Written for the Oracle PFE 2027 internship · Casablanca R&D Center

Othmane Mammad

Full-Stack Engineer (Cloud & AI) · Final-year Engineering Student

Free for a 6-month final-year project (PFE) from January 2027

othmanemammadd@gmail.com othmanemammad.comAgadir, Morocco — happy to move to Casablanca

About me

I'm a final-year computer engineering student on the Cybersecurity & Networks track, and I learn by building real things and keeping them running. The one I'm proudest of is BloggyHub — a multi-tenant content platform I designed, shipped, and still operate in production on a Linux server: a FastAPI + React app with MySQL and Redis, a multi-provider AI layer, and the security work (tenant isolation, encryption at rest, fixing my own IDOR bugs) that keeps it honest. I like the whole stack, but I do my best work around people who are sharper than me — so what I want next is a team where I can own a real piece, ask good questions, and have my code properly reviewed. The Oracle PFE 2027 internship in Casablanca is exactly that room: cloud and AI, built from Morocco for the world — and I'm already learning Oracle Cloud on the Always Free tier so I can be useful early instead of starting from zero.

What I can do

Grouped by what I actually do, with an honest level on each. The real proof is in the projects below — every line here is something I can talk through for a few minutes.

Languages

Daily — Java & C/C++ are coursework

What I reach for day to day, plus the academic ones — said honestly so nothing surprises you in a technical screen.

PythonTypeScript / JavaScriptSQLGoJava, C / C++ (coursework)

Backend & APIs

Daily, in production

Where I'm strongest. I design and run the services myself — REST APIs, a multi-provider AI layer, and background jobs that survive a restart.

FastAPIREST API designRedis Queue (RQ) jobsLLM (large language model) integrationCost-based model routingResponse caching

Frontend

Working knowledge

Enough to ship a clean, real interface end to end — I build and deploy the React and Astro front ends for my own products.

React / Next.jsAstroTailwind CSS

Cloud & Linux ops

Daily, in production

I deploy and operate what I build on a Linux server — scripted deploys with health checks, not click-ops.

Linux / UnixDocker & Docker ComposeCaddy / Nginxsystemd & gunicornScripted deploys + health checksGit

Databases & data

Daily, in production

I model the schema, run the migrations, and tune for speed — including a SQLite-to-MySQL move via a custom adapter and ~20 performance indexes.

MySQL / MariaDBPostgreSQLRedisSchema design & migrationsPerformance indexing

Security

Cybersecurity major — used on my own code

My degree track, applied to real software: I threat-model, then fix what I find — including 7 IDOR bugs caught in a self-audit of my own app.

OWASP Top 10Multi-tenant isolation (default-deny)JSON Web Token (JWT) authEncryption at rest (Fernet)SSRF & IDOR remediationContent Security Policy (CSP)

The project I'm proudest of

BloggyHub — a multi-tenant content platform

I designed it, shipped it, and I still keep it running in production. It runs AI content pipelines for several sites under one roof.

Built the whole thing end to end: a FastAPI backend, a React front end, MySQL/MariaDB and Redis — and I migrated the data layer off SQLite with a custom adapter when it outgrew it.
Made it multi-tenant and built it to scale to 100+ tenants: every request is scoped to its owner and every route is default-deny, so one customer can never see another's data.
Wrote a multi-provider AI router across six models (OpenAI, Anthropic, Google, DeepSeek, Grok, OpenRouter) that picks the cheapest model good enough for each task — with daily cost caps and response caching.
Kept long content jobs alive on Redis Queue (RQ): multi-hour timeouts and workers that pick back up after a restart instead of losing the run.
Did the security work myself: Supabase JWT auth (fail-closed), Fernet encryption at rest, SSRF guards, a Content Security Policy — and a self-audit that caught and fixed 7 IDOR bugs.
Deploy and operate it on a Linux VPS — Docker, gunicorn, systemd, Caddy, and scripted deploys with health checks.

PythonFastAPIReactMySQLRedisDockerCaddyLinux

A few other things I've built

Affiliate-funnel platform (Go + Astro)

A family of marketing sites on a production stack — Astro front end, Go (Fiber) backend, PostgreSQL, Docker Compose — with server-side conversion tracking (Meta Conversions API + Google Enhanced Conversions) written in Go.

GoAstroPostgreSQLDocker

Pattern Translator

A FastAPI service that translates Russian crochet/knitting PDFs into English with an LLM — built around accuracy, with parsing and validation so it doesn't just hallucinate a translation.

PythonFastAPILLM

WordPress publishing automation

Scripts that publish to WordPress and Elementor through the REST API across several live sites, so I'm not doing it by hand.

PythonREST APIElementor

Web-to-Android packaging

Wrapped a web app into a native Android APK with Capacitor (JDK 21 toolchain) to ship it to a phone.

CapacitorAndroidTypeScript

Experience

Founder & independent builder

2022 — present

Self-built SaaS & web products

I build and run the products above end to end — architecture, backend, frontend, the AI layer, security, and deployment.
I work with AI coding agents in the loop, then review and own everything that ships.

Online business operator

2014 — 2022

Self-employed

~10 years running real online businesses: freelance copywriting (Arabic/French/English), cash-on-delivery e-commerce across African markets, and content sites grown organically.
It's where I learned the unglamorous parts — deadlines, metrics, reliability — that decide whether software actually gets used.

How I work with a team

I write things down. My projects ship with READMEs, runbooks, and scripted deploys so nobody has to reverse-engineer my head — I think good engineers make their teammates better, and that starts with documentation.
I ask early instead of guessing. I'd rather flag a fuzzy requirement on day one than quietly burn a week building the wrong thing.
I treat code review as the fastest way to get better — I want my work read and poked at, and I'll do the same carefully for others.
I work in three languages — Arabic, French, English — so I can bridge regional and global teams without things getting lost.
I've run my own projects solo for ~10 years, so I know the difference between “good enough to ship” and “needs hardening first”, and I respect deadlines.
I use AI coding agents, but I own the output — I review it, test it, and can explain every line.

What I'm learning right now

Three things I'm actively working through this year — honestly still in progress, and picked on purpose so I can plug straight into a Cloud + AI team and Oracle's own stack. Each one builds on something I already do.

Oracle Cloud Infrastructure (OCI) — Foundations cert + Free Tier
I already run my apps on a Linux server with Docker and a reverse proxy, so I'm mapping those same habits onto OCI — Compute, Autonomous Database, and APEX on the Always Free tier — and working toward the OCI Foundations Associate certification.
Oracle Database 23ai — AI Vector Search
My SaaS already leans on an AI layer, so vector search is the natural next step. I'm learning how 23ai does it inside the database instead of bolting on a separate store.
OCI Generative AI service
I built a cost-based router across six model providers the scrappy way; now I want to learn how a team standardizes on one governed, secured GenAI layer — closer to how production AI should really be run.

Why Oracle

Oracle opened North Africa's first hyperscaler cloud region in Casablanca and is scaling its R&D Center toward 1,000 engineers by 2027 — I want to build cloud and AI from Morocco, for the world.
My day-to-day is already cloud-native (Linux, Docker, reverse proxies, queues) and AI-first — the exact corner the R&D Center works in.
I'm on the cybersecurity track and I've done real remediation on my own code (IDOR, JWT, encryption, SSRF, OWASP Top 10) — that maps to the center's security and software-QA work.
I'm already learning Oracle Cloud on the Always Free tier so I can be useful early — and I deliver in Arabic, French, and English.

Education

Diplôme d'Ingénieur d'État (State Engineer's Degree, Bac+5) — Computer Engineering, Cybersecurity & Networks track

Universiapolis – École Polytechnique d'Agadir

Expected 2027

5-year program (2-year preparatory cycle + 3-year engineering cycle). Final-year project (PFE) in 2027. Coursework I lean on: data structures & algorithms, databases, networks, operating systems, and security.

Languages

ArabicNative
FrenchFluent
EnglishProfessional

Ask me about…

If we talk, here are the threads I'd love you to pull on — each one is a real story I can walk you through.

How I moved BloggyHub off SQLite onto MySQL/MariaDB with a custom adapter — and how I checked the data came across intact.
The 7 IDOR bugs a self-audit caught in my own app, and how I rebuilt tenant isolation to be default-deny.
Why I built a multi-provider AI router with cost-based routing instead of hardcoding one model.
How I keep multi-hour jobs alive on Redis Queue when a worker restarts mid-run.
What broke the first time a real user hit my SaaS — and what I changed because of it.
What ~10 years of cash-on-delivery e-commerce taught me about reliability and metrics.

P.S. — I hid an encrypted note for people who read the source. It's on the home page, right at the bottom. Crack it and you'll know how to reach me.