avatar

Aaron Morabito
Senior Principal Software Engineer | Identity Platforms & Agentic AI

About

15 years of software engineering experience, including 6 years architecting and operating Oracle's multi-region authentication and authorization platform - 1.4M+ daily authentications, 30M+ daily authorization decisions across 40+ Helidon microservices on Kubernetes, with mTLS for new-platform-to-legacy-system interop and P99 login latency reduced from ~5s to 956ms. Currently spearheading an MCP server for agentic Service Request resolution and serving as Dev Security Lead for AI feature integrations across the platform, while driving organizational adoption of AI developer tooling (Codex, MCP-integrated IDE workflow). Operates as a Staff+/Principal IC owner who sets platform standards, drives cross-team and cross-runtime adoption, and delivers measurable identity, security, reliability, and developer-productivity outcomes at scale.

Work Experience

Oracle Corporation
https://oracle.com
February 2020 – Present
Senior Principal Application Developer / Dev Security Lead
Highlights
  • Spearheading design of an MCP server for agentic Service Request resolution - making SR data and resolution context available to agents that can resolve tickets before a human is involved. Architecting agent identity, tool authorization scoping, and audit patterns for production agent execution, with a downstream extension to fine-tune resolution agents on the historical SR corpus.
  • Operate the OIDC relying-party and IDCS-backed RBAC layer providing root-of-trust workload identity for support.oracle.com across multi-region Kubernetes - 1.4M+ daily authentications, 30M+ daily authorization decisions, 40+ Helidon microservices, with mTLS for new-platform-to-legacy-system interop during ongoing modernization. Reduced P99 login latency from ~5s to 956ms by parallelizing token validation, optimizing external dependency calls, and implementing fail-closed security guarantees.
  • Set the security bar for AI feature integrations across the platform engineering org as Dev Security Lead - required identity scoping, blast-radius containment, and audit instrumentation as preconditions for production rollout. Held the line on rollouts where privileged agents had broad data access without adequate constraints.
  • Drove the platform identity standard across runtime boundaries: guided cross-team integration of OIDC relying-party behavior and IDCS-backed RBAC into a Node.js/Express service running under the same ingress as the Java Helidon fleet, preserving the platform's identity contract across runtimes.
  • Designed and led a zero-downtime OAuth migration (password grant to client_credentials) for 40+ B2B partners across 9 environments, including dual-mode compatibility, identity translation via Vault-backed mapping, and organization-wide rollout sequencing.
  • Driving organizational adoption of AI developer tooling - Codex, MCP-integrated IDE workflow (Atlassian MCP for JIRA/Confluence, Jenkins MCP, OCI CLI + Log Analytics), and a hierarchical AGENTS.md context system enabling in-IDE story management, debugging, and rolling work-history capture for performance-review accuracy.
  • Built a Java RBAC and field-level authorization framework adopted by 40+ Helidon microservices, processing 30M+ daily authorization requests through shared libraries and configuration-as-code. Added API-level and field-level access enforcement, role caching, and IDCS integration.
  • Implemented rate limiting and traffic policy enforcement for external partners through OCI API Gateway using config-as-code automation - per-partner quotas, blocking unauthorized clients, and seamless traffic cutover with zero client impact. Built Python automation for partner OAuth onboarding (90 min to 5 min), Vault secrets management, and security observability dashboards.
  • Reduced CI build times from ~2 hours to 20 minutes by restructuring Docker layers, introducing persistent Maven caches, and modernizing multi-service build/deploy workflows - eliminating ~9,000 developer hours annually across 40+ services.
Lockheed Martin
https://www.lockheedmartin.com/
June 2015 – February 2020
Software Engineer Senior / Lead
Highlights
  • Sole developer on a proposal team that won a Naval/Aviation MRO contract; delivered the entire technical proof-of-concept.
  • Promoted to Lead Software Engineer on the resulting program; architected integration and data flows between IFS Applications ERP and legacy defense systems.
  • Optimized database/Hibernate performance achieving 40-70% improvements on classified systems; held DoD Secret clearance.
  • Mentored junior engineers, led milestone demos, and provided technical direction across partner teams.
Gooch and Housego
https://gandh.com/
August 2011 – April 2015
Software Engineer
Highlights
  • Developed C++ control systems for lasers, spectrometers, and GigE cameras.
  • Delivered performance improvements, maintainability refactors, and full lifecycle support for scientific instrumentation.

Projects

  • This Website: Resume website rendered from a JSON Resume schema via a custom Node + nginx container, deployed to a self-hosted k3s cluster via Helm and ArgoCD GitOps.
    • Self-hosted on a 3-node k3s cluster
    • Custom Docker image renders resume.json through JSON Resume themes at container start
    • Patched jsonresume-theme-kendall to render project URLs and highlights
    • Helm chart + ArgoCD Application for GitOps-driven deploys
  • FOODIFILE — Florida Health Inspections: Solo-built consumer site surfacing Florida restaurant health-inspection data with pattern detection, emergency-closure alerts, and a civic-action loop. Full-stack + ETL + ops.
    • Daily 5-stage Python ETL over 1.1M inspection records / 159K establishments with duplicate-aware merge detection and closure-flag reconciliation
    • Vue 3 + Ionic SPA, Express/Node API, PostgreSQL 17 + PostGIS, Keycloak OIDC, SendGrid
    • Pattern-detection worker identifies repeat offenders and emergency orders; results drive a free public alerts feed
    • Self-healing scraper: tombstone path + no-progress guard cut recovery from a 2h timeout to 73s per Job
    • Deployed on self-hosted k3s via Helm + ArgoCD GitOps with Prometheus alerts routed to GitHub issues

Contact

Portland, Oregon US
aaron.p.morabito@outlook.com
https://amorabito.com
LinkedIn
aaron-morabito

Education

  • 2007 2011

    Florida Institute of Technology

    https://www.fit.edu/

    Bachelor of Science

    Computer Engineering

    Courses
    • Computer Design
    • Software/Hardware Integration
    • Digital Electronics
    • Multifarious Systems
    • Microcomputer Systems
    • Computer Communications
    • Network Programming
    • Circuit Theory
    • Computer Architecture

Skills

Identity & Security Expert
OAuth2 OIDC SAML JWK IAM IDCS Identity Federation RBAC Workload Identity mTLS Agent Identity MCP Tool Authorization Zero-Trust Architecture API Security Rate Limiting
Distributed Systems Expert
Multi-region Architecture Multi-tenant SaaS Authentication Platforms Performance Optimization Observability Log Analytics Helidon Microservices Event-driven Systems
Cloud Infrastructure Expert
OCI AWS GCP Kubernetes Docker Helm Linux
Languages Expert
Java Python Shell/Bash TypeScript JavaScript
Languages Developing
Go C++
DevOps & Automation Expert
Jenkins GitLab CI GitHub Actions CI/CD Pipeline Optimization Infrastructure-as-Code ArgoCD GitOps
Databases Expert
Oracle PostgreSQL MySQL PL/SQL

Interests

Gaming
Factorio Satisfactory Diablo WoW
Software/Home Server
Kubernetes microk8s Docker Personal Applications
Fitness
Powerlifting Strength Training