Open to opportunities · Stockholm

DevSecOps Engineer
& security researcher.

4+ years embedding security into cloud-native infrastructure, CI/CD pipelines, and compliance programmes. I also spend time researching vulnerabilities in the wild — some of which have been acknowledged by organisations like Mastercard, Sony, and Skyscanner.

get in touch github ↗

🎓

MSc Information Security

Stockholm University, 2026

About

I'm a DevSecOps engineer who finds what's broken before it becomes a problem. I've built auditable, locked-down environments from the ground up — enforcing access controls, secrets management, and vulnerability management across Kubernetes and AWS workloads.

Currently completing my MSc in Information Security at Stockholm University (2024–2026). Comfortable owning security as a first dedicated hire. AWS Certified Solutions Architect.

years of experience

responsible disclosures

5k+

users secured

audit failures

Experience 3 roles

Jan 2024
Dec 2024

DevSecOps Engineer

Poridhi.io · Stockholm, Sweden

Secured AWS infrastructure for 1,000+ users — enforced least-privilege IAM, implemented secrets management, and hardened network security across all environments.
Engineered automated security gates (Trivy, Snyk, SonarQube) into Jenkins and GitHub Actions, blocking 100% of non-compliant releases before production.
Maintained 99.9% uptime across Kubernetes workloads using Prometheus and Grafana; automated provisioning with Terraform and Python, cutting manual deployment effort by 40%.

Jan 2023
Dec 2023

DevSecOps Engineer

Evident Bd Ltd · Dhaka, Bangladesh

Owned end-to-end security compliance for two SaaS platforms (5,000+ users) — built ISO 27001 and GDPR-aligned controls, passing all compliance checks without remediation findings.
Hardened Kubernetes workloads with RBAC, pod security policies, and automated image scanning — zero critical container vulnerabilities reached production.
Integrated SAST and DAST tooling at each CI/CD stage; reduced post-release security findings to zero across both platforms.

Oct 2020
Dec 2022

DevSecOps Engineer

Animagus Research · Dhaka, Bangladesh

Delivered ISO 27001, GDPR, and HIPAA-compliant AWS environments for multiple clients — designed embedded security controls from the ground up with zero audit failures.
Automated security scanning across Jenkins and Docker pipelines; deployed centralised log management with CloudWatch, Prometheus, and Grafana.

Skills & stack

Cloud Security

AWS IAM VPC hardening GuardDuty CloudTrail Secrets Mgmt

Container Security

Kubernetes RBAC Pod security Network policies Docker hardening

CI/CD Security

Trivy Snyk SonarQube OWASP ZAP Burp Suite SAST/DAST

Compliance

ISO 27001 GDPR HIPAA Risk assessment

Infrastructure

Terraform Helm Ansible AWS EKS Jenkins

Programming

Python Go Bash PowerShell Java

Awards & research

🏆

1st Runner-Up — Wiz Capture the Flag 2024

Hosted at Accenture Sweden HQ, Stockholm. Cloud security CTF targeting real-world cloud misconfigurations using the Wiz platform — placed against Nordic security teams.

🔍