Security Engineer & Researcher | UNO Cyber Center [Jan, 2021 - Present]

• Security Tool Development (ANOC & RADAR): Engineered ANOC (Generalized NoSQL Carver) and RADAR (Audit Reconciliation) to recover active/deleted/modified records and flag unauthorized operations by correlating recovered artifacts with audit logs, without relying on database APIs; validated across 10 NoSQL databases, achieving 487 MB/min processing throughput.
• AI/ML Memory Forensics: Developed an ML model that reverse-engineers executed SQL queries directly from process memory with >90% accuracy, enabling post-incident analysis even when logging is disabled.
• Insider Threat Detection: Developed LLM-based methods to correlate system/application logs with user-action audit events for insider-threat detection, achieving >95% accuracy on the CERT dataset.
• Technical Validation: Published and presented results at security conferences; produced reproducible benchmarks, evidence reports, and visuals.

Information Security Engineer [Mar, 2017 – Dec, 2020]

(Secured National Infrastructure: Dhaka Metro Rail & International Airport)

• Network Security: Designed and secured enterprise network architectures for national infrastructure projects (Dhaka Metro Rail & International Airports) supporting 500+ engineers and staff. Configured Cisco and MikroTik routers, switches, firewalls, and VPN tunnels, enforcing strict VLAN segmentation and Access Control Lists (ACLs) to reduce network security incidents by 30%.
• Identity & Access Management (IAM): Administered Active Directory (AD) and Lightweight Directory Access Protocol (LDAP); implemented Role-Based Access Control (RBAC) and Group Policy Objects (GPO) to enforce least-privilege access. Applied Windows/Linux hardening baselines to reduce insider-threat and misconfiguration risk.
• Threat Monitoring & Infrastructure Security: Managed high-availability data centers (Blade servers, RAID 10 SAN/NAS, secure Virtual Desktop Infrastructure (VDI)) and deployed Splunk SIEM and EDR agents across hundreds of endpoints, reducing malware incidents by 25%.
• Security Governance & Compliance: Authored core security documentation (architecture, Disaster Recovery plans, change-control) and established the company's first file security framework to enforce confidentiality and meet international government compliance.

Software Engineer Intern [Jul, 2016 - Dec, 2016]

• Requirements & System Design: Architected backend database schemas (ERD) and system workflows (UML) for new client applications, reducing development rework by 25% and accelerating production delivery.
• Full-Stack Web Development: Developed client web applications and the official company site using PHP, JavaScript, MySQL, and WordPress, improving page load speeds by 18% through front-end optimization.
• Web Application Security: Remediated critical web vulnerabilities (including SQLi, XSS, and broken authentication) via systematic code reviews, reducing reported application bugs by 20%.