Skip to main content
Jozbert James Bhoyi
Discuss a project
Security-first systems

Build · Scale · Secure · Validate

Jozbert James Bhoyi

$ role: "systems_engineer"; stack: ["saas", "distributed", "off_sec"];

I build and harden systems that survive real traffic and real threats.

Engineering leadership from architecture to production: reliable backends, clear APIs, and security that holds up when it matters. I also pentest web apps and APIs so you fix critical issues on your timeline — not after an incident.

A security-first engineer who designs scalable systems and validates them like an adversary — so delivery speed does not come at the expense of trust.

See selected work Get in touch
Systems

Built for load, failure, and change

Architecture and implementation choices tied to throughput, failure modes, and operability — so growth does not rewrite your stack every year.

Business

Ship faster without gambling uptime

Clear boundaries and pragmatic delivery: fewer surprises in production, lower cost from rework and outages, and a path to scale that finance and ops can reason about.

Security

Find the break paths early

Defense in depth in design and code — plus structured web pentesting to surface exploitable issues, misconfigurations, and logic flaws before they reach users.

Shipping is not the finish line — operating securely at scale is.

I optimize for observability, resilience, and explicit trust boundaries. Where risk warrants it, I pressure-test the surface like an attacker (within scope and rules of engagement) so remediation happens on your schedule.

What I Do

Engineering and security, end to end

System Architecture & Design

  • Backends and platforms designed for growth and fault isolation
  • Service boundaries, contracts, and multi-tenant-aware design
  • API design that teams can integrate without guesswork

Full-Stack Development

  • React frontends with production-grade structure and performance
  • Django, REST/GraphQL-style APIs, and disciplined service layers
  • End-to-end ownership from schema to deployment

Performance & Scalability

  • Latency, throughput, and cost trade-offs made explicit
  • Resilience patterns: availability, backoff, and graceful degradation

Security Engineering

  • Authentication stacks (e.g. JWT, MFA) and session hardening
  • Authorization models: RBAC, least privilege, and enforcement points
  • Threat modeling and architecture reviews that catch design-level risk

Web Penetration Testing

  • Web applications and APIs assessed against real attack patterns (OWASP-aligned)
  • Findings ranked with evidence, impact, and fix guidance — not noise
  • Retest available after remediation when scope allows

Auditing & Maintenance

  • Code and architecture reviews focused on risk and maintainability
  • Performance and reliability investigations with actionable outputs
  • Security-oriented reviews that complement (not replace) pentesting

Featured Work

Proof over claims

Live product Retail SaaS · POS · Inventory · Cloud sync

Stooqo — POS, inventory, and cloud sync for African SMEs

Hands-on engineering on a live platform used in the field: point of sale, stock control, and sync across devices so shops stay accurate under real-world retail constraints — not demo-day assumptions.

Visit stooqo.com
  • Role: product engineering on a deployed retail stack (POS + inventory + sync)
  • Technical: multi-context sync, identity-aware access, and APIs shaped for store workflows
  • Impact: SMEs run daily sales and stock on one system — fewer stockouts, faster checkout, ops that match how shops actually work
  • Delivery: security- and scale-aware choices without sacrificing clarity for store staff

Outcome: operational software adopted in the field — reliability and fit matter as much as features.

Engagement snapshot

Retail operations platform in production — POS, stock control, and sync across devices. • Store-facing surfaces for checkout and inventory • Backend services for identity, sync, and authoritative stock • Shaped for real connectivity constraints and day-to-day shop workflows Engineering emphasis: dependable behavior in the field, clear operator experience, and security- and scale-aware decisions — without diagram theatre.

Summary only — not an architecture diagram or client deliverable.

How I Work

How engagements run

1

Align on outcomes

Goals, constraints, risk appetite, and what “done” means for your users.

2

Shape the architecture

Boundaries, contracts, data ownership, and failure modes — explicit early.

3

Build in iterations

Shipping slices with observability so behavior is visible in production.

4

Harden and verify

Authorization, hardening, reviews — and targeted pentesting when it adds signal.

5

Hand off cleanly

Measure, tune, document: operators and the next engineer are not left guessing.

Engineering · Assessment · Advisory

Tell me what you are building — or what needs to be tested

Whether you need delivery, a scoped web assessment, or both: share context, timeline, and constraints. I respond with a concrete next step — not a generic pitch.

Request a reply

Used only to respond to this inquiry.

Email me directly · +255 695 613 653

GitHub LinkedIn WhatsApp

info@therealjozbert.com