35%
Lift in customer engagement
OWASP
Top 10 awareness applied throughout
The brief
Leatherback (Rexelpay) was launching a UK-based fintech platform — virtual accounts, onboarding, transactions, fund exchange — and needed someone to own the cross-cutting services that everything else depended on.
What I built
The notifications backbone
- Took ownership of the notifications microservice, written in C# and .NET Core. Used consumer / request-response strategies in MassTransit as a connector for RabbitMQ to communicate between services.
- Integrated Twilio-SendGrid for messaging capabilities across OTP, info exchange, and customer communications — boosting customer engagement by 35%.
- Became the project expert for the notifications service, handling inquiries and improvement suggestions across teams.
Secure transactions
- Designed and maintained transaction APIs alongside the digital banking team. Used Blowfish cipher (via bcrypt) for one-way hashing of transaction PINs.
- Applied Rijndael (AES) encryption for OTP and security-question two-way encryption.
- Designed APIs following SOLID principles with isolation of Presentation, Core, and Infrastructure layers, and CQRS for data flow isolation.
Pilot launch and security culture
- Led the pilot phase for v1 of the platform — virtual accounts, onboarding, transactions, and fund exchange — in close collaboration with the engineering team.
- Maintained extensive understanding of the OWASP Top 10, consistently identifying and mitigating web app security risks.
- Evaluated security implications of pull requests and architectural decisions during code reviews.
"Security work mostly looks like saying no in code review. Done right, nobody notices and nothing happens."