Passionate about breaking things to make them stronger, I work as an Offensive Security Research Engineer at bKash Limited, securing the largest Mobile Financial Service (MFS) platform in Bangladesh with 80M+ users, 300K+ merchants, and 500K+ agents.

I specialize in Mobile, Web and API penetration testing, ensuring security across 10+ mobile apps and 70+ web applications. My work directly mitigates financial fraud, protects PII, and strengthens attack surface management using tools like Burp Suite, Frida, Mandiant, and Tenable One. I also manage SAST/DAST pipelines using Snyk and Burp Suite Enterprise to automate security testing and proactively detect vulnerabilities before they become threats.

Beyond security, I’m deeply interested in DevOps, SRE, and Platform Engineering, leveraging my knowledge in Kubernetes, Terraform, Pulumi, and Infrastructure as Code (IaC). I’ve worked on Kubernetes-based monitoring solutions using FastAPI, InfluxDB, and Grafana and built internal security automation tools.

‍♀️ ?

✔️ & – Automating security practices within CI/CD.

✔️ & – Building secure, scalable, and self-healing infrastructure.

✔️ – From hacking systems to building reliable platforms.

I’m actively transitioning into DevOps / SRE / Platform Engineering, bringing a security-first mindset to infrastructure automation. If you're into AppSec, DevSecOps, Kubernetes, or SRE, let’s connect! Always up for a tech discussion or a quick coffee chat. ☕