Full-Stack Web Dev — Complete Skill Matrix (Junior → Principal)
0:00
0:00
✅ Full-Stack Web Dev — Complete Skill Matrix (Junior → Principal)
All unique ideas from both answers are retained. No detail removed. Advanced = Senior Level | Expert = Principal / Staff Level
📖 How to Use This Guide
- Basics / Intermediate: Focus on "How to build it."
- Advanced (Senior): Focus on "How to build it for production" (reliability, performance, testing, security).
- Expert (Principal): Focus on "Why we build it," "What is the business cost," and "How do I help 10 teams build it better?"
Table 0 — Levels: What They Mean in Real Orgs
| Level | Typical Role | Scope | Key Differentiator / What "Proof" Looks Like |
|---|---|---|---|
| Basics | Junior Dev (0–1 yr) | Assigned tasks | Builds features with guidance; learns from code reviews; understands stack fundamentals |
| Intermediate | Mid-Level Dev (2–3 yr) | Feature-level | Works independently; owns features end-to-end; chooses sane defaults; fewer footguns |
| Advanced (Senior) | Senior Dev (4–6 yr) | System / service-level | Writes RFCs/design docs, mentors, improves reliability/perf/security, handles incidents, drives tech-debt reduction; designs for scale |
| Expert (Principal) | Principal / Staff (7+ yr) | Org-wide / multi-team | Sets standards + "golden paths", cross-team architecture, reduces systemic risk, measurable impact (quality/reliability/cost/delivery); multiplies engineering effectiveness |
Table 1 — JavaScript / TypeScript
| Level | Topics |
|---|---|
| Basics | Variables, data types, functions, loops, conditionals; DOM manipulation; ES6+ (arrow functions, destructuring, spread/rest, template literals, optional chaining, nullish coalescing); Promises, async/await, fetch API; Modules (import/export, CommonJS); Basic TS types, interfaces, type annotations, typing props/params |
| Intermediate | Closures, hoisting, scope chain; Event loop & call stack (microtasks vs macrotasks); Prototypes & prototype chain; this keyword & binding (call/apply/bind); Higher-order functions (map/filter/reduce); Error handling patterns (try/catch/finally, custom error classes); WeakMap/WeakSet basics; Local/session storage; TS: interfaces vs types, enums, generics basics, utility types (Partial, Pick, Omit, Required, Record), discriminated unions, type guards, strict mode habits; Modules & barrel files |
| Advanced (Senior) | Generators & iterators; WeakMap/WeakSet/WeakRef in depth; Proxy & Reflect API; Symbol; Memoization, currying, partial application; Debounce/throttle implementation; Perf profiling + leak debugging; Advanced TS: generics constraints, conditional types, mapped types, template literal types, declaration merging, module augmentation, inference tuning; Build & lint strategy (ESLint, Prettier, tsconfig strictness); Polyfills & transpilation (Babel); Design patterns in JS/TS (Strategy, Observer, Factory, Command, CQRS-style separation when useful) |
| Expert (Principal) | V8 engine internals, JIT compilation, memory management & GC (heap, GC roots, leak detection); Flame graphs; AST manipulation; Custom Babel/ESLint plugins; TypeScript compiler API; Cross-runtime optimization (Node, browser, edge); Type-level API design for library authors; Language spec awareness (TC39 proposals — what's coming + adoption strategy); Metaprogramming; Org-wide TS migration strategy (incremental strictness, boundaries, monorepo typing); Building compilers/transpilers |
Table 2 — Web Fundamentals (HTTP, Caching, CORS, Perf, i18n, PWA)
| Level | Topics |
|---|---|
| Basics | HTTP verbs/status codes; cookies vs localStorage basics; "caching helps performance" concept; what SSR/CSR means conceptually |
| Intermediate | Headers (Cache-Control, ETag, Vary), basic cache debugging; CORS & preflight; basic security headers awareness; i18n basics (locale routing, formatting); basic service worker awareness |
| Advanced (Senior) | Caching strategies (browser/CDN/server); Core Web Vitals work (LCP/INP/CLS — note: INP replaced FID as Core Web Vitals metric Mar 2024) with profiling + perf budgets; hydration costs; streaming implications; request waterfalls; progressive enhancement; PWA/offline tradeoffs; bundle analysis + image optimization pipelines |
| Expert (Principal) | Org-wide perf monitoring + budgets; edge runtime constraints; CDN strategy; multi-region latency strategy; web standards/guidelines; WebAssembly awareness (where it helps/doesn't); governance so perf doesn't regress |
Table 3 — HTML / CSS / Tailwind / Design Tokens / Design Systems
| Level | Topics |
|---|---|
| Basics | Semantic HTML5 tags (article, section, nav, main, aside, header, footer); Forms, input types, validation; Tables, lists, media tags (img, video, audio); Box model (margin/padding/border/content); Flexbox & Grid basics; Positioning (static, relative, absolute, fixed, sticky); CSS specificity & cascade; Pseudo-classes & pseudo-elements; Responsive design (media queries); Tailwind utility classes; BEM basics |
| Intermediate | CSS variables (custom properties); Animations & transitions; clamp(), min(), max() for fluid sizing; SCSS/Sass (nesting, mixins, variables, extends); Tailwind config customization (theme, plugins, variants); CSS Modules for component-level scoping; CSS-in-JS (styled-components, Emotion) + tradeoffs; Accessibility: ARIA roles/attributes, tabindex, focus management, keyboard navigation; @apply directive in Tailwind; i18n awareness; BEM (also useful for reading/debugging legacy CSS codebases) |
| Advanced (Senior) | CSS Container queries; @layer & Cascade layers; Scroll-driven animations; Cross-browser quirks & compatibility; Critical CSS extraction & inline strategies; Print styles; CSS Grid advanced (subgrid, named areas); Stacking contexts & z-index management; Layout performance (reflow vs repaint vs composite, avoiding layout thrashing); Tailwind plugin authoring; Design tokens architecture; CSS Object Model (CSSOM); Atomic/FSD architecture; (optional) CSS Houdini awareness |
| Expert (Principal) | Building design systems from scratch; Theming architecture (dark/light modes + brand tokens); WCAG 2.1/2.2 full compliance auditing; Performance impact of CSS; CSS Houdini API (Paint, Layout, Animation Worklets); Headless UI styling patterns; Reusable accessible components at scale; Cross-platform/cross-device rendering expertise; Maintaining company-wide component libraries; Progressive enhancement strategies; Governance/versioning of component libraries; Frontend platform strategy |
Table 4 — React (Core, Performance, Scalability)
| Level | Topics |
|---|---|
| Basics | JSX syntax; Functional components; Props & prop drilling; useState, useEffect; Event handling; Conditional rendering; Lists & keys; Basic routing (React Router v6); Context API intro; React DevTools basics; Stateless vs stateful components |
| Intermediate | useRef, useMemo, useCallback, useReducer; Custom hooks; React Router v6 (nested routes, loaders, actions, outlet); Error boundaries; Composition patterns; Component testing (React Testing Library); Server state vs UI state distinction; Snapshot tests (use carefully) |
| Advanced (Senior) | React reconciliation & Fiber architecture intuition; Concurrent features — useTransition, useDeferredValue, startTransition, Suspense mental model; Code splitting & lazy loading (React.lazy, dynamic imports); Portal (createPortal); Compound component pattern; Render props; Higher-order components (HOC); Optimistic UI updates; XState / state machine patterns; Race condition handling in async hooks; Performance profiling (React DevTools Profiler, Lighthouse, flame graphs); Module federation for micro-frontends; Avoiding unnecessary re-renders at scale |
| Expert (Principal) | React internals (reconciler, scheduler, work loop); Custom renderer concepts; Micro-frontend architecture with React (Module Federation) tradeoffs; Streaming SSR (React 18+); React Server Components (RSC) mental model & client/server boundary decisions at org scale; Performance budgeting & continuous Web Vitals monitoring; Migrating legacy class components at scale; Defining front-end architecture strategy for multi-repo or mono-repo orgs; Org-wide patterns preventing "framework churn"; Guiding org-wide React version upgrades; Platform UI packages other teams build on; Contributing to or wrapping core libraries; Custom build pipelines (Vite/Webpack/Turbopack configs) |
Table 5 — State Management (Redux Ecosystem + Alternatives)
| Level | Topics |
|---|---|
| Basics | Local state (useState); Basic Context API; Redux concepts (actions/reducers/store); React-Redux hooks (useSelector/useDispatch); Basic thunks; "Lift state up" pattern |
| Intermediate | Redux Toolkit (RTK) — slices, createSlice, configureStore, createAsyncThunk (prefer RTK over hand-rolled Redux + Thunk); TanStack Query / React Query basics (queries, mutations, caching, invalidation, optimistic updates); Zustand basics; Jotai basics (optional); Clear UI-state vs server-state separation; React Hook Form + Zod for form validation |
| Advanced (Senior) | RTK Query deep use (cache, dedupe, invalidation, listener middleware, custom middleware); Normalized state when needed; Optimistic updates; Race conditions; Tradeoffs (Redux vs Zustand/Jotai/Context/TanStack Query vs server vs client state); Server-state patterns (invalidation/retries); XState / state machine patterns; Offline-ish UX patterns; Performance audits on state; "When not to use global state" heuristics; Debuggability practices |
| Expert (Principal) | Define org standards ("when to avoid global state"); Complex async flows at enterprise scale; Migration strategies (Redux → RTK/RTKQ, ad-hoc → server-state); Performance auditing at scale; Standardized state/data strategy for consistency/debuggability across teams; Governance ("when Redux is justified vs Zustand/server-state") |
Table 6 — Next.js / Rendering Modes (API Routes, SSR/SSG/ISR, App Router, Caching)
| Level | Topics |
|---|---|
| Basics | Pages Router vs App Router concepts; CSR vs SSR vs SSG concepts; Basic routing |
| Intermediate | App Router: layouts, loading.tsx, error.tsx, not-found.tsx; ISR (Incremental Static Regeneration); API routes & Server Actions basics; Basic SEO; Image/font optimization |
| Advanced (Senior) | Streaming/Suspense implications; RSC boundaries (client vs server component decisions); Edge vs Node runtime tradeoffs; Next.js advanced caching model (data cache, full-route cache, router cache, revalidate); Deployment constraints awareness; Bundle/image optimization in Next.js context; Zero-downtime patterns for Next.js apps |
| Expert (Principal) | Org "golden path" Next.js architecture; Caching strategy at org level; Upgrade/migration strategy (pages → app router, RSC adoption); Boundary rules (what runs where, secrets, data access); Platform templates; Polyglot front-end strategy (Next.js vs other frameworks per use case) |
Table 7 — Node.js / Express / NestJS Backend
| Level | Topics |
|---|---|
| Basics | Node.js core modules (fs, path, http, events, stream, buffer, os, libuv concept); npm/pnpm/yarn; Express routing, middleware, request/response cycle; Static file serving; ENV variables (.env, dotenv); Basic CRUD REST API; Async/await patterns; Error handling middleware |
| Intermediate | Express error handling patterns, middleware chaining; NestJS: modules, controllers, services, guards, pipes, interceptors, dependency injection (DI); File uploads (Multer, malware scanning awareness, size limits); Job queues (BullMQ + Redis) intro; JWT auth basics (access + refresh token rotation); Logging (Winston/Pino); Input validation (Zod, Joi, class-validator); Swagger/OpenAPI integration |
| Advanced (Senior) | NestJS CQRS module; Event sourcing patterns; NestJS Microservices (TCP, NATS, RabbitMQ, Kafka, gRPC transport); Custom decorators & guards; Rate limiting & throttling; Redis caching strategies; WebSockets (Socket.io/ws); Server-Sent Events (SSE); Circuit breaker patterns (opossum); Zero-downtime blue-green deployments; Observability hooks (metrics, structured logging, tracing); Multi-tenancy patterns; Worker threads/clustering; Memory leak detection & heap profiling (clinic.js, node --inspect); Resilience patterns (timeouts, retries) |
| Expert (Principal) | Node.js internals (libuv, thread pool, event loop phases in detail); Custom NestJS modules/plugins; Modular monolith at scale; Shared platform modules; Monorepo with Nx or Turborepo; Distributed tracing (OpenTelemetry); Polyglot back-end strategy (Node + Go/Rust where appropriate); Domain-Driven Design (DDD) with NestJS; Company-wide API standards, governance & backend "golden paths"; High-throughput system tuning; Distributed systems / event-driven (Kafka/RabbitMQ/NATS); Cost-aware scaling; Serverless orchestration; API Gateway/BFF patterns |
Table 8 — APIs & Communication
| Level | Topics |
|---|---|
| Basics | REST principles: HTTP verbs (GET, POST, PUT, PATCH, DELETE), status codes (2xx/3xx/4xx/5xx), CRUD mapping; JSON request/response structure; Postman/Insomnia/Thunder Client; API keys basics; URL structure & query params |
| Intermediate | REST best practices: versioning (URI/header-based), pagination (cursor vs offset), filtering, sorting, HATEOAS basics; OpenAPI/Swagger documentation; JWT + Refresh token flow; OAuth2 flow basics (authorization code, client credentials); GraphQL basics (schema, queries, mutations, resolvers); WebSockets intro; CORS configuration; Idempotency concepts; Repository/service-layer patterns |
| Advanced (Senior) | GraphQL advanced: subscriptions, DataLoader (N+1 problem), schema stitching, federation (Apollo Federation); REST rate limiting & throttling strategies; Idempotency keys for payment/write APIs; OAuth2/OIDC full implementation (PKCE, token introspection, revocation, scopes, claims); tRPC for end-to-end type safety; gRPC basics (protobuf, streaming); Server-Sent Events (SSE); API versioning deprecation strategy; Contract-first API design (OpenAPI spec before code); Signed URLs/object storage patterns |
| Expert (Principal) | API gateway patterns (Kong, AWS API Gateway, custom BFF); BFF (Backend for Frontend) pattern (mobile vs web); AsyncAPI spec for event-driven/async systems; Distributed auth patterns (PASETO vs JWT token format tradeoffs, mTLS, service-to-service auth); Chaos engineering on APIs; API deprecation lifecycle management; API governance (standards, reviews, breaking change policies); GraphQL persisted queries & security; Cost-aware API design (minimize downstream calls); Event-driven architecture (Kafka/RabbitMQ) |
Table 9 — Databases (SQL + NoSQL) + ORM / Drivers + Caching
| Level | Topics |
|---|---|
| Basics | SQL fundamentals: SELECT, INSERT, UPDATE, DELETE, WHERE, ORDER BY, LIMIT; JOINs (INNER, LEFT, RIGHT, FULL); Primary keys, foreign keys; Normalization basics (1NF, 2NF, 3NF); MongoDB: CRUD, documents, collections, ObjectId; Basic indexing concepts; Prisma basic models & queries; TypeORM basic entities & repositories; Mongoose schemas & models (ODM awareness); mysql2 raw queries; Storing & retrieving data safely |
| Intermediate | Complex JOINs, subqueries, correlated subqueries; Aggregations (GROUP BY, HAVING, COUNT, SUM, AVG); Transactions & ACID properties; Stored procedures, views, triggers; MongoDB aggregation pipeline; Schema design (embedding vs referencing in MongoDB); Composite, partial, unique, and text indexes; Prisma relations (1-1, 1-N, M-N), migrations, raw queries; TypeORM migrations & query builder; Normalization vs denormalization tradeoffs; Data seeding; Backups basics; Soft deletes vs hard deletes; ORM/ODM vs raw-query tradeoffs (N+1, transactions/locking, migration safety) |
| Advanced (Senior) | Query optimization (EXPLAIN, EXPLAIN ANALYZE in Postgres); Indexing strategies (B-tree, GIN, BRIN, Hash in Postgres); Window functions (ROW_NUMBER, RANK, LAG, LEAD); CTEs (Common Table Expressions); Table partitioning (range, list, hash); Replication (primary/replica, logical vs physical); Sharding basics; Connection pooling (PgBouncer, pgpool); MongoDB replica sets & transactions; Redis: caching (cache-aside, write-through, write-behind, read-through), pub/sub, sorted sets, Lua scripting, rate limiting, BullMQ job queues, TTL, stampede avoidance; Full-text search (Postgres tsvector, MongoDB Atlas Search); PITR backups; Data privacy & GDPR retention policies at DB level; Zero-downtime migration patterns |
| Expert (Principal) | CAP theorem & distributed DB tradeoffs; Eventual consistency models; CQRS + event sourcing at DB layer; Multi-tenant DB architecture (schema-per-tenant, row-level security); Sharding strategy & conflict resolution concepts; Query planner internals; Vector DB basics (pgvector for AI/ML use cases); Time-series optimization; Data archival strategies; Polyglot persistence architecture (choosing right DB per workload — OLTP vs OLAP, columnar vs row); Multi-region data strategy & conflict resolution; Data lineage, cataloging, governance; Data warehousing/lake integration; Company-wide data governance |
Table 10 — Testing
| Level | Topics |
|---|---|
| Basics | Unit testing concepts (Arrange-Act-Assert pattern); Jest basics (describe, it/test, expect, beforeEach, afterEach); Basic mocking (jest.fn(), jest.mock()); React Testing Library (render, screen, userEvent, queries); Test file structure & naming conventions |
| Intermediate | Integration tests (multiple modules together); API testing with Supertest; Snapshot testing (when to use/avoid); Mock functions, spies, module mocks; Code coverage reports & thresholds; Vitest (faster Jest alternative for Vite); Testing custom hooks; NestJS TestingModule; MSW (Mock Service Worker) for API mocking in FE tests; Test data factories/fixtures; Component testing in Storybook |
| Advanced (Senior) | E2E testing (Playwright — preferred; Cypress ok); Test isolation strategies (DB cleanup, transaction rollback, test containers); TDD & BDD methodologies; Contract testing (Pact — consumer/provider contracts); DB testing strategies (in-memory DB, test containers); Parallelizing tests in CI; Visual regression testing (Percy/Chromatic/Storybook); Load testing basics (k6, Artillery); Flake control strategies |
| Expert (Principal) | Testing pyramid strategy ownership (unit/integration/E2E ratio); Mutation testing (Stryker) to validate test quality; Performance/load/stress testing at scale (k6, Gatling, Artillery); CI test optimization (sharding, caching, selective runs); Writing custom test utilities & matchers; Chaos engineering (inject failures to test resilience); Flaky test reduction/elimination program; Defining org-wide testing strategy & quality gates; Shift-left quality culture; Automated compliance/security testing in pipeline |
Table 11 — DevOps / Infrastructure / CI-CD
| Level | Topics |
|---|---|
| Basics | Git workflows (branching strategies — trunk-based, Gitflow; rebase, cherry-pick, stash, tags); GitHub/GitLab basics (PRs, issues, code review, commit message hygiene); Docker basics (Dockerfile, images, containers, volumes, networking, port mapping); Basic Linux commands (ls, cd, grep, curl, chmod, ps, top); ENV management & .env files; Basic cloud deployment (Vercel, Netlify, Render, Railway, Heroku) |
| Intermediate | Docker Compose (multi-container — app + db + redis); Multi-stage Docker builds; CI/CD pipelines (GitHub Actions/GitLab CI — build, test, deploy jobs); Cloud basics: AWS/GCP/Azure (EC2, S3, RDS, Lambda, IAM basics, VPC concept); Nginx as reverse proxy; SSL/TLS certs (Let's Encrypt, certbot); Basic bash scripting; Environment management (dev/staging/prod); Rollback strategies; Tagging & release management |
| Advanced (Senior) | Kubernetes basics (pods, deployments, services, ingress, configmaps, secrets, namespaces); Helm charts; Container registry (ECR, GCR, Docker Hub); Infrastructure as Code (Terraform basics, AWS CDK, Pulumi); CDN strategy (CloudFront/Cloudflare); Blue-green & canary deployments; Feature flags (LaunchDarkly, Unleash); Secrets management (Vault, AWS Secrets Manager, GitHub Secrets); Monitoring & alerting (Prometheus + Grafana, ELK stack); Cost optimization reviews; Auto-scaling basics; SBOM awareness |
| Expert (Principal) | Full K8s production setup (HPA, PDB, VPA, resource limits/requests, namespace strategy, network policies); GitOps (ArgoCD/Flux CD); Service mesh (Istio/Linkerd — traffic management, mTLS, observability); Full observability stack (Prometheus + Grafana + Loki + Tempo — full LGTM stack); Distributed tracing (Jaeger/OpenTelemetry — traces, metrics, logs unified); FinOps (cloud cost modeling, optimization, rightsizing); Multi-region deployment strategy; Platform engineering (golden paths, internal developer platforms); Disaster recovery drills, RTO/RPO ownership; Compliance automation (SOC2, ISO27001); SRE principles (error budgets, SLIs/SLOs/SLAs) |
Table 12 — Security
| Level | Topics |
|---|---|
| Basics | OWASP Top 10 awareness; HTTPS basics (TLS, certificates); Input validation & sanitization (never trust client data); Password hashing (bcrypt, argon2 — never MD5/SHA1 plain); Environment variables for secrets (never hardcode); Basic auth (API keys, Basic Auth over HTTPS) |
| Intermediate | JWT security (algorithm confusion attacks, expiry, short-lived access + refresh rotation, storage — httpOnly cookies vs localStorage); CORS configuration; CSP headers (Content Security Policy); SQL injection prevention (parameterized queries, ORMs); XSS prevention (output encoding, DOMPurify); CSRF prevention (SameSite cookies, CSRF tokens); Rate limiting & brute-force protection; helmet.js for Express/Node security headers; Secure cookie flags (httpOnly, Secure, SameSite); Dependency vulnerability scanning (Snyk, Dependabot, npm audit); Data encryption at rest & transit |
| Advanced (Senior) | OAuth2/OIDC deep dive (PKCE, token introspection, revocation, scopes, claims); RBAC (Role-Based Access Control) & ABAC (Attribute-Based Access Control) patterns; Security headers audit (HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy); Secret scanning in CI (GitLeaks, Trufflehog); Penetration testing basics; Threat modeling (STRIDE methodology); Security-by-design code reviews; Secure SDLC practices; SAST (static analysis) & DAST (dynamic analysis) basics |
| Expert (Principal) | Zero-trust architecture; Full STRIDE threat modeling for system design; SAST/DAST integration in CI/CD pipelines; SOC2/ISO27001 awareness & controls mapping; GDPR/HIPAA compliance at code level (PII handling, data residency, retention); OWASP ASVS as verification checklist; Security incident response playbooks & tabletop exercises; API security gateways; Audit logging strategy (tamper-proof, retention, alerting); Distributed auth (PASETO, mTLS service-to-service); Vulnerability management program; Company-wide secure SDLC policy authoring; Compliance automation |
Table 13 — Observability & Reliability
| Level | Topics |
|---|---|
| Basics | Useful logs; Basic error tracking (Sentry/Rollbar); Basic dashboards; Rollbacks + basic runbooks |
| Intermediate | Structured logging (pino/winston); Correlation IDs across services; Actionable alerts; On-call participation; Postmortems (blameless) |
| Advanced (Senior) | Distributed tracing (OpenTelemetry/Jaeger); Prometheus metrics; Grafana dashboards; SLI/SLO mindset; Error budgets; Incident leadership; Resilience patterns (circuit breakers, retries, timeouts); P95/P99 latency analysis; Reducing MTTR |
| Expert (Principal) | Standardize telemetry org-wide with OpenTelemetry (traces/metrics/logs + collector pipelines); Full LGTM stack (Loki/Grafana/Tempo/Mimir); Org reliability strategy; Reduce MTTR + change failure rate across teams; SLO-driven release decisions; FinOps influence; Capacity planning; DORA metrics program (deploy frequency, lead time, change failure rate, MTTR — used correctly, avoid "gaming"); Disaster recovery RTO/RPO ownership |
Table 14 — System Design & Architecture
| Level | Topics |
|---|---|
| Basics | Client-server model; MVC/MVP/MVVM patterns; Monolith vs microservices concept; REST API design principles; Basic caching concepts (in-memory, browser cache); Load balancer concept; CDN concept; Stateless vs stateful servers; Simple CRUD/monolith design |
| Intermediate | Database design (ER diagrams, normalization, schema modeling); Caching patterns (cache-aside, write-through, write-behind, read-through); Message queue concepts (RabbitMQ, SQS, BullMQ); Horizontal vs vertical scaling; 12-Factor App methodology; Repository pattern & service layer; API gateway concept; Session vs token auth at scale; Rate limiting architecture; Modular monolith boundaries |
| Advanced (Senior) | Microservices patterns: Saga (choreography vs orchestration), Outbox pattern, API gateway, BFF (Backend for Frontend), Sidecar; Event-driven architecture (Kafka, RabbitMQ, event sourcing); CQRS (Command Query Responsibility Segregation); Distributed transactions (2PC, Saga); Circuit breaker (opossum, resilience4j); Strangler fig migration pattern; Multi-tenancy design; Service discovery; Idempotency at system level; Designing for observability from day 0; CAP theorem application; DDD intro (bounded contexts, aggregates) |
| Expert (Principal) | Designing for 99.99% availability; Capacity planning & traffic modeling; Global-scale architecture (multi-region active-active, geo-routing, data sovereignty); Domain-Driven Design (DDD) — bounded contexts, aggregates, domain events, ubiquitous language; Event sourcing full implementation; Data consistency models at scale; Architectural Decision Records (ADRs); Tech debt retirement roadmaps; Reference architecture creation; Aligning architecture with business KPIs; Multi-team technical alignment; DORA metrics ownership (deploy frequency, lead time, change failure rate, MTTR) |
Table 15 — Soft Skills & Technical Leadership
| Level | Topics |
|---|---|
| Basics | Clear written communication (Slack, email, tickets); Asking precise, unblocking questions; Documentation habits (README, inline comments, JSDoc); Ticket & task breakdown; Receiving feedback gracefully; Basic Git collaboration etiquette |
| Intermediate | Code review etiquette — giving constructive, specific feedback & receiving it well; Technical estimation (T-shirt sizing, story points, breaking down unknowns); Mentoring interns/juniors (pair programming, explaining concepts); Sprint ceremonies (standups, retros, planning, demos); Writing API docs, README, onboarding docs; Async communication best practices (clear PRs, detailed commit messages) |
| Advanced (Senior) | Leading technical discussions & design sessions; RFC (Request for Comments) writing & design docs; Cross-team collaboration & dependency management; Incident postmortems (blameless, actionable); On-call handling & escalation; Influencing without authority; Stakeholder management & translating tech ↔ business; Architectural Decision Records (ADRs); Defining team coding standards & best practices; Driving tech debt reduction initiatives; Technical estimation for multi-sprint projects |
| Expert (Principal) | Technical roadmap ownership (multi-year vision); Architectural decision-making at org level; Hiring, interviewing, and leveling engineers; Mentoring senior engineers into staff/principal; Defining engineering standards & "golden paths" org-wide; Stakeholder & exec communication (budgeting, headcount, tradeoffs); Team health & morale awareness; Engineering culture & learning programs (internal guilds, knowledge sharing, upskilling initiatives); FinOps influence (tech choices vs cloud cost); KPIs ownership (DORA metrics); Representing engineering in leadership/board meetings; Building alignment across multiple teams; Build vs buy decisions |
Table 16 — Minimum "You Must Know This" Checklist (Non-Negotiable for Senior / Principal)
| # | Must-Know Area | Minimum Bar |
|---|---|---|
| 1 | JS/TS Fundamentals | Event loop, closures, async patterns, advanced TS generics & utility types |
| 2 | React Deep | Fiber/reconciliation, Server Components, concurrent mode, performance profiling |
| 3 | State Strategy | Server-state (TanStack Query/RTKQ) vs UI-state (Zustand/RTK/Context) — know when to use what |
| 4 | Node.js Internals | Event loop phases, async I/O, avoid blocking, memory/perf debugging basics |
| 5 | One Backend Framework Deep | Express or NestJS — know DI, middleware, guards, interceptors, testing module |
| 6 | Next.js Data Fetching | SSR/SSG/ISR/Server Actions/RSC boundaries + caching model |
| 7 | PostgreSQL Deep | EXPLAIN ANALYZE, index strategy, transactions, zero-downtime migrations at scale |
| 8 | REST API Design | Versioning, idempotency, rate limiting, pagination, error contracts |
| 9 | Redis | Cache-aside, TTL, pub/sub, BullMQ queues, stampede prevention |
| 10 | Security (OWASP) | XSS, CSRF, SQLi, JWT security, RBAC/ABAC, secrets management |
| 11 | Testing Strategy | Unit + Integration + E2E pyramid, MSW, contract testing (Pact), flake control |
| 12 | Docker + CI/CD | Multi-stage builds, GitHub Actions pipeline, staging → prod deploy, rollback |
| 13 | Observability | Structured logging, distributed tracing (OpenTelemetry), alerting, SLO thinking |
| 14 | System Design | Can design a scalable full-stack system with caching, queues, DBs, and explain tradeoffs |
| 15 | Soft Skills | Can write RFCs, lead design reviews, mentor, and translate tech to business impact |
Table 17 — "Capstone Proofs" (What You Should Be Able to Build / Operate Solo)
| Level | Minimum "Proof" Projects / Outcomes |
|---|---|
| Basics | CRUD app with forms + validation, basic REST API, simple auth, deploy it, basic unit tests |
| Intermediate | Product slice: pagination/filtering, file upload, proper error handling, DB migrations, caching basics, CI pipeline, integration tests |
| Advanced (Senior) | Production-grade service: SLOs/alerts, distributed tracing, rate limiting, safe retries/timeouts, background jobs (BullMQ), idempotency, zero-downtime migrations, incident runbook + postmortems, measurable perf improvements (p95 latency / Core Web Vitals) |
| Expert (Principal) | Cross-team platform impact: documented "golden path," shared libs/templates, org-wide standards (security/observability/testing), migration strategy (e.g., monolith → modular/event-driven), measurable reduction in systemic risk/cost/MTTR |
Table 18 — Senior vs Principal (Observable Differences)
| Dimension | Senior (Advanced) | Staff / Principal (Expert) |
|---|---|---|
| Scope | Owns large features/subsystems; drives delivery | Owns cross-team direction; shapes architecture standards |
| Focus | "The solver": ships complex things reliably | "The multiplier": makes multiple teams faster/safer |
| Ambiguity | Clarifies loosely defined problems | Creates alignment for unbounded problems |
| Output | Great code + design docs + mentoring | Reference architectures, standards, governance, migration playbooks |
| Success metric | Local system outcomes | Org outcomes: reliability, security, delivery speed, cost |
Table 19 — The Two "Role Reality" Mental Models
| Ladder | What Changes as You Level Up |
|---|---|
| Junior → Mid → Senior → Principal | Junior: "Make it work." → Mid: "Make it reusable." → Senior: "Make it safe/fast/operable in prod." → Principal: "Make the whole org build these things consistently and cheaply." |
| Senior → Principal key insight | The jump is not "learn more frameworks"; it is systems thinking + communication + architectural ownership + multiplying other engineers (standards, templates, shared libs, reliability/security improvements). |
Table 20 — The "Button" Mental Model
| Level | Mindset |
|---|---|
| Junior | "How do I make this button work?" |
| Mid-Level | "How do I make this button reusable?" |
| Senior | "How do I ensure this button doesn't break production and is accessible to all?" |
| Principal | "Do we even need this button, or should we invest in a Design System that makes all buttons across the company consistent and cheaper to build?" |
Table 21 — Recommended Progression Path
| Action | Why It Matters |
|---|---|
| Read Designing Data-Intensive Applications (Martin Kleppmann) | Best single book for distributed systems & database tradeoffs |
| Practice System Design (design Twitter, e-commerce, URL shortener, etc.) | "Can you design a scalable system and explain tradeoffs?" is the Senior/Principal interview |
| Build something with real monitoring/on-call (set up PagerDuty/Grafana alerts) | Production experience with latency/uptime matters more than knowing another library |
| Contribute to open source or internal shared libraries | Demonstrates "multiplying other engineers" — the key Principal differentiator |
| Read Staff/Principal engineer literature (e.g., The Staff Engineer's Path by Tanya Reilly) | Leadership scope expands beyond code; the job becomes influence + alignment |
| Track DORA metrics on a real project | Ownership of delivery + stability metrics = Principal-level accountability |
💡 The single biggest insight: Going from Senior → Principal is not about learning more frameworks. It is about systems thinking + communication + architectural ownership + multiplying other engineers. The System Design, Observability, Security, and Soft Skills tables are the biggest gaps most mid-to-senior devs have. Production experience (latency, uptime, deployment frequency, real on-call) matters far more than knowing the newest library.