Open to opportunities

Ismail AlSahhar

@ismailalsahhar

Message

DevSecOps leader driving secure SDLC, threat modeling, and automation.

Egypt

Message

What I'm looking for

I seek senior DevSecOps or application security roles where I can lead secure SDLC adoption, mentor teams, implement automated security controls, and drive measurable risk reduction in collaborative, growth-oriented environments.

I am a DevSecOps and application security leader with a track record of building secure development programs and security operations teams across public and private sectors.

I created and implemented DevSecOps roadmaps, introduced automated SAST/SCA/DAST controls into CI/CD pipelines, and led PoCs and tool deployments including Fortify, SonarQube, OWASP ZAP, Veracode, Invicti, and Acunetix.

I founded and led a Security Operations Center, recruiting and training analysts, defining SOC processes, producing dashboards and metrics, and performing incident investigations and L3 escalations.

I teach and mentor developers and security champions, perform threat modeling and vulnerability management, and continuously improve secure coding practices to empower product teams to build secure software by default.

Experience

Work history, roles, and key accomplishments

Current

DevSecOps Manager

Current

Fawry Egypt

Jun 2024 - Present (1 year 4 months)

Created and executed a DevSecOps adoption plan, implemented Fortify for SAST/DAST, updated secure coding guidelines, and led POCs and training to embed secure programming and threat modeling across teams.

DevSecOps SAST DAST Fortify Secure Coding Threat Modeling Security Training Programs

Application Security Manager

UNRWA

Sep 2022 - Apr 2024 (1 year 7 months)

Defined a DevSecOps vision and drove SDLC security by embedding automated SCA, SAST, DAST, and secrets scanning into CI/CD, automating vulnerability scanning and empowering product teams to build secure software.

SDLC SAST DAST SCA SonarQube Veracode Vulnerability Management

Security Operation Center Manager

TechPal

May 2018 - Sep 2022 (4 years 4 months)

Founded and led a SOC, recruiting and training analysts, overseeing incident response and L3 escalation, and developing monitoring use cases, dashboards, and processes to improve threat detection and remediation.

SOC Incident Response Threat Modeling SIEM Penetration Testing Security Monitoring Team Leadership

Lecturer (Part-time)

Islamic University of Gaza

Sep 2018 - Jun 2020 (1 year 9 months)

Taught undergraduate graduation research modules and supervised student research projects in computer science topics.

Teaching Academic Mentoring Computer Science

Web Developer

AlManar for IT Solutions

Feb 2015 - May 2018 (3 years 3 months)

Remediated legacy code vulnerabilities, built dashboards and web features, integrated marketplaces and social APIs, and developed a planning system with automated testing via Selenium.

PHP Web Development APIs Dashboards Selenium Web Security

Network Security Engineer

TechPal

Jan 2014 - May 2018 (4 years 4 months)

Designed network segmentation and policies, implemented pfSense firewalls and OpenVPN for secure remote access, and conducted regular network security audits and risk assessments.

Network Security PFsense OpenVPN Segmentation Security Auditing Risk Assessment

Desktop Application Developer

AlManar for IT Solutions

Sep 2013 - Feb 2015 (1 year 5 months)

Developed a telephony archive system and a secure document transfer application, and contributed features to open-source encryption projects to enhance data protection.

Application Security Encryption Secure Document Handling System Design C

Network Security Engineer Intern

Ministry of Telecommunications and Information Technology

Sep 2012 - Sep 2013 (1 year)

Installed and tuned IDS/IPS (Snort, Barnyard), authored custom Snort rules, deployed software firewalls, and monitored and recorded security incidents.

Snort IDS Barnyard Intrusion Detection Security Monitoring