Security-Focused Software & Cybersecurity Engineer

Fars, Iran • (+98) 902 055 0525 • [email protected]
Open to relocation • Hybrid/Remote

LinkedIn GitHub

About Me

Security-focused Software & Cybersecurity Engineer with an analytical mind and 4+ years of experience in authorized penetration testing, exploit automation, and infrastructure hardening. Certified LPIC-1/2/303 with expertise in Linux systems, bug bounty workflows, and Python/Go-based security tools. Proven at driving measurable risk reduction across enterprise apps and cloud/Kubernetes platforms. Bridges dev and security to build robust, scalable, attack-resilient systems.

Core Skills

Security & Offensive (authorized)

  • Penetration Testing, Vulnerability Scanning
  • Exploit/Recon Automation, WAF evasion testing (authorized)
  • Threat Modeling, Security Awareness/Phishing Simulation
  • System Hardening

Programming & Development

  • Python, Go, C++
  • Node.js, React, .NET Core
  • PostgreSQL, SQL Server, MongoDB

Linux & Platform Administration

  • LPIC-1/2/303, RHEL/Debian families
  • Kubernetes hardening, CloudLinux, LiteSpeed, cPanel
  • Keycloak (IAM), BigBlueButton

DevSecOps & Cloud

  • Docker, CI/CD
  • Kubernetes
  • AWS, Azure

Working Style & Approach

  • Calm under pressure; tight deadlines; attention to detail
  • Agile methodology
  • Troubleshooting security & network issues

Professional Experience

Cybersecurity Engineer – Keepa

Shiraz, Iran • Jan 2024 – Present

  • Secured financial services platform used by 15,000+ clients, reducing incident reports by 30%.
  • Implemented continuous vulnerability scanning and automated exploit detection, improving coverage by 45%.
  • Hardened Kubernetes infrastructure and aligned controls with ISO 27001 requirements.

Penetration Tester – Spara Security Group

Tehran, Iran • Sep 2022 – Dec 2023

  • Led web/mobile/banking tests; uncovered 200+ critical vulnerabilities across financial apps.
  • Built Python automations for WAF bypass evaluation, reducing manual test time 40%.
  • Delivered remediation-ready reports that accelerated patch workflows.

Penetration Tester – Faraz Pajohan

Tehran, Iran • Nov 2021 – Aug 2022

  • Secured high-traffic fintech platforms; prevented potential data leaks impacting 10,000+ users.
  • Identified API/cloud misconfigurations and built in-house recon scripts improving enumeration 60%.

Software Developer – Aren

Tehran, Iran • Mar 2019 – Apr 2020

  • Built scalable Node.js + Angular apps serving 5,000+ users.
  • Partnered with security to embed secure coding practices.

Independent Security Researcher / Bug Bounty Hunter

Apr 2020 – Nov 2021

  • Performed vulnerability research/exploit development on high-profile web apps.
  • Reported multiple critical findings via HackerOne/Bugcrowd.
  • Created Python-based automation tools for recon & CVE detection.

Selected Projects

CVE Detection Tool

Stack: Python, Playwright, PostgreSQL

Automated crawling and CVE testing for enterprise systems, integrated with alerting.

403 Bypass Automation Framework

Built toolset to evaluate WAF protections across internal systems, reducing bypass testing effort by 50%.

Recon Automation Suite

Stack: Go & Python

Automated subdomain enumeration, path discovery, and exploit testing.

Certifications

🐧

LPIC-303

Linux Professional Institute

Active
🐧

LPIC-2

Linux Professional Institute

Active
🐧

LPIC-1

Linux Professional Institute

Active
🔒

Web Hacking Expert

Security Certification

Active
☁️

AWS Security Champion

Amazon Web Services

Active
🛡️

OWASP Top 10

Web Application Vulnerabilities

Active

Languages

Persian (Native) • English (Professional/Fluent) • German (A1) • Japanese (Basic) • Spanish (Basic)

Education

B.Sc., Computer Science / IT — in progress • Elmi-Karbordi, Qaemshahr, Iran
Expected graduation: 2027

Send me a message