Divya Bairavarasu

Divya Bairavarasu

Full Stack Developer | Generative AI Engineer

Crafting scalable, secure, and intelligent software solutions. Previously at Sony Pictures Entertainment. Focused on enterprise-grade architecture, security best practices, and AI-driven development.

GitHubLinkedInEmail
10+

Years Experience

5+

Projects Delivered

100%

Code Quality Focus

About Me

A little more human than a resume.

I build software for teams that need reliability, security, and room to evolve. I also care about the people behind the systems — because engineering is never just code.

Divya Bairavarasu
Full Stack Developer

I was most recently a Full Stack Developer at Sony Pictures Entertainment. I was laid off and I am currently serving my notice period, which is not the story I planned, but it has made me even clearer about the kind of work I want to keep doing.

I want to build AI-driven tools that genuinely help engineers move faster without throwing away good judgment. I want to contribute to open source in a way that is useful, not noisy. And I want to keep focusing on secure enterprise software because that is where careful design really matters.

This site is intentionally honest. I have worked in environments where reliability, review culture, security controls, and data discipline were not optional. Those habits stuck with me, and they shape how I think about every system I touch.

Right now
What I am putting my energy into

Building practical AI-assisted developer tools.

Contributing to open source where I can add real value.

Doubling down on secure enterprise software and maintainable architecture.

Looking for the next team that values rigor, empathy, and long-term thinking.

Engineering philosophy

Enterprise-Grade Architecture
  • Separate dev, QA, release, and maintenance branches when the delivery process needs clarity.
  • Design systems so the next release is easier than the last one.
  • Treat maintainability as a feature, not cleanup work for later.
Security & Code Review
  • Protect production branches and require at least one thoughtful review.
  • Use automation to catch avoidable mistakes before they ship.
  • Assume bad inputs, leaky logs, and accidental regressions can happen unless you plan for them.
Database Best Practices
  • Journal long-running procedures so there is a clear start, in-progress, and finished trail.
  • Prefer soft deletes so recovery stays possible and audit history remains intact.
  • Keep backups outside the primary server and document exactly how to restore them.
Feature Management
  • Feature flags make it safer to ship incomplete work behind controlled switches.
  • Debug logging is useful only when it gives context without leaking sensitive data.
  • The right observability saves hours when something breaks under pressure.
Observability & Health
  • Health checks should tell operations what is actually wrong, not just that something failed.
  • OpenAPI and Swagger make APIs easier to test, trust, and hand off.
  • Operational visibility matters as much as the happy path.
Development Practices
  • Frequent commits create safe checkpoints while building.
  • git revert is one of the most practical recovery tools on a team.
  • Good commit history reduces panic during production issues.
Skills & Expertise

How I think about software, not just the languages I use.

The tools change. The engineering habits should hold up anyway. These are the patterns, review instincts, and delivery practices I keep coming back to.

How I Design Software
  • Start with architecture review before coding and check presentation, service, and data layers.
  • Apply SOLID principles and design patterns like Factory, Strategy, and Singleton where they actually improve the design.
  • Keep modules loosely coupled with high cohesion.
  • Design for extensibility so future changes do not feel like rewrites.
  • Use records or value objects for DTOs and prefer immutability.
Architecture ReviewSOLIDDesign PatternsDTO DesignImmutability
Engineering Mindset
  • Write tests for every new method, including happy path, edge cases, and boundary conditions.
  • Use descriptive naming so methods, variables, and classes explain their purpose.
  • Log at decision points with context like entity identifiers instead of vague messages.
  • Break complex methods into focused units such as validateX, updateX, and saveX.
  • Frequent commits create safety checkpoints and git revert is your friend.
  • Avoid magic numbers and strings by using named constants.
TestingCode ReviewImpact AnalysisNamingRefactoring
Security Best Practices
  • Never hardcode secrets — use environment variables or a secrets manager.
  • Soft deletes only — never hard delete production data.
  • Rate limit all public API endpoints.
  • Validate all inputs and handle exceptions specifically.
  • Keep PII, tokens, and passwords out of logs.
  • Use CSP, HSTS, and X-Frame-Options on every web app.
Secrets ManagementRate LimitingOWASPAuditabilityInput Validation
Database & Data
  • Journal long-running procedures with start, in-progress, and done states.
  • Keep database backups on separate machines with documented restore steps.
  • Use feature flags to control data access features.
  • Paginate queries that can return large result sets.
Database JournalingSoft DeletesBackupsPaginationFeature Flags
Technical stack

Core stack

JavaSpring BootNode.jsReactNext.jsTypeScriptPython

Architecture & delivery

MicroservicesREST APIsOpenAPI/SwaggerCI/CDGitHub ActionsDockerKubernetes

Data & cloud

PostgreSQLMySQLMongoDBRedisAWSObservabilityHealth Checks

AI & developer tooling

LLM IntegrationRAG SystemsPrompt EngineeringAI AgentsArchitecture ReviewCode Review PrinciplesImpact Analysis
Security First

Security Best Practices

Security is not an afterthought. It's embedded in every layer of architecture, from code review processes to runtime observability and data protection.

Authentication & Authorization
  • OAuth2 and JWT token-based authentication
  • Role-based access control (RBAC)
  • Multi-factor authentication support
  • Secure session management
Data Security
  • End-to-end encryption for sensitive data
  • Database column-level encryption
  • Soft deletes to prevent data leakage
  • Regular security audits and penetration testing
Code & CI/CD Security
  • Code review enforcement (minimum 1 approver)
  • Branch protection on all production branches
  • Automated SAST and dependency scanning
  • No direct pushes to main — PRs only
Logging & Monitoring
  • Debug logging with zero PII in production logs
  • Structured error tracking and categorization
  • Real-time security event monitoring
  • Compliance with OWASP Top 10
Tools & Standards
Industry-standard tools and frameworks
OpenAPI/Swagger
GitHub Actions
SAST Scanning
SCA Scanning
Health Checks
Monitoring/APM
Log Aggregation
Incident Response

Go deeper than the homepage.

I split out the thinking behind my engineering decisions and the products I am shipping so each page can stay focused.

Engineering

A dedicated page for the branch strategy, review culture, data discipline, feature flags, health checks, and API habits I trust.

Dashboard

A product dashboard for ZenCoder AI, Safe Agent, and AgentProbe, with Marketplace metrics and graceful fallbacks when the API is unavailable.

Products

What I am building in public.

A quick look at the products tied to my VS Marketplace presence, with a deeper dashboard one click away.

ZenFlow
Starter kit generator — zenflow.buzz
AI Starter Kits

ZenFlow generates structured starter kits with instruction files that feed directly into AI coding agents — Claude, Cursor, and Copilot. Each kit ships with purpose-built context files:

AGENTS.mdAgent capabilities and scope
coding_standards.mdConventions the agent must follow
architecture.mdSystem design, structure, and cost-per-transaction thinking baked in
security.mdSecurity rules any agent can enforce

Feed any of these files into an agent and it knows the what and why — enabling consistent, secure, production-ready output from day one.

ZenCoder AI
16.1.0
AI coding assistant with a Go-powered install flow for developers who want fast feedback and practical automation.

Install metrics and ratings are available from the dashboard view.

Safe Agent
7.1.0
A developer productivity tool built to simplify repetitive workflows and keep teams moving.

Install metrics and ratings are available from the dashboard view.

AgentProbe
7.0.0
An agent testing tool focused on observability, repeatability, and confidence in autonomous workflows. Also available as an IntelliJ plugin with 27 downloads.

Install metrics and ratings are available from the dashboard view.

Want the numbers too?
The dashboard view is set up to read the Marketplace feed through a same-origin endpoint path and fall back gracefully when it cannot.