Software Engineer. Security Engineer. Problem Solver.
A Security Engineer with a strong foundation in software development, having started as a programmer and progressively transitioned into the security domain. Possesses deep understanding of the full Software Development Lifecycle (SDLC) and hands-on experience collaborating in agile teams — from sprint planning to technical discussions. Combines development expertise with security knowledge to identify risks early and build secure, maintainable solutions.
With a foundation in both software engineering and security, I architect scalable systems, build RESTful APIs, design cloud-native applications, and secure them against real-world threats. I don't just write code or find vulnerabilities — I build robust solutions that perform under pressure and withstand attacks, enabling teams to ship with confidence.
Building and securing applications end-to-end — from clean code and CI/CD pipelines to threat modeling and automated security testing.
Building end-to-end solutions across the stack — from Python/Flask backends to Laravel applications and cloud-native services.
Designing scalable systems, building RESTful APIs, and developing cloud-native applications — with security baked in from day one.
Leading security audits and penetration testing engagements across organizational assets. Implementing DevSecOps practices by integrating automated security tools and vulnerability scanning directly into CI/CD pipelines. Collaborating with development teams to embed security controls throughout the software development lifecycle. Developing and enforcing security policies, standards, and best practices to strengthen the overall security posture.
Performed comprehensive web application penetration testing using OWASP Web Security Testing Guide (WSTG) as the primary methodology. Conducted threat modeling to identify potential risks and integrate security controls into the SDLC. Collaborated with developers to communicate vulnerabilities and provide actionable mitigation guidance, including secure coding recommendations. Developed an automated security tool for real-time vulnerability detection, enhancing incident response capabilities. Researched and refined vulnerability assessment methodologies, improving testing procedures and overall effectiveness. Prepared detailed technical reports on identified security issues with analysis and suggested improvements.
Collaborated with a software development team using Agile methodology and contemporary development practices (SOLID principles) to deliver high-quality solutions. Developed and maintained RESTful API backend services and business logic, contributing to key platform features. Built fully automated CI/CD pipelines using GitHub Workflows and Docker, enabling seamless build, test, and deployment of containerized applications. Performed code reviews to ensure coding standards and software quality in financial data processing systems.
Implemented and maintained complex business logic within a large-scale ERP application, with hands-on involvement in frontend views to support feature delivery and usability. Participated in bug fixing, feature enhancements, and codebase stabilization in a production environment. Contributed to the design and optimization of MySQL database schemas to support performance and data integrity.
A comprehensive Enterprise Resource Planning system purpose-built for manufacturing factories. Manages the complete production lifecycle — from sales orders and warehouse inventory to bill of materials, production planning, and final cost calculation. Streamlines factory operations and provides real-time visibility into production costs and inventory levels.
A healthcare platform that enables patients to connect with their provider through an integrated online consultation system. Features real-time chat with instant messaging, appointment scheduling, push notifications, and secure patient-provider communication. Designed for accessibility and a seamless user experience.
An AI-powered security assessment platform combining Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to automatically identify vulnerabilities in web applications and APIs. Leverages machine learning to minimize false positives and deliver intelligent remediation recommendations.
I'm always open to interesting conversations, collaborations, and opportunities. Whether you want to talk about security, software, or just say hello — my inbox is always open.
Send a Message