Almere, Netherlands
Hands-on Software Architect / Senior .NET Developer
I design, modernize and operate business-critical SaaS platforms and data-intensive software systems in the .NET ecosystem. As a software architect and senior .NET developer, my work combines hands-on engineering with architecture, integration, security by design and the long-term evolution of software products. My current work includes Privacylink, a privacy-by-design service for controlled one-time sharing of confidential information.
I help software products mature by connecting business goals, operational risks and external requirements to practical technical direction. That includes system boundaries, core components, deployment models, security choices, database design, integration patterns and reliability work in production systems.
I treat architecture as a response to business goals, risks and external requirements. Good technical direction makes continuity, recoverability, security boundaries, scalability, performance, explainability and auditability explicit, while keeping the system feasible for the people who have to build, change and operate it. I prefer architecture that can be implemented, tested, explained and supported in production.
Long-term architectural responsibility for a multi-tenant SaaS platform serving 300+ tenant environments on approximately 24 VPS hosts. Work included the transition from desktop and on-premise deployments to hosted service delivery, CI/CD, internal tooling, capacity planning and reliability improvements.
Software for municipal real estate management and public-sector integrations, including StUF 2.04/3.10, SOAP interfaces, PKI-overheid, mTLS and tenant-aware routing across hosted environments.
Integration-heavy systems across payment platforms, financial systems, government registers and organizational boundaries. Work included PSP abstractions, iDEAL integrations, secure message routing, data processing algorithms and technical impact analysis.
I am building Privacylink, a controlled sharing service for situations where confidential information needs to be shared with someone whose email address is known. The system encrypts message content in the sender's browser, verifies mailbox access before release, and removes the content after it has been opened.
The initiative started from a practical constraint: confidential information often has to be shared with an organisation or contact where only an email address is available. The design works within that reality, while still allowing the link to be sent through a separate channel when stronger separation is possible.
The architecture deliberately separates delivery, verification and readable content. Privacylink stores encrypted payloads and incomplete key material; the missing key part remains outside the server request path in the shared link fragment. This keeps the service from being able to read the confidential message content while still supporting temporary access, single-use opening and read confirmation.
I hold an MSc in Computer Software Engineering, completed cum laude, with the thesis Enabling Users to Enforce Privacy. The research focused on privacy-by-design architecture, threat modeling, requirements engineering and secure document-processing systems.
My recent work also includes a trust-separated backup architecture that separates production, validation, storage and recovery domains. The design focuses on independent validation before retention and avoiding co-location of stored backup artifacts with decryption capability.
.NET · C# · React · ASP.NET · REST · SOAP · PostgreSQL · Oracle · SQL Server · Azure · Docker · CI/CD · SaaS · Security · Data Protection · OAuth2 · OIDC · mTLS · Architecture · System integration