Citi

Global IAM Platform

An internal, cloud-native Identity and Access Management product for Citi.

Project Overview

EEMS (Enterprise Entitlement Management System) is a comprehensive Identity and Access Management (IAM) platform that transformed how Citi manages digital identities and access controls at scale. The platform serves as the central nervous system for secure access management, processing over 10 million authentication requests daily across three continents.

Roles

Senior Software Engineer

Oct 2024 – Aug 2025

Software Engineer

Dec 2021 – Oct 2024

Impact & Responsibilities

  • 50,000+ employees and 1000+ applications across 3 continents
  • Led development for 5+ critical microservices in a 12-person team
  • Cross-functional collaboration with security, compliance, and product teams
  • End-to-end ownership from architecture design to production deployment

The Challenge

🔐

Security Vulnerabilities

Legacy authentication mechanisms exposed the organization to potential breaches, with outdated protocols and weak password policies. Manual user provisioning processes led to orphaned accounts and excessive privileges, creating security gaps.

📉

Operational Inefficiencies

Manual user management consumed 15+ hours weekly across IT teams. The absence of self-service capabilities resulted in 50+ daily access-related helpdesk tickets, creating bottlenecks in employee onboarding and role changes.

⚖️

Compliance Risks

Lack of centralized audit trails made compliance reporting a manual, error-prone process. The organization faced challenges demonstrating compliance with financial regulations during audits, with access reviews taking weeks to complete across multiple systems.

🌍

Global Scale Challenges

The existing system couldn't handle the growing volume of 10M+ daily authentication requests across three continents. Performance degraded during peak hours, with authentication latency exceeding 5 seconds, directly impacting employee productivity and customer experience.

Note: Detailed architecture diagrams and implementation specifics are not included in this case study due to confidentiality agreements.

The Solution

🔐 Modern Authentication Framework

Implemented a robust authentication system using OAuth 2.0 and OpenID Connect with Spring Security and JWT. This provided secure, stateless authentication with support for multi-factor authentication (MFA) and single sign-on (SSO) across all enterprise applications.

OAuth 2.0 OpenID Connect JWT MFA

Achievement: 95% reduction in security vulnerabilities and 50% faster authentication

🏗️ Microservices Architecture

Architected and led the migration from a monolithic system to a microservices-based platform using Spring Boot 3.x and Java 17. The new architecture improved system resilience, with independent scaling of authentication, authorization, and user management services.

Spring Boot 3.x Java 17 Domain-Driven Design API Gateway

Result: 70% improvement in deployment frequency and 60% reduction in incident resolution time

Event-Driven Architecture

Designed and implemented an event-driven architecture using Apache Kafka to handle 10,000+ events per second. This enabled real-time access control updates, audit logging, and cross-service synchronization with eventual consistency across all regions.

Apache Kafka Event Sourcing CQRS Saga Pattern

Impact: 90% improvement in data throughput and sub-100ms latency for access control updates

☁️ Cloud-Native Infrastructure

Engineered a containerized infrastructure using Docker, Kubernetes, and OpenShift with multi-region deployment across AWS and Azure. Implemented GitOps practices with ArgoCD for declarative infrastructure management and automated scaling based on real-time metrics.

Kubernetes Docker OpenShift GitOps

Outcome: 99.99% availability and 80% reduction in infrastructure costs through efficient scaling

🔄 Automated CI/CD Pipeline

Built robust CI/CD pipelines using Bitbucket, Jenkins, and Maven, reducing deployment time by 50%. Automated testing and deployment processes minimized human error and accelerated feature delivery.

Key Achievement: 50% faster deployments

Business Impact

0 %

Faster Deployments

CI/CD pipeline automation

0 %

Data Throughput

via Apache Kafka

0 %

Vulnerability Reduction

Checkmarx & SonarLint

0 K+

Users Supported

Global IAM platform

0 %

First-Call Resolution

L1 support

0 %

Bug Reduction

Through code reviews

Business Outcomes

  • 50% faster deployments - Automated CI/CD pipelines reduced deployment times from 2 hours to just 1 hour
  • 95% security improvement - Reduced vulnerabilities through Checkmarx and SonarLint integration
  • Global scale - 50,000+ employees, 10M+ auth requests/day, 99.9% uptime across 3 continents

Technical Excellence

  • Microservices architecture - Led development of 5+ critical microservices, improving scalability by 25%
  • Performance optimization - 90% better throughput with Kafka, 10% faster response times
  • DevOps leadership - Built CI/CD pipelines, mentored team, achieved 20% fewer bugs

Technology Stack

Backend

Java 11/17
🍃 Spring Boot
🔒 Spring Security
🔐 JWT & OAuth 2.0
📨 Apache Kafka

Frontend

🅰️ Angular
🌐 TypeScript
🎨 Angular Material

Security & DevOps

🗝️ HashiCorp Vault
🛡️ Checkmarx & Snyk
📊 ELK Stack
🔍 SonarQube
🐳 Docker
☸️ Kubernetes/OpenShift
🏗️ JFrog Artifactory
📦 Maven
🔄 Jenkins

Let's Build Something Amazing

Interested in discussing scalable system architecture or exploring collaboration opportunities?

Get in Touch View More Projects