• Currently Staff Application Security Engineer at FortisGames Inc., leading security programs and SSDLC standardization for mobile gaming applications
• 6+ years experience in Application Security leadership including program development, team guidance, security tool benchmarking, and metrics-driven decision making
• Proven track record in DevSecOps implementation, security automation, shift-left practices, and cross-functional team collaboration
• Expertise in SAST, DAST, RASP, IAST, Container Security, Kubernetes Security, and Workload Protection across cloud environments (GCP, AWS)
• Strong background in security governance, policy creation, vulnerability management, and developer security training
• Experience in project management, matrix generation, benchmarking, and business-oriented security decision making
• Additional experience in Cloud Architecture, DevOps, Full-Stack Development, IoT, and Network Engineering
• Lead Application Security program, SSDLC, and standardization across mobile game development teams
• Closely work with the Application and DevOps Team to integrate and remediate SAST, DAST, RASP, IAST, and Workload Protection, and remediate findings from these tools and processes
• Responsible for Tools consolidation, benchmarking, and matrix generation that help to make business decisions to improve maturity in security posture
• Supporting team to develop reusable Application Security Libraries to standardize end-to-end DevSecOps and SSDLC best practices
• Responsible for promoting shift-left and automation practices to reduce repetitive, error-prone, and human resource-intensive tasks
• Guiding different Game teams to implement DevSecOps pipeline and automation of different security tools
• Guide Core teams and game teams to implement mobile SAST, DAST, and runtime protection
• Working in collaboration with the Pentest team to identify vulnerabilities and provide solutions to resolve them
• Responsible for choosing, benchmarking, and maintaining Container and Kubernetes Security Solution Provider and DevSecOps best practice in Container Orchestration.
• Supporting team to develop reusable Application Security Libraries to standardize end-to-end DevSecOps and SSDLC best practices.
• Responsible for Security Analysis, Benchmarking, and choosing SAST, DAST, and IAST solutions and advisory suggestions in security best practice for Jenkins, shared by major Application Teams in the Bank.
• Guiding different delivery towers and lines of business to remediate vulnerabilities and Application Security findings.
• Supporting teams for Developing and building DevSecOps pipeline and Integration of different security Tools in existing DevOps
• Policy creation for Kubernetes security and container runtime protection
• Working in collaboration with the Pentest team to identify application codebase vulnerabilities and provide solutions to resolve them.
• Responsible for developer training for secure coding practice and training content creation.
• Responsible for Application and Container Security Best Practice and Automation & Integration of Different Security Tools in DevSecOps context.
• Kubernetes and OpenShift Security Best Practice, Linux Hardening and Secure Implementation of Kafka.
• Advisory Support to different delivery towers or application teams in Security Best Practice, Finding vulnerabilities and Suggestion to resolve those.
• Development Initiative in building DevSecOps pipeline and Integration of different security Tools in existing DevOps
• Runtime protection, policy management in Application and Container level
• Hardening Unix Server, Secure configuration for IBM Barebones in collaboration with IBM team
• Worked in collaboration with the Development teams to identify and secure some major vulnerabilities in
secret management and environment configuration in some major and critical applications in the Bank.
• Detailed Security Analysis and Advisory suggestion in security best practice for Jenkins, shared by major Application Teams in the Bank.
• Responsible for Automatic deployment and Rollout Grunt task configuration and troubleshooting.
• Load Balancer configuration, implementation, and infrastructure autoscaling in Google Cloud Platform.
• New Microservice deployment using Docker both in Barebone instance and Kubernetes
• Shell Scripting to automate Cron Jobs
• LDAP server configuration SSO and SAML configuration for unifying Auth service in the infrastructure level
• Using StackDriver as a detailed Log Collection tool, Custom Log generation, and Dashboard Configuration
• Legacy network migration to Modern Virtual Private Cloud
• Linux administration and using it as a development and reproduction environment, shell scripting for automatic backup
• Automatic deployment configurations, troubleshooting and best practice suggestion to the users by hands-on reproduction of Jenkins environment with issues.
• Automatic agent configure for Puppet Master, Standalone Configuration, Manifest for Auto-scaling based on CPU and traffic utilization, Modules configuration, Certificate generation, Auto sign certificate configuration
• Using StackDriver as detailed Log Collection tool, Custom Log generation, and Dashboard Configuration
• Using Salesforce and JIRA as IT management tools, Bugenizer to report and monitor bugs
• Using GIT with GitHub, GitLab and Google Cloud repositories for version controlling
• Assisting with Deployment Configuration, troubleshooting coding and runtime issues for Python, Node.JS, and Java
• Big Data warehouse services like Big Query, Dataflow configuration and code troubleshooting in Google Cloud
• Work on and write reproduction code to raise bugs and provides guidelines for resolution
• Using Micro-service architecture in Docker-based environment and Kubernetes Cluster configuration
•Android App development and Micro-controller coding to collect sensor data to send the notification to the App when data reached a threshold.
• Single-handedly built Complete IOT products from hardware connection, coding microcontroller, built skeleton Andriod and IOS app for SmartWiFi configure,
Used Firebase as a Database, visually displayed sensor data in the Web and Mobile and trigger based on the data threshold
• Complete product design experience in Client-Server based application Node.JS running on the Cloud and React in the client.
• Bluetooth Module coding to establish communication between Micro-controller and Bluetooth module attached to sensors
• Provided extensive and bootstrap support in several Startup Companies like Heddoko, Maker Blocks and managed Crowdfunded Project SLA
• K. N. Sakib, M. Z. Kabir, and S. S. Williamson, "Cadmium telluride solar cell: From device modeling to system implementation"
2013 IEEE International Conference on Industrial Technology (ICIT), Cape Town, 2013, pp. 1561-1566.
• K. N. Sakib, M. Z. Kabir, and S. S. Williamson, "Cadmium telluride solar cell: From device modeling to electric vehicle battery management"
2013 IEEE Transportation Electrification Conference and Expo (ITEC), 2013 IEEE, Detroit, MI, USA
• Developed a tool with VB script for automation of GSM sites creation and configuration in Home Location Server(HLS).
• Troubleshooting Core Network, Analyzing GSM call flow for KPI improvement and Configuring GSM Softswitch.
• Cell/Site configuration, Transmission channel define, Configuring Transceiver
• Conducted Base Station Controller and Site creation in GSM switch/core and E1 addition
• Conducted Base Station Controller(BSC) and Location Area Code(LAC) planning
• Optimized Radio network, new site, and TRX planning for swap and expansion project
• Engineered KPI improvement through Drive Test log files and analyzing the results
• Facilitated Base Station Subsystem(BSS) engineers in radio interface problems.
• Master of Applied Science in Electrical and Computer Engineering, Concordia University - Montreal, Canada
• Bachelor of Science in Electrical and Electronic Engineering, Bangladesh University of Engineering and Technology
• Volunteer works and guided students in ISO, Concordia (Certificates)
• Student member of IEEE and awarded in the International Web-page Design Contest
• Served as BUET reporter in a prominent national daily Newspaper for more than 2 years during undergraduate
• Nominated as one of the 2001 World Champion Amateur Poets in 2001 Summer Convention Washington D.C., USA and poem had been recorded in ‘The Sound of Poetry’ released both in CD and Cassette tape.
Khalid Nazmus Sakib — knsakib@gmail.com — (514) - 994-4521