Skip to content

Principal Solutions Architect

Faraz Ali

Taming enterprise complexity. Simplifying global scale

About

Summary

Principal Solutions Architect with 16+ years building and modernising large-scale, multi-tenant SaaS platforms — 6+ of them at the architect level. I set strategy and roadmaps, define reference and target-state architectures, align cross-functional teams, and advise at C-level to accelerate delivery. My depth is in decomposing monoliths into microservices, cross-domain distributed systems, identity, change data capture (CDC), APIs and integrations, and agentic/MCP platforms.

16+ yrs
engineering experience
6+ yrs
at architect level
Reports to CTO/HoE
at ELMO Software
ISO 27001 / 42001
led accreditation

How I work

How I practise enterprise architecture

Four areas I lead across, and the principles I hold myself to in each.

Strategy & alignment

Strategic traceability

Every architectural decision traces back to a business goal.

Value realization

Architecture isn’t done until the value is realized.

Leadership buy-in

I secure C-level sponsorship so architecture ships, not shelf-ware.

Governance & standards

Guardrails over gates

Empower teams with boundaries; don’t block them with bureaucracy.

Evolutionary governance

Governance evolves as fast as the business changes.

Decision rights

Explicit decision rights (DACI) beat gathering more data.

Technology & capability

Capability over systems

I design for capability, not just today’s technology.

Reuse first

Look for what can be reused before building something new.

Tech-debt visibility

You can’t manage what you don’t map.

People & culture

Architect as influencer

Influence beats control in modern orgs.

Narrative

Every architecture tells a story stakeholders understand.

Skills evolution

I keep coding, coaching, and communicating.

Capability map

Where I operate

Five domains I set architecture and standards across — colour-coded for orientation, not seniority.

Principal Solutions Architect
Sets current- & target-state architecture · advises the C-suite

Distributed systems & events

  • Kafka, Confluent, Redpanda
  • Debezium CDC pipelines
  • Avro & Schema Registry
  • Event-driven architecture
  • Time-based consumer SLOs
  • Multi-region, GDPR-aware data

Identity & AI security

  • OAuth2, OIDC, SAML, JWT
  • PKCE & device authorization
  • MCP auth, consent & AI gateways
  • IAM, SCIM, Kong, Keycloak
  • ISO 27001 · DevSecOps
  • Mobile / QR-code login

Platform & integration

  • Public API, BFF & SPA pattern
  • Multi-tenant platform services
  • Two-way data sync
  • Config, notifications, shared services
  • API standards & REST design
  • Reusable Terraform & containers

Architecture leadership

  • Current- & target-state (strawman)
  • Reference architectures
  • DACI decision records
  • C-suite technical strategy
  • Governance & org-wide standards
  • Delivery maturity models

Modernisation

  • Strangler fig pattern
  • Thin-slice extraction
  • Interceptor / shadow-run cutover
  • DDD & service right-sizing
  • Evolutionary architecture
  • Technical-debt management
16+ years · 6+ as architect
TypeScript · JavaScript · PHP · AWS · Confluent · Kubernetes · Terraform

Recent work

Recent initiatives I've led

Cross-domain platform, identity, and AI work at ELMO Software — each turned into reusable patterns and org-wide standards.

AI / MCP authorization platform

Featured

Principal Architect · 2024–25

Designed a multi-phase MCP (Model Context Protocol) authorization architecture letting AI agents (Glean, Claude) securely access multi-tenant ELMO data on a user’s behalf — an AgentCore Gateway fronting N sub-MCP servers, inbound JWT validation against the identity server, semantic tool routing, hierarchical per-tenant scope filtering, PKCE-only public clients, and incremental consent via WWW-Authenticate challenges.

  • AWS Bedrock AgentCore
  • Kong
  • OAuth2/PKCE
  • OIDC
  • JWT/JWKS
  • MCP

Event streaming & CDC pipeline

Architect / DACI Driver · 2025–26

Drove the event-streaming platform decision (DACI) — Kinesis vs Kafka/MSK, DMS vs Debezium+Kafka Connect — landing on Apache Kafka for CDC and domain events. Architected the ELMO Kafka Consumer Library (EKCL), defined time-based CDC SLOs targeting p95 < 500ms, and set the schema-registry strategy for 400+ source tables across 5+ teams.

  • Apache Kafka
  • MSK
  • Debezium
  • Avro
  • Schema Registry
  • Node.js

Identity platform — device auth & QR login

Principal Security Architect & Team Lead · 2023–24

Led the upgrade of ELMO’s identity server to the OAuth2 Device Authorization flow, enabling mobile-app login via QR code. Implemented the IETF specifications and hardened the flow beyond the baseline spec, with automated security scanning built into the delivery pipeline.

  • OAuth2 Device Flow
  • OIDC
  • PKCE
  • JWT
  • CI/CD

Two-way data sync — payroll integration

Principal Architect · 2023–24

Principal architect for a two-way sync keeping payroll data consistent between two independent systems, partnering with Thoughtworks Australia. Designed an event-ledger state machine and a worker/conflict-management service with timestamp-based conflict resolution, on a serverless + container stack with full observability.

  • AWS SNS/SQS/Lambda
  • DynamoDB
  • Elasticsearch
  • Kubernetes
  • WSO2

Public API, BFF & SPA foundational pattern

Principal Architect · 2022–23

Authored and ratified the Public API / BFF / SPA pattern: per-service-area CloudFront edge routing, S3-hosted SPAs, BFFs keeping auth secrets server-side in ElastiCache/Redis, and distributed public API gateways under one apex domain. Built reusable Terraform modules and a shared BFF container image, plus the external-party OAuth2 access model.

  • CloudFront
  • API Gateway
  • Lambda
  • ElastiCache/Redis
  • Terraform
  • OAuth2

Monolith modernisation — thin-slice refactoring

Architect · Ongoing

Defined the strategy for re-architecting the monolith toward target state using the Strangler Fig and Interceptor patterns — replacing functionality in small, low-risk slices. Specified parallel/shadow-run for high-risk extractions (payroll tax engine, permissions module) and tied modernisation to event interception so new services develop without coupling to the legacy emitter.

  • Strangler Fig
  • Interceptor pattern
  • Event interception
  • DDD

Architecture showcase

MCP authorization platform

The most current and differentiating piece of work — secure AI-agent access to multi-tenant data.

AI agents like Glean and Claude need to act on a user's behalf against multi-tenant ELMO data — without ever exceeding what that user, or their tenant, is allowed to see. The design threads an OAuth2/PKCE token (no client secret) from the agent host through an AgentCore Gateway, a fleet of sub-MCP servers, and the Kong API gateway down to the downstream services.

JWTs are validated and scope is enforced at every tier, with hierarchical per-tenant scope filtering applied at the identity server's /authorize endpoint. Insufficient-scope responses drive incremental consent via WWW-Authenticate challenges, so agents request exactly the access they need and no more.

AI agent host
Glean / Claude
TMS identity server
PKCE · per-tenant scopes

← OAuth2 + PKCE authorization (no client secret) →

Bearer token
AgentCore Gateway
Validate inbound JWT (JWKS) · semantic tool routing · tool catalogue
Sub-MCP servers (1..N)
Validate JWT · check scope claim · 403 insufficient_scope → incremental consent
Kong API gateway
Verify JWT + secret header · path-based route · strip secret before upstream
Downstream API services
Final JWT validation: signature, audience, scope, expiry

JWT validated and scope enforced at every tier · hierarchical per-tenant scope filtering at the identity server

Career timeline & key initiatives

2024–25 · AI / MCP authorization platform
AgentCore Gateway, hierarchical per-tenant scopes, PKCE, incremental consent, Kong
2024–25 · Event streaming & CDC pipeline
Kafka/Debezium DACI, EKCL consumer library, schema registry, time-based SLOs
2023–24 · Identity server & two-way sync
OAuth2 device flow + QR login; payroll two-way sync with Thoughtworks
2021–23 · Platform patterns & IAM
Public API/BFF/SPA, integrations platform, IAM with SCIM, governance framework
2016 · Joined ELMO Software, Sydney
Grew from mid-level developer to Principal Solutions Architect
2008–16 · Earlier career
Head of Programming, Mariah Solutions · Temenos T24 consultant, NDC

Standards & writing

What I codify

Architecture only scales when it becomes the patterns and standards an org actually runs on.

API Standards

Org-wide, 100+ readers

REST design, versioning, resource modelling, bulk/idempotency, error responses.

Right-Sizing Your Service Areas

Ratified

A microservice guide on coupling metrics, cohesion and decomposition.

Load Testing & Planning for Goodput

Published

SLOs, peak/average load, replica and goodput calculations.

Major author of ELMO’s Architecture Handbook — Architectural Vision & North Star, Architecture Principles, the Strawman stack, Reference Architectures (monolith / microservice / serverless), database-tenancy & naming guides, Refactoring the Monolith, Public API/BFF/SPA, Authentication & Token Auth, Event Streaming (Kafka), and ELMO MCP.

Technologies

AI & Agentic apps
Model Context Protocol (MCP), WebMCP, AWS Bedrock, Bedrock AgentCore, Bedrock Guardrails, Claude, Glean, LangChain, agent authorization (OAuth2/PKCE, incremental consent), Kong AI Gateway, semantic tool routing, RAG & vector search (pgvector, OpenSearch), Temporal agent workflows
Streaming & Data
Apache Kafka, Confluent, Redpanda, Debezium, Avro, Schema Registry, Kinesis, Redshift, Aurora, DynamoDB, RDS/MySQL, Elasticsearch, Redis
Languages
TypeScript, Python, JavaScript, PHP, C#, Java, Lua, Groovy
AWS
API Gateway, Lambda, SNS, SQS, Kinesis, S3, CloudFront, ElastiCache, Cognito, Bedrock AgentCore, ECR, WAF, VPC, IAM
Identity & Gateways
Kong, Keycloak, OAuth2/OIDC/SAML, AWS API Gateway, WSO2 API Gateway
Platform & DevSecOps
Docker, Kubernetes, Helm, ArgoCD/FluxCD, Jenkins, SonarQube, Artifactory, Terraform
Observability
Elastic, Kibana, Grafana, APM, RUM, JMeter, Vegeta

Recommendations

What colleagues say

In their own words — recommendations from leaders and peers I’ve worked with.

I've had the privilege of working closely with Faraz for the past 8 years, and he is, without question, one of the finest architects I've ever worked alongside.

Faraz pairs deep technical rigour with something rarer: the ability to bring people with him on the journey. He defined many of the architectural patterns that shaped ELMO into what it is today — but what stands out just as much is how he did it. He teaches, he mentors, and he genuinely listens. He has an exceptional eye for detail, yet he's never precious about his own ideas; he actively invites other perspectives, takes feedback on board graciously, and makes everyone around him better for it.

What also sets Faraz apart is his sheer breadth. He's equally at home across authentication, API design, MCPs, databases, and Kafka data pipelines, right down to the operational detail of how a system behaves in production. He has a habit of taking on the hardest, messiest problems and clearing the path so the rest of the team can move faster. He's also been ahead of the curve in using AI thoughtfully — not as a gimmick, but to genuinely improve the developer experience and help technical and non-technical people land on a shared understanding. Hand him an architectural problem and you can trust it'll be seen through to completion.

On a personal note, I'm a far stronger architect because of Faraz. He took the time to explain his thinking, challenge mine, and lift the people around him rather than simply solving problems in isolation.

Any team would be lucky to have him. I would recommend him to anyone.

Aaron Pejakovic
Aaron Pejakovic
Platform Engineering Manager at ELMO Software
Worked on the same team · Jun 2026

Faraz has proven himself as an exceptional Architect who is an absolute dream to work with.

As a boots-on-the-ground architect, Faraz has spearheaded numerous complex technical and product initiatives, working both inter-team and within teams, he has been instrumental in the examination and delivery of numerous complex and critical pieces, while under difficult requirements and deadlines.

Always leading from the front, Faraz has keen eye for detail and system lifecycles, providing context, standards, and direction for those he works with. Faraz routinely solves the hardest problems and clears the path for the rest of the team. Faraz's utilization of AI helps bridge the gap between the highly technical and the human element, using techniques that result in a drastically improved developer experience, enabling a better shared understanding for all.

Having worked with Faraz for many, many years, he has earned the trust of his colleagues many times over, as a person who can act in a self-sufficient manner on any architectural concerns, across Auth, APIs, MCPs, Databases, Kafka data pipelines Operations, down to the nuts and bolts of any application or product. I would happily work with Faraz on any project, or simply leave him to run it down to completion by himself.

I firmly believe the best years of Faraz's career are ahead of him, fully equipped with the knowledge and tools to empower teams, reduce cruft, simplify operations, and get things done.

Dave Newson
Dave Newson
Software Development Team Lead at ELMO Talent Management Software
Worked on the same team · Jun 2026

I've had the pleasure of working with Faraz at ELMO, and I can confidently say he's been one of those people who makes a lasting impact not just through his work, but through how he works with others.

Faraz has a rare ability to bring people together across teams, align stakeholders with different priorities, and keep conversations focused on the outcome that matters most. He communicates with clarity, patience, and professionalism, which makes him someone people naturally trust and enjoy working with.

What has always stood out to me most is his reliability and long-term contribution. Faraz has consistently shown up, delivered, and helped drive meaningful progress over time. He brings a steady presence, strong judgment, and a collaborative mindset that lifts the people around him.

As he moves on from ELMO, I have no doubt he'll continue to make a positive impact wherever he goes next. Any team would be fortunate to have him.

Eugene Lai
Eugene Lai
Frontend Architect · Product & UI Systems · Ex-Atlassian
Worked on the same team · Jun 2026

Faraz is an excellent architect who can really see the big picture and software evolution over different time scales. At the same time, he can dive deep and solve really knotted problems across code and infrastructure. It was always a pleasure to get in front of a whiteboard with Faraz - his ability to both grasp and explain concepts is phenomenal. Not to mention his enthusiasm and humility, which are truly infectious.

Dinesh Gurram
Dinesh Gurram
Head of Engineering at Evermed
Worked on the same team · Oct 2021

More on LinkedIn .

Contact

Let's talk

Open to senior and principal architecture roles. The fastest way to reach me is email or LinkedIn.

Location
Sydney, Australia · Australian citizen

Background

Bachelor of Computer Sciences

FAST-NU, Pakistan · Aug 2004 – Jun 2008


  • Mariah Solutions

    Senior Developer → Head of Programming · Jeddah

    May 2010 – Jan 2016

  • NDC Technologies

    Temenos T24 Consultant

    Aug 2008 – Apr 2010