Hey hey people, Nik here: [resume.br11k.dev](http://resume.br11k.dev) >!(**sseth** reference, yes... yes, **THAT** one)!**Your SaaS product is not "a bit messy".**
You see, it is a haunted mansion built on PostgreSQL, duct-taped to AWS, guarded by a React 0.14 frontend you still use to support IE8 that screams when you touch the billing page, and powered by a backend monolith old enough to legally rent a car in some jurisdictions.
Somewhere inside, there is a checkbox called `legacy_mode_enabled_v2_final_REAL`. Nobody knows what it does. But last time someone removed it, Belgium lost invoices, finance lost faith, and your ex-girlfriend texted "is this your fault?"
>Hello. I'm Nik. Just in case you forgot.
I'm your average Software Engineer with **12+** years of experience spelunking through B2B SaaS crypts, auth labyrinths, e-commerce machinery, ed-tech platforms, onboarding funnels, and legacy codebases where the production architecture diagram is just a Slack message from **2019** saying **"do not use, WIP"**.
>My weapons are simple but **efficient**
Ruby on Rails, React, Vue, Django, TypeScript, Node, PostgreSQL, Redis, AWS, Docker, Terraform, CI/CD, observability, tests, debugging techniques from forgotten era of breakpoints, watches, call stacks, and the ancient belief that computers do exactly what you told them, as well as the calm of someone who knows your app still accepts **Yugoslavia**, but your payment provider does **not**.
My craft includes:
* **Full-stack development** — when **"probably just a UI bug"** means checkout sometimes shows someone else's address, because a Node.js SSR app on autoscaling GCP is OOMing, rotating instances, and occasionally serving requests through a singleton API client still spiritually married to the previous user. Fresh instance? Fine. Cursed one? Address roulette. Instance dies? Evidence gone. Turns out, the frontend wasn't broken at all. The architecture simply became a gacha game for privacy incidents.
* **Auth/IAM/SAML/RBAC/ABAC/security/audit work** — the forbidden alphabet soup where **"non-admin users can see analytics"** begins as one security audit finding from a major financial institution and ends with **130 undocumented access patterns** hiding inside a single endpoint like cockroaches in a cyberpunk refrigerator. Turning that mess around **200** of those? That's very simple. Just invent `AccessManager` pattern migration plan: CI/CD-enforced, team-distributed, endpoint-by-endpoint. Not glorious. Not cinematic. But the next engineer touching an endpoint got instructions instead of a shovel, a priest, and a Jira ticket marked **"probably easy"**.
* **Legacy modernization without detonating the business** — dragging a Rails / CoffeeScript / Vue / Webpack e-commerce beast into the modern era while **50k** monthly souls poke it over a **million times** from devices ranging from shiny rectangles bearing the forbidden fruit to 3G pocket fossils forged in dinosaur marrow? No problem. Simply perform battlefield medicine with bundle sizes while **15 stakeholders** circle the operating table asking whether the patient can also support a holiday promo.
* **Production debugging when the logs look like eldritch scripture** — account merge was supposed to be "just a script." Naturally, it was a 1000-line necromancy scroll attempting to cosplay 10 years of business logic while floating away from the schema faster than Australia drifting out of GPS coordinates. One enterprise merge request became a two-month expedition into a business-critical domain I was never hired to own, but apparently the dungeon selected me as its champion. The excavation uncovered stories worth a DLC for Dark Souls: Support Desk Edition. The ancient data-loss incidents, customer-support UX sharp enough to peel records off the database, 7 schema-drift parasites living rent-free inside the merge script, and a logging system that simply gave up when aimed at a 10-year-old enterprise customer smeared across 250 monolith tables like peanut butter on a crime scene. Even the "safe" dry run could lock records for 10 minutes, giving employees enough time to finish a coffee, write a thank-you email, and reconsider whether capitalism was worth it. So I converted the ritual into an enforceable engineering system: masked snapshots with PII removed, safer dry-run visibility, CI checks for schema drift, and a test file that gently grabs the next tired developer by the collar and whispers: "your migration broke account merge"
* **Business-rule archaeology** — finding the business logic hiding between git blame, stale editor internals, browser APIs, and one `setTimeout` that apparently became company policy. Example? I have one. Copy/paste tracking in an online IDE, originally born in 2014 under a `git` commit titled `wip`, because of course it was. The business rule took about a week to recover through 3 rewrites, 5 refactors, 2 file renames, and 40 “minor cleanup” commits that touched the logic just enough to make `git blame` look productive while customer tickets screamed otherwise. The rule wasn't merely lost. It was never formulated. The company had just relied on it for 11 years, like a cursed family heirloom. Under the hood? Capture strings from copy events, then occasionally `setTimeout` yourself into madness so `Monaco` actually persists the new text before comparing it against whatever **StackOverflow** answer candidate copied. Simple. Elegant. Horrifying. Especially once comparison starts to happen across other UI elements that can be copied: task descriptions, IDE panes, AI assistant widgets, copy buttons, and a `Monaco` version last updated when children yearned for the mines and Internet Explorer still had market share. Solution? I formulated the rule from scratch, bridged legacy sync clipboard behavior with the shiny new async Clipboard API, designed 120+ cross-browser use cases across Mac / Windows / Linux multiplied by Chrome / Firefox / Safari / Opera, then wrapped the horror in a small library so future engineers wouldn't have to read Clipboard API lore without adult supervision. The final boss? Not clipboard. It is walking into tired management with 120 use cases and explaining that yes, this is what **"just copy/paste tracking"** actually means.
I'm not looking for water-cooler exchanges. That ritual **died** around Y2K, but its ghost still haunts offices whispering "alignment" near the coffee machine.
Therefore, I had to switch to **remote**: context-rich, async-first, and measurable by shipped value instead of chair heat. **The Office** is best consumed as entertainment, not as an operating model.
Send me your monolith. Send me your broken auth. Send me your "we tried to rewrite it and now both systems are alive" situation.
I will not promise magic.
But I will promise structured investigation, boring senior engineering, tests where they matter, fewer production dragons, and documentation that doesn't require summoning Pete from his LinkedIn afterlife.
DM me with the stack, the disaster, and whether the users are currently on fire.