systems-architecture
/
custom-ats.md
# Custom Enterprise ATS & Onboarding Engine — Architectural Case Study
When enterprise licensing is cost-prohibitive, you build it yourself — and you build it better.
Top-tier enterprise ATS platforms like Greenhouse or Ashby offer deep workflow customization and compliance routing — but their licensing costs are prohibitively expensive for many scaling companies. When our organization needed a system tailored tightly to our internal operations, we faced a classic engineering trade-off: pay an enterprise premium for features we might not fully use, or build a lean, custom platform designed exactly around our specific operational constraints.
I architected and deployed a custom internal ATS platform that digitizes our end-to-end recruitment pipeline — moving candidates from resume ingestion to final onboarding.
Instead of building a generic CRUD application, I focused on mapping out the complex cross-department checkpoints that usually require manual overhead, centering the architecture around three core engineering priorities:
01
Scrappy Cost Optimization — Offloading resource-heavy token processing and resume parsing to the serverless edge to avoid expensive third-party AI API subscriptions.
02
Strict State Management — Building a deterministic, multi-department approval engine to ensure compensation compliance before an offer letter can physically be generated.
03
Decoupled Data Security — Providing a secure, isolated interface for external candidates to submit sensitive pre-boarding documents without exposing our internal infrastructure.
1. Resume Parsing Pipeline (Edge-Assisted Architecture)
⚡ The Challenge
We needed to automate CV parsing without incurring the high subscription costs of enterprise LLM APIs. The solution had to be cost-effective, resilient under load, and still accurate enough for real hiring decisions.
I architected a hybrid edge architecture that offloads tokenization and schema structuring to a lightweight Cloudflare Worker running on the edge, keeping the core backend free from long-running I/O operations.
Data Flow Architecture
Architectural Notes
Edge Offloading: Instead of handling multipart/form-data parsing on the core server, the file is streamed directly through the backend to a Cloudflare Worker. This protects primary compute instances from memory spikes during heavy resume uploads.
Optimistic UI Hydration: The backend saves nothing to the database during the parsing phase. It acts purely as a pass-through — piping the worker's JSON payload back to the UI so the user becomes the final validation layer before any write operation happens.
2. Salary Approval Workflow & State Machine
🔒 The Challenge
Offer letters cannot be generated without multi-department compliance. If any single stakeholder rejects the proposed compensation, the entire loop must immediately invalidate to prevent unauthorized offers reaching candidates.
I implemented a strict sequential state-tracking flow that locks the candidate's offer state until all conditional approvals are met. No shortcuts, no parallel approvals — every rejection forces a full restart from a clean record.
Approval Logic Flow
Architectural Notes
Sequential Locking: The state machine strictly prevents parallel processing of the approval list to maintain a clear, auditable chain of accountability.
Data Immutability: Once OfferStatus is set to Pending_Approval, the underlying salary parameters are locked at the database level. A rejection transitions the record to Cancelled — forcing a completely new transaction record rather than mutating the rejected data.
3. Isolated External Onboarding Portal
🔐 The Challenge
Candidates need a way to upload sensitive pre-offer and onboarding documents without having access to our internal ATS environment or compromising our network security perimeter.
A decoupled token-based authentication portal that utilizes temporary, single-use signed routes for data submission. Candidates get in, submit their documents, and the door closes behind them automatically.
Security & Data Intake Flow
Architectural Notes
Zero-Persistence Tokens: Tokens are stateless and mapped directly to a specific candidate ID and expiration timestamp in the database. Once the onboarding milestone is complete, the token is forcefully revoked — closing the external entry point entirely.
Payload Sanitation: File uploads bypass memory buffer storage on the server and are immediately validated against an allowed MIME-type whitelist before being streamed straight to the storage bucket — minimizing surface area for malicious scripts.