Hello, I'm

AbdulRazaqSuleiman

Ant1g3n

Application Security Engineer

I help teams ship secure software with confidence through threat modeling, secure design, secure code review, DevSecOps, and hands-on application security testing.

  • Secure SDLC
  • Threat Modeling
  • Product Security
  • API Security
  • DevSecOps
  • Offensive Security
4+Years Security Experience
15+Web Apps Tested
50+Critical Bugs Found
Application Security Engineer

Application Security
Engineer

As an Application Security Engineer, I embed security across the full software lifecycle, from Secure SDLC and Threat Modeling to Product Security, DevSecOps, and hands-on Offensive Security.

I bridge defensive engineering with rigorous attack simulation, including penetration testing, vulnerability research, and security architecture, to validate controls, accelerate secure delivery, and find what automated tools miss before adversaries do.

🔒

Secure SDLC

Security embedded across design, build, and release with threat modeling early in the process

🎯

Threat Modeling

Systematic risk identification using STRIDE, MITRE's CAPEC, ATT&CK, OWASP Libraries and LINDDUN for privacy-focused threat analysis

🛡️

Product Security

Protecting applications, APIs, and user data at scale with secure architecture

🔑

API Security

Securing APIs from design to production deployment with OAuth2, JWT, and OWASP API Top 10

⚙️

DevSecOps

Automated security gates in CI/CD pipelines with SAST, SCA, and DAST

🔴

Offensive Security

Penetration testing and attack simulation for web applications and APIs

📊

SAST/SCA/DAST

Static, Software Composition Analysis, and Dynamic Application Security Testing

🔍

Secure Code Review

Manual and automated code audits for vulnerabilities in web applications and APIs

🔬

Vulnerability Research

Deep diving to discover and exploit complex security flaws before adversaries

My Approach

Security Assessment Services

I help organizations secure web and API-driven applications through a combination of defensive engineering and offensive security testing. From threat modeling and secure SDLC to penetration testing and DevSecOps, I work with teams to identify and mitigate risks early, ensuring systems are secure by design.

🌐

Web Application Penetration Testing

Comprehensive offensive security testing of web applications. I conduct deep reconnaissance, manual vulnerability exploitation, and proof-of-concept development to identify critical security flaws including injection attacks, authentication bypasses, and authorization vulnerabilities.

Manual ExploitationOWASP Top 10 TestingProof-of-Concept Development
🔌

API Security Testing

Specialized penetration testing of REST and GraphQL APIs. I identify authentication bypasses, authorization flaws, insecure direct object references, and data exposure vulnerabilities through manual testing and custom tooling.

REST API TestingGraphQL SecurityAuthentication Bypass
�️

Threat Modeling & Secure SDLC

Embed security into the software development lifecycle from day one. I conduct threat modeling using STRIDE, MITRE's CAPEC, ATT&CK, OWASP Libraries and LINDDUN frameworks to identify risks before code is written, and implement secure SDLC practices.

Threat Modeling WorkshopsSecurity Requirements EngineeringSecure Design Reviews
⚙️

DevSecOps & Security Automation

Automate security gates in CI/CD pipelines with SAST, SCA, and DAST to catch vulnerabilities early. I help teams integrate security into their existing workflows without slowing them down.

SAST/SCA/DAST IntegrationCI/CD Pipeline SecuritySecurity Automation
🔍

Secure Code Reviews

Manual and automated code audits to identify vulnerabilities in web applications and APIs. I look for security flaws that automated scanners often miss, focusing on secure coding practices.

Manual Code AuditsSecure Coding GuidanceVulnerability Remediation
🔬

Product Security & Architecture

Design and build security into products from the ground up. I work with product teams to ensure applications, APIs, and user data are protected at scale through robust security architecture.

Security Architecture ReviewProduct Security StrategyData Protection Controls
Professional Track Record

Professional Experience

Loading experiences...

🏆Certifications

Professional Credentials

🚀Let's Talk

Let's Discuss
Your Security Needs

I help teams strengthen their application security program, from Secure SDLC and Threat Modeling to Product Security, DevSecOps, and Offensive Security testing.