Open to opportunities

Yassir Khaddir

@yassirkhaddir

Senior AppSec & DevSecOps Engineer and de facto team lead, automating vulnerability triage and CI/CD security across apps.

Morocco

Message

What I'm looking for

I’m looking for an AppSec/DevSecOps role where I can lead vulnerability triage, automate CI/CD security and compliance evidence, and partner with engineering to reduce risk quickly with measurable KRI/KPI outcomes.

I’m a Senior Application Security (AppSec) and DevSecOps Engineer with 5+ years securing enterprise-scale applications in regulated industries like insurance and finance. I embed security across the full CI/CD lifecycle, turning noisy findings into clear risk signals for leadership.

Experience

Work history, roles, and key accomplishments

Current

DevSecOps & AppSec Lead

Current

CPL Network

Aug 2022 - Present (3 years 9 months)

Led a 7-person AppSec team (4 SAST, 3 DAST analysts) serving as the single authority for vulnerability triage and false-positive decisions across 200+ enterprise applications. Integrated SAST/DAST/SCA into CI/CD and automated KRI/KPI dashboards, reducing high-risk vulnerabilities by 99% while achieving 100% pipeline security coverage.

SAST CI CD Security Integration Checkmarx SonarQube OWASP Dependency Check Jenkins GitHub Actions

Cybersecurity Engineer

RIBATIS

Dec 2021 - Aug 2022 (8 months)

Defined IT security policies and a business continuity plan, improving organizational resilience and compliance posture. Built secure monitoring and SDLC foundations by integrating ModSecurity/F5 WAF into ELK, deploying Wazuh SIEM, and adding SonarQube/OWASP ZAP/Dependency-Check into CI/CD pipelines.

IT Security Business Continuity Planning ModSecurity & F5 WAF Logging ELK Stack Ansible OS Hardening Wazuh Elastic Stack Dashboards Secure SDLC OWASP ZAP

Blockchain Security Engineer

CULTYDATA

Dec 2020 - Aug 2021 (8 months)

Designed a secure crypto API using encryption and multi-signature authentication with Python and Polkadot. Conducted threat modeling and vulnerability assessments for blockchain applications, reaching finalist status in the 2021 Smart Port Challenge Hackathon.

Blockchain Security Encryption Python Polkadot Threat Modeling Vulnerability Assessment