed deployments in Kubernetes and the migration from one Kubernetes vendor to another. Also migrated from Jenkins/Azure DevOps, Spinnaker, and AKS to Harness and OpenShift.
- Served as the lead engineer for an Angular/TypeScript and Java/Spring Boot application built with JHipster that manages user accounts and issues tokens for training and certification for alcohol licensing.
- Managed deployment, bug fixes, maintenance, and support for an application that has over 1 million user accounts.
- Held weekly meetings with clients to prioritize work and update on progress.
- Migrated the application's SSO integration with Absorb LMS training platform to a newer version.
- Performed a dependency analysis in order to determine an upgrade strategy of libraries to stay on top of CVEs that were scanned as part of the CI process.
- Migrated Jenkins server's Jenkinsfile pipelines to Atlassian's Bitbucket pipelines for publishing images to private Dockerhub account.
Benefits by Design
- Reduced the setup time for development environments from over 8 hours to 15 minutes by Mavenizing manually-managed dependencies, removing JBoss application server customizations and using an embedded Tomcat via Spring Boot, putting any custom third party .jar files in Nexus, and providing default development configurations that "just work."
- Automated a formerly manual release workflow with maven gitflow plugin.
- Dockerized the entire company stack so that developers could run locally without having to run against a shared database instance with "somewhat sanitized" production data.
- Introduced and rolled out Flyway as a SQL schema management and automation solution for an otherwise manual and error-prone process.
- Reduced debug startup time from 15 minutes to under 30 seconds by building a demo-data service that inserted records through code and allowed developers to have a fast and minimal local database.
- Introduced Spring Config Server so that configuration changes would be consistent across projects, git-revisioned, as well as backed up and encrypted on Github.
- Planned, executed and rolled out a Java 8 to Java 11 upgrade for all Java applications and services including OpenJDK distribution selection and validation (Zulu).
- Eliminated memory leaks affecting the application by using VisualVM to view memory usage and narrow in on the offending code.
- Removed dependence on Java Webstart (now deprecated in Java 11) for distributing and updating Java Swing EJB client by distributing a jar-launcher that would automatically update the Java Swing client at startup using Maven Wrapper, Nexus, and some bash to tie it together making it stable and self-updating for over 3 years and counting without issue.
- Created an Angular, Spring Boot, Elasticsearch, PostgreSQL application for the dynamic management of documents that would be made available to different users in different applications allowing filters and rules to be added for customizing document offerings using QueryDSL for typesafe SQL queries.
- Used Express Http Proxy to send requests from hot-reloading Angular to Java API in development mode.
- Implemented Swagger UI for documenting and testing API endpoints.
- Managed SQL schema revisions using Liquibase.
- Build a new AngularJS, Spring Boot, PostgreSQL app for spin-off company "WorkplaceEvolution" offering PaymentEvolution's payroll employees the chance to easily enroll in Green Shield Canada's "Health Assist" benefits.
- Designed and implemented SSO into WorkplaceEvolution app from payroll's employee application "PayChequer."
- Built "in force" enrollment tool for plan members in AngularJS with wizards and validation and integrated it into an existing Heroku-hosted Ruby on Rails backend.
- Architected a customer-facing"quote" enrollment tool with React/Redux with pagination, validation, and entity normalization on existing Rails/Java backend introducing an anti-corruption layer to sanitize legacy models to more relevant ones using MapStruct and adding fullstack e-signature integration with OneSpan to sign-off on enrollment documents.
- Led tech for development.
- Architected and coordinated a two-way integration between a benefits company and a payroll company that allowed mutual API access, data synchronization, and SSO with OAuth2 and OpenID Connect by extracting users and authentication to respective OpenID Connect Providers (Keycloak and IdentityServer).
- Re-engineered CI and DevOps pipelines from manually configured Cruise Control server.
- Integrated OpenID Connect and OAuth2 security across all applications and languages: Ruby On Rails, Angular, React, Spring Boot, Swing.
- Presented alternative solutions regarding GDPR compliance issues with managing partners.
- Used Jenkins X to drastically simplify deployment of the official Keycloak Helm chart to GKE with GitOps-managed custom realm configurations and themes for long-lived staging and production environments using managed PostgreSQL Cloud SQL instances and preview environments with ephemeral PostgreSQL Helm charts.
- Updated, fixed, and ported a Dockerized (but broken) Angular, Spring Boot and MySQL microservices stack to Google App Engine (GCP).
- Served as the interim CTO for fintech startup.
- Recruited the development team, contributed to early schema design, code reviews, DevOps on AWS and developer training.
- Met with financial institutions to discuss technical aspects of collaborative business opportunities.
Software Developer and Board Member
- Oversaw technical direction of Heroku-hosted Ruby on Rails development, hiring, and marketing for this unique NGO startup.
- Built a leaderboard for most active members with Redis key-value store.
- Built a responsive impact network tree with masonry.js and RoR to demonstrate how user involvement multiplies.
- Introduced "IdentityServer" (an OpenID Connect Provider and OAuth2 Authorization Server) with C# .NET Web API as a proof of concept for future partner integration patterns using Identity and Access Management (IAM).
- Consulted on technical direction for early partner integrations.
Innovative Canadians for Change
- Integrated OpenMRS Metadata Sharing Module into OpenMRS-based Kibera Medical Record Initiative (KMRI) platform for use with KMRI concept dictionary and medical forms.
- Refreshed a healthcare project intending to help people make smart prescription drug choices using early JHipster with AngularJS, Bootstrap, Spring Boot, PostgreSQL.
- Implemented SSO with SunLife to direct plan members to recommended generic drug choice.
- Built creditunionsarehelpinghere.com with Rails and AngularJS.
- Led one of four teams responsible for building eBanking for CIBC in Java/Spring.
- Responsible for three sub-teams of 20 developers.
- Investigated and implemented solutions for request throttling, load balancing (F5), and report generation with iText and Jasper Reports.
- Team Lead and developer for healthcare projects.
- Java development for Canada's largest pharmacy including Swing Client and HL7 messaging in server.
- Worked with Canada Health Infoway to provide open source HL7 v3 libraries for Java and .NET called "Message Builder" to increase standardized health messaging adoption. Libraries were generated directly from specifications.
- Developed Java, Spring, JSP, JQuery web test harness "TL7" for testing HL7 messages as health software providers adopt HL7.
- Built "Message Remixer" web application with Java, Spring, JSP, JQuery for managing and creating customizations of HL7 specifcations in provinces per request by Canada Health Infoway.
- Built cross-platform DB-management products in Java/C++ for optimizing SQL queries, generating DDL for specific SQL dialects from existing schemas (DBArtisan), and performance monitoring (Performance Center).
Research In Motion (BlackBerry)
- Designed and prototyped early-attempts at mobile apps.
- Implemented crypto RFCs in Java for crypto libraries.
BMO Nesbitt Burns
- Produced HTML, CSS standards for investments website.
SpringOne Platform 2019 Speakerhttps://springoneplatform.io/2019/sessions/implementing-microservices-security-patterns-protocols-with-spring-security
Devoxx France 2020 Speakerhttps://www.devoxx.fr/2020/05/13/le-programme-2020/
Open Source Contributor
Spring, Spring Boot, Spring Security, OAuth 2, .NET, Bootstrap, Jakarta Server Pages (JSP), Hibernate, Ruby on Rails (RoR), Angular, AngularJS, YARN, JUnit, Jest, JSON Web Tokens (JWT), Redux, NestJS, WebFlux, Swagger
Azure Active Directory Graph API, OpenID, React, Node.js, jQuery, QueryDSL, React Router, Reactstrap, React Redux, Normalizr, Passport.js
Auth0, Apache Maven, Git, JHipster, GitHub, IntelliJ IDEA, Google Kubernetes Engine (GKE), Jenkins, Helm, NPM, Apache Tomcat, Redux Thunk, Travis CI, Jira, Bitbucket
Single Sign-on (SSO), OpenID Connect (OIDC), CI/CD Pipelines, Serverless, HL7, Axios
Microservices Architecture, Continuous Integration (CI), Continuous Deployment, DevOps
Docker, WebSphere, Azure, Linux, Google Cloud Platform (GCP), JBoss, Heroku, Amazon EC2, Google App Engine, Visual Studio Code (VS Code)
MongoDB, Azure Cosmos DB, Azure Active Directory, Redis, Spring Data JPA, PostgreSQL, MySQL, Google Cloud SQL, Elasticsearch, Spring Data Elasticsearch
Master of Science Degree in Computer Science
University of Guelph - Guelph, Ontario, Canada
Bachelor's Degree in Computer Science
Trinity Western University - Langley, BC, Canada
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.Start hiring