Open to opportunities

Sumayyah Ajike Zubair

@sumayyahajikezubair

Cybersecurity Analyst focused on SOC monitoring, application security, and incident response with DevSecOps-driven assurance.

Nigeria

Message

What I'm looking for

I’m seeking remote security roles where I can run SOC monitoring, improve incident response, and strengthen application security through DevSecOps pipelines and clear security documentation.

I’m a First Class Honours Software Engineering graduate and NYSC Corps Member with hands-on expertise in cybersecurity, application security, and IT security operations. I bring a structured, analytical mindset to threat detection, incident response, and security documentation—ready to deliver immediate value in remote security roles.

In SOC and incident response work, I leverage SIEM monitoring and log analysis to triage alerts and support investigation workflows aligned to NIST CSF. I’ve built lab-ready detections using Wazuh (Indexer, Dashboard, Manager) and emulated kernel-level threats to validate detection fidelity through threat hunting.

For application security and secure delivery, I integrate vulnerability assessment into CI/CD using Semgrep (SAST) and Gitleaks (secrets detection), then run DAST with OWASP ZAP against Dockerised applications. I also produce OWASP-aligned remediation reporting with risk ratings, evidence, and prioritized mitigations.

I’m actively strengthening my foundation through programs like SheCode Africa and ongoing CompTIA Security+ while completing ISO 27001 foundations. I enjoy turning security insights into practical controls—pipelines, detections, and incident tracking—so teams can detect, contain, and remediate faster.

Experience

Work history, roles, and key accomplishments

DevSecOps Security Pipeline

Personal Lab

Jan 2025 - Jan 2026 (1 year)

Integrated Semgrep (SAST) and Gitleaks (secrets detection) into a CI/CD pipeline to catch credential leaks and code vulnerabilities pre-deployment. Conducted DAST against Dockerised apps using OWASP ZAP and configured TheHive for end-to-end incident tracking.

Semgrep Gitleaks CI CD Pipelines OWASP ZAP Docker SAST DAST Secret Detection

Wazuh Rootkit Detection Lab

Personal Lab

Jan 2025 - Present (1 year 5 months)

Deployed a full Wazuh stack (Indexer, Dashboard, Manager) on Kali Linux and configured Ubuntu agents for integrity monitoring via custom rootcheck intervals. Emulated a kernel-mode rootkit and validated SIEM detection of hidden processes and kernel modules through threat-hunting dashboards.

Wazuh SIEM Indexing Rootcheck Threat Hunting Kali Linux Ubuntu Agents

DVWA Vulnerability Assessment

Personal Lab

Jan 2025 - Present (1 year 5 months)

Performed vulnerability assessment on DVWA, identifying critical SQL Injection and Command Injection issues. Produced an OWASP-aligned remediation report with risk ratings and prioritized mitigations, scoring 100/100 on the assessment.

SQL Injection Command Injection Vulnerability Assessment OWASP Top 10 Risk Scores

SSH Brute-Force Log Analysis

Personal Lab

Jan 2025 - Present (1 year 5 months)

Built Splunk SPL queries to identify malicious IPs from SSH logs and created real-time dashboards with automated alerts. Tuned detection logic to distinguish false positives from active threats.

Splunk Dashboards Alerting Threat Detection

Education

Degrees, certifications, and relevant coursework

Nigerian National Youth Service Corps (NYSC)

NYSC Corps Member, National Service

2026 - 2027

NYSC Corps Member (Batch A, Stream 2) for the 2026/2027 service year.

Alhikmah University

Bachelor of Science in Software Engineering, Software Engineering

2021 - 2025

Grade: First Class Honours

B.Sc. in Software Engineering (First Class Honours), covering courses such as Software Security, System Architecture, Algorithms, and Database Management.