Responsible for the end-to-end solution design, alignment, and governance of IT applications and technology solutions to support business initiatives in mainland China.
Close collaboration with business stakeholders, solution develiry teams, infrastructure and security architects, and external technology partners to ensure that IT solutions are scalable, secure, compliant, and aligned with enterprise architecture principles and regional regulations,ensuring compliance with regualtory requirements(e.g., data localization, cybersecurity laws), and proposing fit-for-purpose solution architectures that enable operational efficiency and digital transformation.
involves
solution architect:application design, integration, togaf
I' m experienced with the enterprise middleware and integration platforms, including rocketmq as well as other mianstream messaging and integration tools.
I use these platform to build event-driven architecture, asynchronous processing, system decoupling, data replication, and real-time data distribution across multiple domains.
Development:hands-on programming
I have good knowledge of mobile application archiecture, especially for Android and Wechat mini programs, which are widely used in China's internet ecosystem.
For wechat mini programs, I am familiar with the framework, native APIs, login and authorization via WeChat Open Platform, payment integration, offlien mode, and performance optimization for high-concurrency senarios.
I also work closely with mobile developers to define API standards, GraphQL integration, authentication, and security policies to ensure stable and secure mobile access.
cloud&data:docker
mysql mogodb
rational database: Mysql
relational database maintains relationships between tables using keys that uniquely indentifying routing tables are called primary.
let's talk about some of the major features of the database, strongly consistent, this type of database and transactional structure.
the consistent funcationality persist all the changes because that is not possible without eventual consistent database.
if you want to using vertical scaling instead of horizontal scaling.
the key-value data can be used for session management and cache.
document database, storage data in the form of document, each document has a key to identify the document, so to understand it, we can see it's kind of key value database.
These kind of databases can be useful when we don't have defined structure of data. another use case can be for content management systems, which we can store bills excel in formal document.
cassandra
graph neo4j. it store data in forms with nodes and relationship on the nodes.
agile methodology.
table changes going to affecte the entire table or data. but gives us liberty for that and we don't need any predefined structure.
non-rational database:
devops:gitlab cicd
security: oauth
compliance.
Tell me, what is your understanding of China-specific IT regulations, including data privacy law and cybersecurity regulations?
I have a solid understanding of China's core IT and data regulatory framework. which consists of three fundamental laws:
cybersecruity law; data security law, personal information protection law.
I also follow key regulations like the Network data security managemnet regulation and requirements for cybersecurity classified protection.MLPS.
In my architecture design, I always apply these principles:
data minimization. - collect only what is necessary.
Sensitive personal information protection. encryption, access control, audit
Data localization. critical data stored within China.
Cross-boarder data transfer. follow security assessment, standard contract
For ticketing, F&B and member systems, I ensure user data, payment data, and transaction records are fully compliant with security, autid and privacy requirements.
Play a key role in gathering and analyzing functional and non-functional requirements, assessing existing solution
encryption SHA-2
Cryptographic hash functions are mathematical operations run on digital data; by comparing the computed hash(i.e the output produces by executing a hashing algorithm to a known and expected hash value, a person can determine the data's integrity). For example, computing the hash of a downloaded file and comparing the result to a previously published hash result can show whether the download has been modified or tampered
SAML vs openID
I am familiar with IAM,OAuth 2.0, OpenID connect and SAML.
IAM manages user identity and access control.
Oauth is for authorization used to grant limited access to resources without sharing credentials.
OpenID Connect is built on Oauth2.0 for authentication, used to verify user identity and get basic profile info.
SAML is an enterprise-grade protocol for single sign-on between organizations, widely used in internal systems and B2B integration.
I've used them to implement SSO, secure login and access controll for mini-program scenarios.ensuring security and compliance.
I have extensive experience implementing application security best practices throughout the software development lifecycle.
I am familiar with the OWASP top 10 items, including SQL injection, CSRF, and insecure API design, I always design systems to mitigate these risks from the beginning.
For encryption, I use TLS 1.2/1.3 for data in transit, and AES for sensitive data at rest. Passwords are stored with strong hashing algorithsm.
I follow secure coding principles:input validation, output encoding, lease privilege access, proper error handling.
I also enforce security code reviews, static application security testing, and dynamic scanning before deployment.
In ticketing, security and compliance are critical. so I always build security by design into the architecture.
I have strong hands-on experience with DevOps practices and end-to-end CICD automation.
Iam familiar with Jenkins, Gitlab CI/CD, and Azure DevOps for building automated pipelines, including code checkout, build ,static code analysis, artifact management, deployment,.
I follow standard DevOps principles:infra as a code, shift-left security, continuous integration, continuous delivery and environment consistency.
In the current projects, I use these tools to build end-to-end automated pipelines for build, test, security scan, and deployment.
I follow shift-left quality and automation practices to improve delivery speed and system stability.
mtls springboot
Securing a web application
This guide walks you through the process of creating a simple web application with resources that are protected by Spring Security.
What you will build
you will build a spring mvc application that secures the page with a login form that is backed by a fixed list of users.
