Stephen Doxsee, Developer in Toronto, ON, Canada
Stephen is available for hire
Hire Stephen

Stephen Doxsee

Verified Expert  in Engineering

Software Developer

Toronto, ON, Canada
Toptal Member Since
September 20, 2019

Stephen has over 18 years of software engineering experience across organizational sizes and sectors. He's a SpringOne Platform speaker and open source contributor to the JHipster, Spring Security, and Spring Boot projects. Besides Java/Spring, Google Kubernetes Engine (GKE), and React/Angular expertise, he specializes in identity and access management (IAM) with OAuth2/OIDC and its place in best-practice architecture.


DevOps, OpenID Connect (OIDC), Azure Active Directory, Spring Security...
Smart Serve
DevOps, Jira, Bitbucket, Docker, PostgreSQL, JavaScript, Node.js, Angular...
Benefits by Design
DevOps, OpenID Connect (OIDC), Spring Security, OAuth 2, OpenID, Node.js...




Preferred Environment

GitHub, Git, Visual Studio Code (VS Code), IntelliJ IDEA, Linux

The most amazing...

...project I've built is the integration of systems for two companies by adding respective OpenID Connect identity providers for identity and access management.

Work Experience

Technical Architect/Lead Engineer

2020 - 2022
  • Designed, built, documented, and advanced a framework based on React and Spring Boot to help AXA XL's hundreds of in-house apps with re-platforming on a preferred modern stack.
  • Created a custom app generator for several common "prototypes" based on that utilized our framework.
  • Proposed and passed architectures and frameworks to design authority groups within the organization for buy-in and agreed-upon adoption.
  • Built a permission service to broker permissions for internal/external users and optionally against Active Directory groups.
  • Built several apps and supported other app development teams using the framework while leading an engineering team of over a dozen people.
  • Managed deployments in Kubernetes and the migration from one Kubernetes vendor to another. Also migrated from Jenkins/Azure DevOps, Spinnaker, and AKS to Harness and OpenShift.
Technologies: DevOps, OpenID Connect (OIDC), Azure Active Directory, Spring Security, Azure Cosmos DB, React, Azure, Spring Boot, Java, GitHub, CI/CD Pipelines, GraphQL

Lead Engineer

2019 - 2020
Smart Serve
  • Served as the lead engineer for an Angular/TypeScript and Java/Spring Boot application built with JHipster that manages user accounts and issues tokens for training and certification for alcohol licensing.
  • Managed deployment, bug fixes, maintenance, and support for an application that has over 1 million user accounts.
  • Held weekly meetings with clients to prioritize work and update on progress.
  • Migrated the application's SSO integration with Absorb LMS training platform to a newer version.
  • Performed a dependency analysis in order to determine an upgrade strategy of libraries to stay on top of CVEs that were scanned as part of the CI process.
  • Migrated Jenkins server's Jenkinsfile pipelines to Atlassian's Bitbucket pipelines for publishing images to private Dockerhub account.
Technologies: DevOps, Jira, Bitbucket, Docker, PostgreSQL, JavaScript, Node.js, Angular, Spring, Java, GitHub, CI/CD Pipelines

Solutions Architect

2014 - 2019
Benefits by Design
  • Reduced the setup time for development environments from over 8 hours to 15 minutes by Mavenizing manually-managed dependencies, removing JBoss application server customizations and using an embedded Tomcat via Spring Boot, putting any custom third party .jar files in Nexus, and providing default development configurations that "just work."
  • Automated a formerly manual release workflow with maven gitflow plugin.
  • Dockerized the entire company stack so that developers could run locally without having to run against a shared database instance with "somewhat sanitized" production data.
  • Introduced and rolled out Flyway as a SQL schema management and automation solution for an otherwise manual and error-prone process.
  • Reduced debug startup time from 15 minutes to under 30 seconds by building a demo-data service that inserted records through code and allowed developers to have a fast and minimal local database.
  • Introduced Spring Config Server so that configuration changes would be consistent across projects, git-revisioned, as well as backed up and encrypted on Github.
  • Planned, executed and rolled out a Java 8 to Java 11 upgrade for all Java applications and services including OpenJDK distribution selection and validation (Zulu).
  • Eliminated memory leaks affecting the application by using VisualVM to view memory usage and narrow in on the offending code.
  • Removed dependence on Java Webstart (now deprecated in Java 11) for distributing and updating Java Swing EJB client by distributing a jar-launcher that would automatically update the Java Swing client at startup using Maven Wrapper, Nexus, and some bash to tie it together making it stable and self-updating for over 3 years and counting without issue.
  • Created an Angular, Spring Boot, Elasticsearch, PostgreSQL application for the dynamic management of documents that would be made available to different users in different applications allowing filters and rules to be added for customizing document offerings using QueryDSL for typesafe SQL queries.
  • Used Express Http Proxy to send requests from hot-reloading Angular to Java API in development mode.
  • Wrote tests with JUnit/Mockito for Java and Karma/Jasmine for JavaScript and Webpack for module bundling.
  • Implemented Swagger UI for documenting and testing API endpoints.
  • Managed SQL schema revisions using Liquibase.
  • Build a new AngularJS, Spring Boot, PostgreSQL app for spin-off company "WorkplaceEvolution" offering PaymentEvolution's payroll employees the chance to easily enroll in Green Shield Canada's "Health Assist" benefits.
  • Designed and implemented SSO into WorkplaceEvolution app from payroll's employee application "PayChequer."
  • Built "in force" enrollment tool for plan members in AngularJS with wizards and validation and integrated it into an existing Heroku-hosted Ruby on Rails backend.
  • Architected a customer-facing"quote" enrollment tool with React/Redux with pagination, validation, and entity normalization on existing Rails/Java backend introducing an anti-corruption layer to sanitize legacy models to more relevant ones using MapStruct and adding fullstack e-signature integration with OneSpan to sign-off on enrollment documents.
  • Led tech for development.
  • Architected and coordinated a two-way integration between a benefits company and a payroll company that allowed mutual API access, data synchronization, and SSO with OAuth2 and OpenID Connect by extracting users and authentication to respective OpenID Connect Providers (Keycloak and IdentityServer).
  • Re-engineered CI and DevOps pipelines from manually configured Cruise Control server.
  • Integrated OpenID Connect and OAuth2 security across all applications and languages: Ruby On Rails, Angular, React, Spring Boot, Swing.
  • Presented alternative solutions regarding GDPR compliance issues with managing partners.
  • Used Jenkins X to drastically simplify deployment of the official Keycloak Helm chart to GKE with GitOps-managed custom realm configurations and themes for long-lived staging and production environments using managed PostgreSQL Cloud SQL instances and preview environments with ephemeral PostgreSQL Helm charts.
Technologies: DevOps, OpenID Connect (OIDC), Spring Security, OAuth 2, OpenID, Node.js, Ruby on Rails (RoR), Ruby, Angular, React, PostgreSQL, Spring Boot, Java, GitHub, CI/CD Pipelines, Docker, Security Research

Software Developer

2018 - 2018
  • Updated, fixed, and ported a Dockerized (but broken) Angular, Spring Boot and MySQL microservices stack to Google App Engine (GCP).
Technologies: DevOps, Bootstrap, Angular, Microservices Architecture, Spring Boot, Java, Google App Engine, GitHub, CI/CD Pipelines

Interim CTO

2016 - 2016
  • Served as the interim CTO for fintech startup.
  • Recruited the development team, contributed to early schema design, code reviews, DevOps on AWS and developer training.
  • Met with financial institutions to discuss technical aspects of collaborative business opportunities.
Technologies: Microservices Architecture, AngularJS, Spring, Java, GitHub, CI/CD Pipelines, Docker

Software Developer and Board Member

2011 - 2016
  • Oversaw technical direction of Heroku-hosted Ruby on Rails development, hiring, and marketing for this unique NGO startup.
  • Built a leaderboard for most active members with Redis key-value store.
  • Built a responsive impact network tree with masonry.js and RoR to demonstrate how user involvement multiplies.
Technologies: Heroku, Redis, JavaScript, Ruby on Rails (RoR), Ruby, GitHub, CI/CD Pipelines

Solutions Architect

2014 - 2015
Payment Evolution
  • Introduced "IdentityServer" (an OpenID Connect Provider and OAuth2 Authorization Server) with C# .NET Web API as a proof of concept for future partner integration patterns using Identity and Access Management (IAM).
  • Consulted on technical direction for early partner integrations.
Technologies: OpenID Connect (OIDC), OAuth 2, OpenID, .NET, C#, GitHub

Software Developer

2014 - 2014
Innovative Canadians for Change
  • Integrated OpenMRS Metadata Sharing Module into OpenMRS-based Kibera Medical Record Initiative (KMRI) platform for use with KMRI concept dictionary and medical forms.
Technologies: JavaScript, MySQL, Spring, Java, GitHub

Lead Developer

2014 - 2014
  • Refreshed a healthcare project intending to help people make smart prescription drug choices using early JHipster with AngularJS, Bootstrap, Spring Boot, PostgreSQL.
  • Implemented SSO with SunLife to direct plan members to recommended generic drug choice.
Technologies: Node.js, AngularJS, PostgreSQL, Spring Boot, Java, GitHub

Web Developer

2014 - 2014
  • Built ​ with Rails and AngularJS.
Technologies: AngularJS, Ruby on Rails (RoR), Ruby, GitHub

Team Lead

2014 - 2014
  • Led one of four teams responsible for building eBanking for CIBC in Java/Spring.
  • Responsible for three sub-teams of 20 developers.
  • Investigated and implemented solutions for request throttling, load balancing (F5), and report generation with iText and Jasper Reports.
Technologies: Spring, Java

Software Developer

2008 - 2012
Intelliware Development
  • Team Lead and developer for healthcare projects.
  • Java development for Canada's largest pharmacy including Swing Client and HL7 messaging in server.
  • Worked with Canada Health Infoway to provide open source HL7 v3 libraries for Java and .NET called "Message Builder" to increase standardized health messaging adoption. Libraries were generated directly from specifications.
  • Developed Java, Spring, JSP, JQuery web test harness "TL7" for testing HL7 messages as health software providers adopt HL7.
  • Built "Message Remixer" web application with Java, Spring, JSP, JQuery for managing and creating customizations of HL7 specifcations in provinces per request by Canada Health Infoway.
Technologies: jQuery, Spring, Java, CI/CD Pipelines

Software Developer

2005 - 2007
  • Built cross-platform DB-management products in Java/C++ for optimizing SQL queries, generating DDL for specific SQL dialects from existing schemas (DBArtisan), and performance monitoring (Performance Center).
Technologies: SQL, C++, Java

Software Developer

2001 - 2002
Research In Motion (BlackBerry)
  • Designed and prototyped early-attempts at mobile apps.
  • Implemented crypto RFCs in Java for crypto libraries.
Technologies: Java

Web Developer

2000 - 2000
BMO Nesbitt Burns
  • Produced HTML, CSS standards for investments website.
Technologies: WebSphere, CSS, Jakarta Server Pages (JSP), HTML

SpringOne Platform 2019 Speaker

Implementing Microservices Security Patterns and Protocols with Spring Security.

Technical Blog
My personal technical blog.

Devoxx France 2020 Speaker
Speaker for the Devoxx France 2020 conference based on security research in microservices architectures. Unfortunately, the event was canceled due to COVID-19 but the program was published to acknowledge the speakers.

Open Source Contributor

Spring Boot, Spring Security, JHipster
2003 - 2005

Master of Science Degree in Computer Science

University of Guelph - Guelph, Ontario, Canada

1999 - 2003

Bachelor's Degree in Computer Science

Trinity Western University - Langley, BC, Canada


Azure Active Directory Graph API, OpenID, React, Node.js, jQuery, QueryDSL, React Router, Reactstrap, React Redux, Normalizr, Passport.js


Auth0, Apache Maven, Git, JHipster, GitHub, IntelliJ IDEA, Google Kubernetes Engine (GKE), Jenkins, Helm, NPM, Apache Tomcat, Redux Thunk, Travis CI, Jira, Bitbucket


Spring, Spring Boot, Spring Security, OAuth 2, .NET, Bootstrap, Jakarta Server Pages (JSP), Hibernate, Ruby on Rails (RoR), Angular, AngularJS, Yarn, JUnit, Jest, JSON Web Tokens (JWT), Redux, NestJS, WebFlux, Swagger


Java, JavaScript, HTML, CSS, Ruby, C#, SQL, Sass, C++, TypeScript, GraphQL


MongoDB, Azure Cosmos DB, Azure Active Directory, Redis, Spring Data JPA, PostgreSQL, MySQL, Google Cloud SQL, Elasticsearch, Spring Data Elasticsearch


Microservices Architecture, Continuous Integration (CI), Continuous Deployment, DevOps


Docker, WebSphere, Azure, Linux, Google Cloud Platform (GCP), JBoss, Heroku, Amazon EC2, Google App Engine, Visual Studio Code (VS Code)


Single Sign-on (SSO), OpenID Connect (OIDC), CI/CD Pipelines, Serverless, HL7, Axios, Security Research

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.


Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring