Open to opportunities

Ibrahim User

@ibrahimuser7

Message

Security engineer specializing in penetration testing, secure SDLC, and application/cloud security.

Bangladesh

Message

What I'm looking for

I’m looking to build and lead security programs—penetration testing, threat modeling, and secure SDLC—helping teams ship resilient web, mobile, API, and cloud solutions with clear vulnerability remediation.

I’m a Security Engineer with a strong offensive security background, delivering penetration testing across web app, mobile app, network, API, and participating in red teaming and source code audit work. I embed security into product delivery by implementing Secure SDLC practices and supporting feature-wise secure architecture design and implementation.

In my current role, I conduct and coordinate penetration testing for OTA, e-commerce, courier service, and food delivery systems, and I help teams with remediation and patch implementation. Before that, I led application security efforts—performing API, Web, and Mobile penetration testing—and supported infrastructure R&D across ASOC, ASPM, and RBVM to enhance overall security posture while maintaining PCI DSS v4 compliance.

As a co-founder of PentesterSpace, I built and managed security operations, recruited and trained teams, and onboarded 30+ clients to proactively secure them. I also participated in crowdsource penetration testing and bug bounty programs (e.g., HackerOne, Bugcrowd, Yogosha, Intigriti), combining automation with practical threat modeling and vulnerability disclosure discipline.

Experience

Work history, roles, and key accomplishments

Current

Security Engineer

Current

Technonext Ltd

Oct 2025 - Present (8 months)

Coordinated penetration testing across OTA, e-commerce, courier service, and food delivery systems, supporting remediation and patch implementation. Contributed to secure feature-wise architecture and implemented Secure SDLC practices across the development lifecycle.

Penetration Testing Vulnerability Assessment Threat Modeling Web Application Security API Security

Application Security Engineer

SSLWireless

Oct 2024 - Sep 2025 (11 months)

Performed API, web, and mobile application penetration testing to improve application security. Led security posture enhancement efforts across ASOC/ASPM/RBVM and helped SSLCOMMERZ maintain PCI DSS v4 compliance.

API Testing Penetration Testing Mobile App Testing PCI Compliance Security Automation Infrastructure Security

Application Security Engineer (Offensive)

Technext

Jan 2022 - Sep 2024 (2 years 8 months)

Conducted penetration testing and managed a Vulnerability Disclosure Program (VDP). Partnered with Product, Engineering, and DevOps teams to ensure security and compliance specifications were applied throughout the Secure SDLC.

Penetration Testing Vulnerability Disclosure (VDP)Security Compliance API Security Web Security Threat Modeling

Co-Founder (PentesterSpace)

PentesterSpace

Jun 2019 - Feb 2024 (4 years 8 months)

Developed strategic plans to achieve business goals and recruited, trained, and managed pentesting teams. Onboarded 30+ clients and proactively secured them through delivered security assessments.

Team Leadership Security Assessments Client Onboarding Vulnerability Management Stakeholder Management Strategic Planning