01
Initializing secure session…
Cyber
Sifur RahmanSecurity
Open to work
// intro
I secure digital systems, uncover vulnerabilities, and build modern web experiences — bridging offensive security with elegant engineering.
About
Bridging offense and craft
I help teams ship software that's both elegant and resilient — finding what breaks before adversaries do.
Mission
Make the web safer by combining the rigor of offensive security with the craft of product engineering.
Focus
OWASP Top 10, API security, business-logic flaws, and secure-by-design architectures.
Recognition
Acknowledged by 30+ companies in their security hall of fame.
Stack
React, Node, TypeScript, Tailwind — fluent in both the keyboard and the terminal.
- 2020
Discovered Cybersecurity
Fell in love with how systems break — and how to defend them. Started CTFs and HackTheBox.
- 2021
First Bounties
Reported responsibly-disclosed vulnerabilities to multiple platforms. Earned my first acknowledgements.
- 2022
Pentesting Professionally
Began conducting web application penetration tests for SMB clients across South Asia.
- 2023
Full-Stack Pivot
Expanded into React & Node to build the very tools and apps I was hardening.
- 2024
Independent Researcher
Now consulting, researching, and shipping — a security-first developer for modern teams.
Skills
The arsenal
A focused stack — battle-tested across audits, bounties, and production deploys.
// offensive
Cyber Security
- Web Application Security95%
- Penetration Testing92%
- Bug Bounty Hunting88%
- OWASP Top 1096%
- Vulnerability Assessment90%
- API Security87%
- Network Security82%
// engineering
Development
- JavaScript / TypeScript92%
- React90%
- Node.js85%
- Tailwind CSS94%
- HTML / CSS96%
// toolkit
Tools
- Burp Suite95%
- Nmap90%
- Wireshark80%
- Metasploit82%
- Linux92%
- Git90%
Projects
Selected work
Tools, audits and products built at the intersection of security and design.
0+
Security Assessments
0+
Projects Completed
0+
Vulnerabilities Found
0+
Happy Clients
Certifications
Credentials & recognition
Independently validated training across offensive security and web application defense.
Experience
A path through security & code
Years of hands-on work across audits, research, and shipping production software.
2023 — Present
Independent Security Researcher
Bug Bounty Programs
Continuously discover and responsibly disclose vulnerabilities across HackerOne, Bugcrowd, and private programs.
2022 — Present
Freelance Penetration Tester
Remote · Multiple Clients
Conduct web app pentests, API audits, and post-engagement consulting for startups across South Asia and EU.
2021 — Present
Full-Stack Developer
Freelance / Open Source
Ship React + Node products with a strong security baseline — auth, RBAC, secrets hygiene and threat modeling.
2022 — 2023
Security Analyst (Contract)
Confidential
Reviewed SaaS architectures, ran tabletop exercises, and authored the team's secure-coding playbook.
Services
How I can help
Engagements scoped to your team — from a single audit to an ongoing security partner.
Web Application Pentesting
Black-, grey- and white-box assessments with executive and developer-ready reporting.
Vulnerability Assessment
Continuous scanning and triage to keep your attack surface measurable and small.
Security Consulting
Threat modeling, secure SDLC, and architecture reviews tailored to your stack.
Website Development
Modern, fast, accessible React/Tailwind sites with a security-first baseline.
Security Audits
Code, infrastructure, and configuration audits aligned with OWASP / CIS benchmarks.
Bug Bounty Research
On-demand offensive research and responsible disclosure for your private program.
Testimonials
What people say
Selected words from founders and engineers I've worked with.
"Sifur found an authentication bypass our previous auditors missed. The report was actionable, prioritized, and shipped with patches we could apply the same day."
Amelia Carter
CTO · Northwind Labs
Contact
Let's build something secure
Have a project, audit, or research idea in mind? Tell me about it.