Jeremy Sells — CV

Senior Software Engineer · Tech Lead · Platform Engineer · New Zealand (remote only)

I am a New Zealand-based senior software engineer and tech lead with more than 14 years of experience building and operating high-impact software across identity and access management, backend engineering, platform engineering, DevOps, automation, developer tooling and data pipelines.

My strongest work sits where correctness, safety, maintainability and practical delivery all matter at the same time. I enjoy building systems that make difficult work safer, clearer and more repeatable.

Professional summary

My experience spans hands-on implementation, architecture, technical leadership, internal tooling, platform automation, access management, ETL pipelines, production operations and developer experience. I am comfortable taking ambiguous problems through to working software, particularly where the blast radius is high, edge cases matter and tooling must be reliable enough for other engineers to trust.

Across my career I have moved from web development and full-stack product work into backend systems, infrastructure automation, data engineering, technical leadership and identity/access management. The common thread is practical engineering: understand the real problem, reduce operational risk, automate repeatable work and make the system easier for the next person to operate.

Core strengths

• Identity and access management: Okta, OAuth 2.0, OIDC, JWT client assertions, PKCE, group policy, rule evaluation, access modelling, migration safety and blast-radius analysis.
• Backend engineering: Python, Java, PHP, APIs, microservices, service abstractions, integrations and internal platforms.
• Platform engineering and DevOps: Terraform, Kubernetes, Docker, Bazel, Ansible, Chef, GitLab CI, Jenkins, infrastructure automation and deployment pipelines.
• Automation and tooling: Internal CLI and desktop tools, scheduled jobs, admin tooling, migration tooling and self-service workflows.
• Data and ETL pipelines: Airflow, PySpark, AWS Batch, AWS Lambda, EMR, SQL, Databricks, reporting and third-party data integrations.
• Reliability and safety: Unit testing, typed interfaces, rollback strategies, staged migrations, code quality tooling, operational excellence and security reviews.
• Technical leadership: Squad planning, technical roadmaps, mentoring, code reviews, incident reviews, interviews, design reviews and cross-team collaboration.
• Developer experience: Reducing cognitive load, abstracting complex build systems, improving test and lint feedback loops and documenting system behaviour.

Selected engineering work

I build software and automation that helps teams move faster without making systems more fragile. Examples include:

• Internal identity and access management tools for safe Okta automation.
• Strongly typed Python clients and authentication abstractions for machine-to-machine and user authentication flows.
• Rule parsers and simulators that predict access-management outcomes before rollout.
• Reversible migration tooling for high-blast-radius identity changes.
• Developer tools that hide Bazel, CLI and API complexity from non-specialist users.
• ETL pipelines and microservices for advertising, SEO, communications, reporting and growth systems.
• AI model-training pipelines and internal automation for computer vision platforms.
• Kiosk management and deployment platforms built with infrastructure as code and configuration management.
• SaaS ecommerce features integrating B2B and B2C storefronts with ERP systems.

Professional experience

Canva

Software Engineer — Access Management

2022–present · Identity, access management, internal tooling, developer enablement and automation

At Canva, I work on internal access-management tooling and automation in a high-blast-radius domain covering identity, authentication, group policy, access workflows and operational safety.

• Designed and built a custom, strongly typed Okta client in Python, replacing unsafe patterns in the official SDK and enabling reliable automation at scale.
• Implemented OAuth 2.0 authentication flows including machine-to-machine authentication with JWT client assertions.
• Implemented PKCE-based user authentication without client secrets.
• Built reusable authentication abstractions for personal CLI workflows and machine-to-machine automation.
• Designed and implemented an Okta Expression Language parser and evaluator using Lark, including operator precedence and function behaviour.
• Built tools to normalise and format access expressions and extract or rewrite group references.
• Built rule-simulation tooling to predict downstream membership changes before rollout.
• Delivered blast-radius analysis that models user-attribute changes and highlights affected access paths.
• Partnered on standardising Okta group naming and structure across IT and HR-driven access.
• Implemented reversible migration tooling with create, validate, cutover and rollback phases.
• Identified and safely removed deprecated groups and rules using staged deletion strategies.
• Built internal admin tooling for Okta operations not supported by the standard UI.
• Enabled safe bulk changes including group creation, rule updates and application-linkage analysis.
• Exposed selected workflows as scheduled Kubernetes jobs.
• Wrote extensive unit tests with pytest and MyPy, including custom fixtures for time, cryptography and API behaviour.
• Introduced strict typing targets and Ruff linting across a core monorepo.
• Identified and fixed company-wide pytest coverage issues where coverage leaked across Bazel targets.
• Authored documentation explaining actual identity-rule behaviour, reducing reliance on tribal knowledge.
• Built production-ready tooling that abstracts Bazel and CLI complexity for non-specialist users.

Fingermark

Tech Lead / Senior Software Engineer

2021–2022 · AI customer journey systems, computer vision, automation and team leadership

• Led squads responsible for frontend applications, backend applications and internal automation.
• Built technical roadmaps, set direction, planned work and ran delivery ceremonies.
• Worked with product teams to plan, scope and prioritise features.
• Mentored engineers and helped resolve technical challenges.
• Helped create an automated AI model-training pipeline using Airflow.
• Worked on camera configuration, playback and remote-site tooling.
• Worked on Ansible provisioning for remote machines.
• Assisted with SRE and engineering interviews.
• Championed microservices, security, automated quality checks, deployments, RFCs and incident postmortems.
• Established a bi-weekly technical show-and-tell.

Skyscanner

Software Engineer II

2019–2021 · Advertising, SEO, referrals, communications, ETL and microservices

• Built, updated and retired microservices in Python AIOHttp, Java Dropwizard and Node.js/Express.
• Developed ETL and reporting jobs with Airflow, PySpark, AWS Batch, AWS Lambda, EMR and SQL.
• Automated growth-team tasks and made data available through Tableau and Databricks.
• Built third-party data integrations.
• Worked on advertising, SEO, paid referrals, email, push and subscription systems.
• Contributed to frontend error capture and refactored a Node.js service to company standards.
• Represented the squad in operational-excellence reviews.
• Prioritised security, vulnerability patching, maintainability, reliability and incident follow-up.

QikServe

Senior Full Stack Engineer

2018–2019 · Hospitality ordering, payments, DevOps and kiosk deployment

• Created a Chef-based kiosk-management and deployment platform.
• Built a custom web UI and microservice API backend.
• Provisioned AWS infrastructure with Terraform and managed Kubernetes and EC2.
• Improved Jenkins, Docker and Kubernetes deployment automation.
• Applied Chef to existing infrastructure and imported infrastructure into Terraform.
• Worked with Java/Spring, Python/Flask, MySQL, Docker, Jenkins, Linux, JavaScript and Bash.

Pulsant

Senior Developer

2017–2018 · Hosting, configuration management and PHP modernisation

• Maintained a proprietary configuration-management and ticketing system.
• Introduced Docker and helped upgrade PHP 5.3 to PHP 7.2.
• Added health checks, PSR-11 dependency injection, autowiring and PSR-3 logging.
• Added Elasticsearch logging with Filebeat and Logstash.
• Added PHPUnit tests, validation and SaltStack continuous deployment.
• Improved CI and refactored application structure for testability.

XM Developments / CommerceBuild

Team Lead — Remote Contractor

2017 · SaaS ecommerce, ERP integrations and team leadership

• Guided teams of up to four developers and performed code reviews.
• Led refactoring of a PHP system toward a Java API.
• Helped plan, scope, debug and deliver features.
• Documented the existing system and its API-driven replacement.

Senior Developer

2013–2016 · SaaS ecommerce, Sage ERP and B2B/B2C commerce

• Built and maintained frontend and backend ecommerce features.
• Implemented localisation, product configuration, split ordering and new carts.
• Added international payment and shipping gateway integrations.
• Held primary oversight of shopping carts, CodeIgniter integration, product configuration, CDN integration and localisation.

Professional Development

Web Developer / Sole Developer

2011–2013 · CMS development, email distribution and business websites

• Maintained a proprietary CMS and email-distribution system.
• Developed sites for businesses and local government agencies.
• Used PHP, MySQL, JavaScript/jQuery, CSS and HTML.
• Used Xdebug and profiling to improve performance and SQL queries.

Early technical and customer support experience

• PC Logic — Service Technician, 2010: Serviced, built and repaired computers.
• Dick Smith — Sales Assistant / Technical Support, 2008–2011: Provided computing support and explained technical trade-offs to customers.
• Landcare Research — Technical Work Experience, 2007: Rebuilt computers, replaced hardware and tested systems.

Technical skills

Programming languages

• Primary: Python, Java, SQL and Bash.
• Strong commercial experience: PHP, JavaScript, CSS and HTML.
• Additional experience: C#, Ruby, Groovy, C/C++, XML and XSLT.

Python and Java engineering

• Python backend services, automation, typed clients and internal libraries.
• AIOHttp, FastAPI, Click, pytest, unittest, MyPy, Ruff, Pylint, Flake8, Black, isort and Lark.
• Java microservices, Dropwizard, Spring, Hibernate, Maven and Gradle.

Identity, security and platform engineering

• Okta, OAuth 2.0, OIDC, JWT client assertions, PKCE and SCIM concepts.
• Group policy, rule parsing and simulation, blast-radius analysis and reversible migrations.
• Terraform, Kubernetes, Docker, Bazel, Ansible, Chef, SaltStack, Helm and CloudFormation.
• GitLab CI, Buildkite, Jenkins, Drone, CircleCI and Travis CI.
• AWS S3, Lambda, Batch, EMR, Glue, Transfer Family, EC2, RDS/PostgreSQL and EKS-style environments.

Data, storage and observability

• Airflow, PySpark, SQL, Databricks and Tableau-facing outputs.
• PostgreSQL, MySQL, MariaDB, Redis, Elasticsearch, MinIO and S3.
• Grafana, Prometheus, VictoriaMetrics, OpenTSDB, Bosun, Sentry, Bugsnag and Kibana.
• Snyk, SonarQube, incident reviews and postmortems.

APIs, web and engineering workflow

• REST, OpenAPI/Swagger, Node.js, Express, JavaScript, jQuery and Bootstrap.
• PHP, CodeIgniter, Doctrine, Composer, PSR standards, PHPUnit and static-analysis tools.
• Git, GitLab, GitHub, Bitbucket, Jira, Confluence, Notion and Redmine.
• Roadmaps, sprint planning, RFCs, design reviews, documentation, mentoring, reviews and interviews.

Education

Bachelor of Science — Computer Science

Massey University, Palmerston North · Graduated 2010

Relevant study included programming, computer networks, software development, operating systems and electronics-related computing.

Earlier qualifications and awards include the Cisco Computing Merit Award, Level 3, and National Certificates in Computing, Levels 2–3.

Role fit

I am strongest in roles combining backend engineering, platform thinking, automation and technical leadership:

• Senior or staff-leaning software engineer.
• Tech lead.
• Platform, backend, identity or access-management engineer.
• Developer experience or internal tools engineer.
• Infrastructure automation, DevOps, data platform or ETL engineer.

Frequently asked questions

What does Jeremy Sells specialise in?

I specialise in backend engineering, identity and access management, developer tooling, platform engineering, DevOps automation and data pipelines.

What technologies does Jeremy Sells work with?

I work with Python, Java, SQL, Terraform, Kubernetes, Docker, Bazel, Airflow, Okta, OAuth 2.0, OIDC, AWS, GitLab CI, pytest, MyPy and Ruff.

What kind of software does Jeremy Sells build?

I build internal tools, backend services, automation systems, access-management platforms, migration tooling, ETL pipelines, infrastructure automation and developer-enablement systems.

References

References are available on request. To discuss a role, contact me.