Systems / Backend Engineer·New Delhi, India
I build high-performance, fault-tolerant backend systems from scratch — runtimes, consensus, and applied cryptography, down to the bytes on the wire.
Systems and backend engineer. I build high-performance, fault-tolerant services — and everything beneath them, from the language runtime down to the bytes on the wire.
C++ carries the performance-critical paths; JavaScript and TypeScript handle the services around them. I design the data layer with SQL and Redis, containerize with Docker, and orchestrate at scale on Kubernetes across AWS. I work in distributed systems and network programming, and on the unglamorous reliability problems — backpressure, failover, consistency — that decide whether a system holds up under load.
A cluster of three C processes that behave as one reliable key-value store, implementing the Raft paper closely — leader election, log replication, and crash recovery over raw POSIX sockets. A write acknowledged to the client has been persisted to a majority of nodes and survives any single failure, including a hard SIGKILL at the worst possible moment; a crashed node replays its log and catches up on rejoin with no manual intervention. Each node runs four threads — listener, election timer, leader heartbeat, and an apply thread draining committed entries into the store — over a single mutex-protected state machine. The log is the source of truth: entries are appended with O_DSYNC so a write doesn't return until it hits stable storage, the same durability guarantee Postgres uses for its WAL. Nodes speak a hand-rolled binary wire protocol with a 4-byte framed header, every read funnelled through recv_all to survive partial TCP reads. Correctness is proven by a chaos suite — random node kills under continuous writes, network partitions via iptables, leader failover — verified clean under ThreadSanitizer, ASan, and UBSan.
An HTTP/1.1 server framework built entirely from scratch on raw TCP sockets — bypassing Node's http module for only net/tls, crypto, and zlib. A byte-level incremental parser reassembles requests across TCP packets and stays deliberately strict against request smuggling, rejecting conflicting Transfer-Encoding and Content-Length, obsolete line folding, and oversized headers. A radix-trie router with path parameters and wildcards feeds an onion-model async middleware engine; the server speaks keep-alive, request pipelining, and chunked transfer-encoding. Static delivery handles range requests, ETags, and conditional 304s; responses negotiate gzip / brotli / deflate. Real-time traffic rides over WebSockets (RFC 6455) and Server-Sent Events. Security and operations are first-class — JWT with algorithm pinning and constant-time verification, CORS, sliding-window rate limiting, Prometheus metrics, health checks, and graceful shutdown with in-flight draining. Benchmarks around 10k req/s with p99 latency near 8 ms.
A service for sharing passwords, API keys, and sensitive strings without leaving them in chat logs and inboxes forever. The sender encrypts the secret client-side with AES-256-GCM under a key derived via HKDF from a random token, then posts only the ciphertext, IV, and auth tag; the server stores them in Redis and returns a one-time URL. The token lives only in the URL fragment (#), which browsers strip before sending a request — so the key never reaches the server, not even in its access logs. The server is a courier, not a custodian: it moves ciphertext it cannot read. Retrieval uses Redis GETDEL to fetch and delete atomically, closing the race where a second concurrent request could also claim the secret; a second read returns 404. Authenticated encryption means any tampering with the stored ciphertext fails decryption with a hard error rather than returning plausible garbage, and unclaimed secrets self-expire via Redis TTL with no cleanup job.
Systems & Networking
A peer-to-peer content-distribution system in C++17 over raw POSIX sockets, with zero external dependencies. A control/data-plane split keeps a two-node tracker cluster holding metadata only, while 512 KiB pieces move directly between peers. Trackers stay consistent through idempotent, op-based replication with snapshot bootstrap — converging without consensus or acknowledgements, so a partitioned node self-heals on reconnect. Fail-over is transparent: client RPCs retry onto a surviving tracker with session replay, leaving in-flight transfers undisturbed. A rarest-first scheduler runs over a multi-connection pool with per-piece SHA-1 verify-before-commit; memory stays constant in file size via positional I/O and streaming hashes — a 200 MB transfer in roughly 7 MB RSS. Thread-per-connection with RAII ownership; verified clean under ASan, UBSan, and LeakSanitizer.
An interactive Unix shell built directly on process-management primitives. Implements the core built-ins, input/output redirection, arbitrary-depth pipelines, background job control, and full signal handling, with tab completion and a persistent, navigable command history.
Security & Cryptography
A Kerberos-inspired authentication system that survives the compromise of any single authority. Tickets are issued under a 2-of-3 Schnorr multi-signature scheme distributed across Authentication and Ticket-Granting servers, each contributing a partial signature that must be threshold-aggregated; tickets are sealed with AES-256-CBC. Ships with attack simulations for key leakage and offline-authority compromise.
A secure command-and-control link between a Mission Control Center and a fleet of drones. Hand-implemented 2048-bit ElGamal, HMAC-SHA256, and AES-256-CBC provide mutual authentication, session- and group-key establishment, and encrypted fleet-wide command broadcast — handshake under 500 ms after key generation.
A stateful, symmetric-key secure-communication protocol between a server and multiple clients, designed to hold up in a hostile network environment.
Oracle Database · PL/SQL · SQL · Linux
The work I care about lives close to the metal and under load — where correctness, latency, and failure behavior decide whether a system actually survives contact with the real world.
This is the part I could talk about for hours. Away from backend work, I'm pulled toward the place where software stops being abstract and starts moving things in the physical world — embedded systems, autonomous flight, and rocketry. It's the same instinct as my day-to-day — tight C++, hard real-time constraints, reliability when failure isn't an option — pointed at machines that fly.
Firmware down at the silicon: microcontrollers, real-time control loops, interrupt-driven I/O, and the craft of staying provably correct inside a few kilobytes of RAM and a fixed deadline. The constraints are brutal — which is exactly why I love them.
The whole flight stack: IMU and sensor fusion at the bottom, state estimation and control loops in the middle, telemetry and autonomy at the top — and a secure, reliable link between ground and air, the thread that ran through my UAV command-and-control project.
Flight computers and the guidance, navigation & control that fly them: sensor fusion for apogee detection, recovery, and telemetry under vibration and g-load. Avionics that get exactly one chance to work is the most demanding systems problem I know — and the one I most want to spend my life on.
It all comes back to one obsession: real-time, safety-critical software that has to be right the first time. That's the engineer I'm working to become.