Leonardo Noli

Senior Software Engineer & Team Lead with a full-stack PHP foundation and a deliberate transition into security-driven engineering leadership. I build production systems that are reliable, maintainable, and secure by design.

View Work Download Resume Contact

Focus Areas

Full-Stack Foundation and Adaptability

My core background is full-stack PHP development, where I built and owned production systems end to end. That foundation enables me to adapt across languages and frameworks as project needs evolve.

Security-Driven Engineering Leadership

I design systems with defensive security principles in mind and take ownership of controls that improve trust and traceability in production, including authentication, audit logging, and data protection practices.

Engineering Leadership & People Management

I’ve led senior engineers across web and mobile, balancing delivery and long-term quality. Responsibilities include annual reviews, performance management, workload planning, and project ownership across multiple initiatives.

Distributed and Cloud-Hosted Systems

I build services that run independently, communicate across system boundaries, and remain reliable under partial failure conditions. Emphasis on safe recovery, observability, and maintainable operations.

Selected Work (Anonymized Case Studies)

Most of my professional work involves proprietary systems and client-owned platforms. The examples below are anonymized case studies focused on architecture, security tradeoffs, and outcomes rather than source code or client-specific details.

Secure Platform and Reporting Systems

Business-critical platforms handling sensitive data required stronger authentication, auditing, and reporting while remaining usable for non-technical users.

  • Implemented secure authentication and authorization flows, including single sign-on
  • Added application-level auditing and login attempt tracking
  • Designed encrypted data storage and secure access patterns
  • Built reporting and export workflows for operational and compliance use

Outcome: Improved security posture, increased traceability, and higher confidence for teams operating the platform.

PHP (Laravel) TypeScript JavaScript REST APIs Cloud hosting

Distributed Python Synchronization Service

Two independent systems needed to remain synchronized reliably despite network variability and operational constraints.

  • Built a standalone Python application running in the cloud
  • Designed synchronization logic to keep systems consistent
  • Implemented retry strategies, failure handling, and data integrity safeguards
  • Ensured unattended operation with safe recovery behavior

Outcome: Reduced manual intervention and improved data consistency across systems.

Python APIs Background services Cloud hosting

Web and Mobile Application Development

User-facing products required consistent behavior across web and mobile clients, backed by secure and reliable APIs.

  • Designed and implemented APIs consumed by multiple clients
  • Worked across frontend and backend boundaries to maintain clean contracts
  • Ensured consistent authentication, authorization, and data handling

Outcome: Faster feature delivery and fewer cross-platform integration issues.

React React Native Node.js NestJS REST APIs

Security Focus and Program Ownership

Security-Driven Transition

My background as a full-stack engineer exposed me to real-world application risk: authentication, data protection, access control, and operational reliability. Over time, this led me to take on increasingly security-focused responsibilities and to intentionally build security into system design and engineering workflows.

I’m completing a cybersecurity program at the University of Arizona with a defensive security focus and apply that work directly in production systems through secure authentication flows, encryption practices, auditing and logging, incident-aware design, and risk-driven decision making.

SOC 2 Work in Practice

I started SOC 2 work at my company and maintained the program throughout the year, embedding controls into operational and engineering processes rather than treating compliance as a separate activity.

The upcoming year continues this work with a second full SOC 2 Type II reporting cycle, building on a maturing program that runs continuously, not seasonally.

About

Summary

I am a senior software engineer and team lead with a full-stack PHP foundation who has transitioned into increasingly security-driven work. I combine hands-on engineering with defensive security principles, focusing on building systems that are functional, trustworthy, and resilient in production.

I am particularly interested in work that sits at the intersection of engineering, platform reliability, and risk management, where thoughtful design and operational discipline matter.

How I Work

I prioritize clarity, ownership, and long-term maintainability. I am comfortable making pragmatic tradeoffs, collaborating with product and design partners, and taking responsibility for systems running in production.

I use modern AI tooling to accelerate learning, implementation, and iteration, while maintaining full responsibility for architecture, correctness, security, and maintainability.

Contact

If you are building systems where security and reliability are first-class concerns, I would be happy to connect.

For accessibility: use the email link to send a message, or visit the LinkedIn profile link.

Back to top