MUHAMMAD
CHAERUL
HAFIZ.
Building scalable, secure, and production-ready web & mobile systems. 5+ years in full-stack development & DevSecOps culture.
Building reliable
software that scales.
Detail-oriented Software Engineer with hands-on experience in both backend and frontend development, operating within a DevSecOps culture. Proficient in Linux environments and experienced in containerization using Docker.
Skilled in building scalable systems utilizing technologies such as Kafka, Redis, and other security tools — with a strong understanding of system architecture, performance optimization, and secure development practices.
Full Stack & Mobile
React, Next.js, NestJS, Flutter — pixel-perfect UIs to robust APIs.
DevSecOps
Security-first: DAST, SAST, SCA baked into every pipeline.
Linux & Docker
Proficient in Linux environments and containerized systems.
Distributed Systems
Kafka, Redis, and microservices at production scale.
LandLink — Mitratel (Telkom Indonesia Group)
Software Engineer · 2026
- ->Developed the LandLink web admin (React) digitizing the land acquisition lifecycle for 35,000+ telecom tower sites across Indonesia — landlord and site management with document verification, negotiations, contract monitoring, assignments, ticketing, and real-time chat — designed, built, and shipped in 2 months.
- ->Optimized geospatial rendering of 35,000+ sites by replacing naive all-markers rendering with a two-level map flow (regional aggregates, then viewport-bounded, zoom-aware marker fetching with nearest-region auto-switching on pan), cutting markers rendered per view by ~97% and keeping the dashboard smooth where full rendering would freeze the browser.
- ->Cut bulk site onboarding time by ~80% with Excel import (validation preview and commit flow) and batch negotiator assignment — from one-by-one entry to hundreds of sites per upload.
Oli3
Software Engineer · Sep 2023 - Present
- ->Led frontend development for Oli3, an internal operations system delivered within 3 months, covering a wide range of workflows across approvals, company and contact management, sales pipeline, rebate, targets, claims, leave, employee data, timesheets, project issues, job requests, training, KPI, performance assessment, reporting, and administrative tools, while delivering a smoother, more polished, and more modern UI compared with the previous application.
- ->Lead frontend contributor from initial scaffold to production — authored 55% of all commits (560+) over 2.5 years, architecting the platform foundation: module structure, RBAC middleware for 10+ roles (C-level to consultant) with per-page permission checks and role-aware menus, Redux Toolkit state architecture, and the admin console (users, roles, groups) used by every feature that followed.
- ->Built the consultant timesheet module end-to-end — daily entry, schedule tables, mandays validation against project budgets, and multi-level approval with swap-approver flow — replacing spreadsheet-based time tracking with an auditable digital workflow.
ClearAnts (formerly I3GIS)
VisitSoftware Engineer · Sep 2021 - Present
- ->Led frontend development for 5 core DevSecOps modules: Application Security, DAST Security, Mobile Security, Infra Security, and Container Security, plus reporting features and RBAC-based authentication flows, each with different workflows, dashboards, and feature sets — contributing ~640 of 900+ commits as lead frontend on the platform, since rebranded from I3GIS to ClearAnts (clearants.io), now serving 100+ organizations across 1,000+ projects in banking and pharmaceuticals.
- ->Engineered an automated cherry-pick sync pipeline in Jenkins keeping the white-label build in lockstep with the core codebase through the I3GIS-to-ClearAnts rebrand, so both products shipped the same features without manual porting.
- ->Improved account security by building the frontend flow for 2FA setup and verification, enabling ClearAnts users to integrate their accounts with authenticator apps for stronger access protection.
Fusion
Mobile & Full Stack Developer - Research & Development · Apr 2021 - Oct 2021
- ->Developed a training management platform end to end for i3's tech training business serving individual and corporate customers: a Laravel admin panel and REST API (60+ endpoints, Sanctum auth, PostgreSQL with 25+ entities across 20+ migrations) powering a Flutter mobile app of 190+ Dart files used by trainees, community members, and admins.
- ->Designed an intuitive and engaging UI/UX for the mobile app, then built it with Dart and Flutter using clean architecture — 20+ Cubits (flutter_bloc), GetIt dependency injection, a Dio client with caching/logging interceptors, and Freezed ApiResult sealed unions for type-safe error handling.
- ->Built a promotion engine with promo categories, discount/end-date handling, and many-to-many promo-to-training relations — a scheduled Artisan cron auto-expires promos with soft deletes so historical registrations keep showing trashed promo details.
Infrastructure Hardening Compliance Dashboard
- ->Built a full-stack compliance dashboard end to end solo, starting from a 2-day proof of concept against a 1-week estimate, then expanded it into a production tool over ~3 weeks (46 commits) tracking Ansible hardening results across a hospital network's server units.
- ->Built a CSV ingestion pipeline parsing before/after hardening scan results per host (OS version, rules checked, pass/fail counts), scoped per unit with duplicate-safe schema constraints.
- ->Implemented role-based auth (User / Admin / Super Admin) with NextAuth, Prisma, and bcrypt, plus middleware route protection and session-aware redirects.
- ->Delivered a dashboard with unit- and host-level drill-down and ApexCharts summaries comparing pass/fail rates before vs after hardening, backed by rate-limited APIs (Upstash Redis) and a Docker + dedicated Jenkins versioning pipeline.
LandLink Web Admin
ViewLand acquisition management platform covering 35,000+ telecom tower sites across Indonesia — landlords, sites, documents, contracts, assignments, ticketing, and real-time chat — designed, built, and shipped in 2 months.
- — Optimized map rendering of 35,000+ sites — viewport-bounded, zoom-aware marker fetching (~97% fewer markers per view)
- — Excel bulk import with validation preview & batch negotiator assignment — ~80% faster site onboarding
- — Document upload & verification flows for landlords and sites
- — Granular RBAC — roles, per-resource permissions, manager auto-scoping to their regional
- — Ticketing with assignment workflow and threaded discussions (image/document attachments)
- — Real-time chat (Firebase Firestore) with file sharing + broadcast messaging
- — 44+ test Playwright E2E suite, Docker/Nginx + Jenkins CI pipeline
LandLink Mobile
ViewField companion app for negotiators, managers, and landlords across 16 feature modules — owned end to end from stakeholder brainstorming and UI/UX design to Flutter implementation and release, in the same 2-month window.
- — GPS attendance & site check-in with geofencing + ML Kit pose detection against fake check-ins
- — Geotagged visit forms replacing paper negotiation reports (deal/no-deal outcomes, PIC handover)
- — Jaga Aset — guided asset inspections with photo-evidence checklist and live-position map
- — Landlord self-service portal: complaint tickets, document tracking, points & rewards
- — Real-time chat (Firebase Firestore) with file sharing and broadcast messaging
- — Clean architecture — Riverpod code-gen, go_router, Dio with offline-aware caching
- — Crashlytics, Analytics, Performance monitoring & FCM push notifications
ClearAnts (formerly I3GIS)
ViewEnd-to-end DevSecOps platform with 5 core security modules (App, DAST, Mobile, Infra, Container Security), RBAC auth, AI-powered summaries, and automated reporting — rebranded from I3GIS to ClearAnts (clearants.io), now serving 100+ organizations across 1,000+ projects in banking & pharmaceuticals.
- — Lead frontend — ~640 of 900+ commits across 5 security modules with distinct dashboards & workflows
- — Report generation re-architected to NestJS + Puppeteer — 60–80% faster
- — AI chat & summary service connecting to Claude, ChatGPT & DeepSeek via WebSocket
- — Playwright automation running daily at 7AM with Discord alerts
- — Kafka pipeline centralising DevSecOps JSON into ClickHouse
- — Migrating services from Docker Compose to K3s
- — ServiceNow & Jira ticketing integration for security issues
DevSecOps Report Generator
ViewRendering security reports with heavy sunburst/radar charts directly in the ClearAnts (I3GIS) dashboard was crashing the browser tab. Designed and built a dedicated headless-rendering microservice to fix it — architected and owned solo, in continuous development for 2+ years (300+ commits).
- — Split into two services: a lightweight React app that renders report pages in isolation, and a NestJS orchestrator driving a headless Puppeteer browser to screenshot them into PDF
- — Covers all 5 report types (AppSec, DAST, Mobile, Infra, Container) in both executive and technical variants
- — Multi-module reports merged into a single PDF via pdf-lib / pdf-merge, with jsPDF-autotable as a fallback path for tabular exports
- — Cut report generation from 5–8 minutes to 1–2 minutes (60–80% faster) while eliminating the UI lag and crashes of the old in-dashboard approach
- — Structured, step-by-step logging with per-request process IDs for tracing the auth → fetch → render → PDF pipeline, with automatic sanitization of sensitive fields
- — Deployed as an independent service with its own Jenkins build/versioning pipelines and Docker/K3s targets, decoupled from the main dashboard's release cycle
AI Insight & Chat Service
ViewStandalone NestJS microservice powering AI features across ClearAnts (I3GIS): executive/technical result summaries and real-time chat over multiple LLM providers. Own repo and deploy pipeline — authored 95 of 151 commits over ~4 months of active development.
- — Multi-provider LLM abstraction (Anthropic, OpenAI, DeepSeek) with per-provider pricing tracking and graceful handling of exhausted credit/quota (402) errors
- — AI-generated executive and technical insights across all security modules (AppSec, DAST, Container, Mobile, ASOC), each with dedicated, iteratively-tuned prompts and JSON response validation
- — Real-time chat over raw WebSocket (NestJS + ws), authenticated by validating JWTs issued by the main ClearAnts/I3GIS platform — no separate login, shared auth boundary
- — Built a retrieval pipeline (OpenAI embeddings + GitBook reindexing) to ground chatbot answers in ClearAnts/I3GIS product documentation
- — Persistent Redis caching for generated insights to avoid re-computation, plus request-level rate limiting
- — Deployed as an independent service with its own Jenkins versioning pipeline and Docker build, decoupled from the main dashboard's release cycle
ClearAnts QA Automation Suite
ViewPlaywright end-to-end test suite covering ClearAnts (I3GIS) across all 5 security modules — Dockerized, driven by Jenkins CI, and run on a daily schedule with results posted straight to Discord so regressions get caught before users do.
- — E2E coverage spans Application, Dynamic (DAST), Container, Infrastructure & Mobile Security modules plus the report-download flow
- — Env-driven test scoping (TEST_COVERAGE) — run the full suite or target a single module for faster CI feedback
- — Custom Playwright reporter logging step-by-step pass/fail for clearer CI output, with trace capture on retry
- — Dockerized runner that also serves the generated HTML report over HTTP for quick post-run inspection
- — Scheduled daily run wired into Discord for automated pass/fail alerts, no manual report-checking needed
- — Jenkins pipeline builds, tags, and pushes the runner image to the private registry per release
License Management Dashboard
ViewAdmin panel for managing ClearAnts (I3GIS) customer licenses — modules entitled, server counts, upgrade history, and PDF license certificate generation. Co-built with the platform team: authored ~57% of 172 commits over ~2.5 years.
- — Customer & license management — per-customer sector/graph views, license detail with active modules, server counts, and upgrade history
- — On-demand PDF license certificate generation via iframe + html2canvas/jsPDF export
- — NextAuth + JWT auth with refresh-token flow, middleware-protected routes
- — Role-based user admin management
- — Jenkins CI across 3 pipelines (build/prod/versioning) with Discord build notifications
- — Dockerized deployment
ClearAnts K3s HA Infrastructure
ViewGitOps-managed 3-node K3s high-availability cluster running ClearAnts' security-scanning microservices (SCA, misconfig, container security, secret-check, infra-security) — Kustomize base/overlays deployed via ArgoCD across dev and prod. Majority contributor: ~56% of 54 commits.
- — 3-node HA cluster over Tailscale VPN with NFS-backed shared storage — RWX for multi-replica scan services, RWO for stateful DBs (MongoDB, Postgres, Redis, MinIO)
- — Fast-failover tolerations (~30s vs Kubernetes' 5min default) plus podAntiAffinity spreading replicas across nodes
- — Kustomize base + dev/prod overlays deployed via ArgoCD
- — Migrated multiple DevSecOps modules off Docker Compose onto the cluster: SCA, misconfig, container-security, secret-check, infra-security, and report services
- — Traefik ingress with per-service path-stripping middleware, plus NodePort services for direct access
- — Also contributed 69 of 248 commits to jenkins-libraries — the team's shared Jenkins pipeline steps used across the whole DevSecOps Toolbox CI
Service Version Drift Detection System
ViewAutomated system catching version drift between DEV and PROD across ClearAnts' 5+ client deployments (MCG, Kalbe, Mega, Cloudeka, Lintas Dev) — inspects running Docker containers over SSH, tracks versions in Google Sheets, and alerts DevOps/RnD via Discord + email whenever PROD falls behind.
- — Python collector (Paramiko + Docker SDK) SSHes into each client server and inventories running service versions & deploy dates
- — Synced to Google Sheets (gspread + service account) as the shared source of truth, one dated sheet per collection run
- — PM2-managed cron job runs the collector unattended every 3 days on the deploy server
- — Google Apps Script compares the latest DEV vs PROD sheet, flagging services behind schedule and services missing entirely from PROD
- — Discord alert with role mentions for DevOps/Developer teams, plus a detailed HTML email report — or a green all-clear ping when nothing's outstanding
- — Header-driven column mapping (not fixed indices) so the reminder script tolerates sheet layout changes
Oli3 Internal Operations System
ViewComprehensive internal ERP built from scratch — covering approvals, sales pipeline, rebate, targets, claims, leave, timesheets, KPI, performance assessment, training, and more. Lead frontend contributor: 55% of 560+ commits over 2.5 years.
- — Authored 55% of all commits (560+) — from initial scaffold to production
- — Foundation architecture: RBAC for 10+ roles, module structure, admin console
- — Unified approval center consolidating 6+ queues into one screen
- — Modern polished UI — major upgrade over the previous app
- — Sales pipeline, rebate & targets management
- — Timesheet, KPI & performance assessment modules
- — Leave, claims & HR automation
Fusion Training App
ViewTraining management platform built end to end solo: Laravel admin panel & REST API (60+ endpoints, Sanctum auth) powering a Flutter mobile app (190+ Dart files) for trainees, community members, and corporate clients.
- — Designed full UI/UX for the mobile training app
- — Promo engine with scheduled auto-expiry (cron) and soft deletes
- — Bulk corporate enrollment with per-employee records & approval workflows
- — i3Code coding-class module — mentors, assignments, multipart submission
- — Pusher + OneSignal notifications with in-app notification center
Infrastructure Hardening Compliance Dashboard
ViewFull-stack compliance dashboard tracking Ansible infrastructure-hardening results across a hospital network's server units — built end to end solo in ~3 weeks (46 commits), starting from a 2-day proof of concept against a 1-week estimate.
- — CSV ingestion pipeline parsing before/after Ansible hardening scan results per host (OS version, rules checked, pass/fail counts), scoped per unit with duplicate-safe schema constraints
- — Role-based auth (User / Admin / Super Admin) via NextAuth + Prisma + bcrypt, with middleware route protection and session-aware redirects
- — Dashboard with unit- and host-level drill-down plus ApexCharts summaries comparing pass/fail rates before vs after hardening
- — Per-host HTML/CSV report file serving, with safe re-upload handling and cleanup of orphaned files on failed writes
- — API rate limiting (Upstash Redis) protecting upload and auth endpoints from abuse
- — Containerized with Docker and shipped through a dedicated Jenkins versioning pipeline
ERP System & Mobile App
Developed and enhanced ERP systems to improve business operations and data management, alongside Flutter mobile apps and Google Cloud infrastructure management.
- — Developed and enhanced ERP systems — streamlined workflows & improved data reliability
- — Built and maintained Flutter-based mobile apps for smoother business processes
- — Managed and monitored Google Cloud infrastructure for performance, reliability & security
- — Troubleshot and resolved Adempiere ERP issues to reduce operational disruptions
- — Designed custom JasperReports for clearer operational insights & decision-making
Remote Lab Access Migration
ViewWhen COVID-19 made on-site practicum impossible, migrated the university computer lab from an offline-only setup to a fully online access model — enabling 6,000 students to run their lab sessions remotely.
- — Migrated 6000-client lab infrastructure from offline to online during COVID
- — Deployed Apache Guacamole 0.9.8 as Remote Desktop Gateway for remote access
- — Configured NGINX, MariaDB Galera Cluster & Moodle for 6000 concurrent clients
- — Set up Prometheus, Node Exporter & Grafana for real-time monitoring
- — Managed HPE DL120/DL360/DL380 Gen10 servers with RAID 5
- — Enabled students to access lab resources remotely without physical presence
Frontend
Backend
AI / LLM
Database & Cache
Infrastructure
Security & QA
Mobile Development
Integrations
← Drag to explore →
Gunadarma University
Information Technology
2016 — 2020
Actively involved in LEPKOM as Laboratory Assistant and Computer Technician. Led COVID-era transition from offline to online learning, enabling remote lab access for all students.
- — Laboratory Assistant & Computer Technician
- — Managed multiple servers and IT infrastructure
- — Led online learning transition during COVID-19
SMK 3 Perguruan Cikini
TKJ — Computer & Network Engineering
2013 — 2015
Outstanding academic performance with top placements and a Certificate of Honor.
- — 2nd Place — Outstanding Academic Student, 2014/2015 (issued Jun 2015 by the Principal of SMK 3 Perguruan Cikini, Gito Suroso, M.Si)
- — 3rd Place — Outstanding Student, Final Semester Exam, 2015/2016 (issued May 2015 by the Principal of SMK 3 Perguruan Cikini, Gito Suroso, M.Si)
- — Certificate of Honor recipient

— Recognition
Best Consultant
Recognized 3 years running
Awarded by
PT. Inovasi Informatika Indonesia
Kubernetes For Beginners
KodeKloud
2026
Learn Prompt Engineering
Codecademy
2025
Navigating AI Ethical Challenges and Risk
Codecademy
2025
Introduction to Cybersecurity
Cisco Networking Academy
2026
SQL Intermediate
HackerRank
2025
Frontend Developer (React)
HackerRank
2024
Javascript Intermediate
Sololearn
2024
DevSecOps Foundation
DevOps Institute
2023
“Hafiz is a skillful Frontend Engineer. He is a fast learner and quickly adapts with frontend framework technology updates. He also managed the challenges given by company and improves the challenge to give better solution. I highly recommend Hafiz as Frontend Engineer.”
Ardiono Roma Nugraha
R&D Team Lead, PT Inovasi Informatika Indonesia
Managed Muhammad directly · LinkedIn
“One of the most dedicated and hardworking developers I've met. His passion for continuous learning is truly inspiring — he never stops exploring new technologies and improving his skills. His commitment to excellence and growth makes him an invaluable asset to any team.”
Ridho A. H. Manihuruk
Business Technology & Training Solution Specialist
Reported to Muhammad directly · LinkedIn
“A highly skilled frontend developer who is not only hardworking but also deeply curious about technology. Beyond frontend, he actively explores QA automation, AI, and DevSecOps. He consistently delivers high-quality work and is always open to collaboration. If you're looking for a developer who is adaptive, proactive, and eager to learn — Hafiz is the perfect fit.”
Briliantino Abhista
Frontend Engineer · UI/UX Designer
Worked on the same team · LinkedIn
“A proficient front-end developer whose collaborative spirit makes him an invaluable team member. His logical approach and proficiency in React JS consistently enhance our projects. His strong research background and commitment to excellence are reflected in the high quality of his work.”
Muhammad Kasfi
Software Engineer · Backend & Payment Systems
Worked on the same team · LinkedIn
Let's work
together.
I'm open to new opportunities. Whether you have a project, want to collaborate, or just want to talk tech — reach out.