Nurul Faiyaz — DevSecOps Engineer

01 — About Me

Where Security
Meets Quality

I'm Nurul Faiyaz, a DevSecOps Engineer currently pursuing my BSc in Computer Science & Engineering at East West University, Dhaka.

My expertise lives at the intersection of Software Quality Assurance and Cloud Infrastructure Security. From architecting test automation frameworks to enforcing Zero Trust policies in FinTech and Healthcare environments, I translate complex security challenges into robust engineering solutions.

I believe that security and quality aren't constraints — they're competitive advantages embedded into every line of code and every pipeline stage.

🏫 SSC 2020 — GPA 5.00 🎓 HSC 2022 — GPA 5.00 💻 BSc CSE — EWU

Zero Trust Security

PCI-DSS & HIPAA compliant environments, IAM with PoLP/RBAC

Multi-Cloud Infrastructure

AWS · Azure · GCP — VPC design, KMS encryption, posture hardening

Test Automation Architect

Selenium · Cypress · Playwright · Postman · scalable SDLC/STLC design

CI/CD Security Integration

Jenkins · GitHub Actions · Docker · Kubernetes · Terraform

02 — Competencies

Skills & Technologies

QA & Automation

Selenium90%

Cypress85%

Playwright82%

Postman / API88%

Cloud Security

AWS88%

Azure80%

IAM / RBAC92%

GCP / KMS75%

DevSecOps / CI-CD

Jenkins86%

GitHub Actions90%

Docker / K8s85%

Terraform78%

Soft Skills

Communication Leadership Adaptability Problem-Solving Teamwork Agile/Scrum EI/Empathy Time Mgmt Risk Assessment Incident Triage

PROGRAMMING LANGUAGES

Java

Python

JavaScript

Kotlin

SQL

03 — Work History

Professional Experience

Security Automation & QA Manager

FinTech / Enterprise Domain

2022 — Present

Directed end-to-end SDLC/STLC processes across multi-disciplinary engineering teams. Integrated static (SAST) and dynamic (DAST) security scanners into CI/CD pipelines, achieving a measurable reduction in post-deployment vulnerabilities. Championed shift-left security practices and led monthly threat modelling workshops.

SAST/DASTCI/CDJenkins Shift-Left SecurityThreat Modelling

Cloud Security Administrator

Healthcare / Enterprise Domain

2021 — 2022

Managed daily cloud security posture across AWS and Azure environments. Hardened Linux server configurations and ERP systems against CVEs. Ensured continuous compliance with PCI-DSS and HIPAA standards through automated audit pipelines and real-time vulnerability dashboards.

AWSAzurePCI-DSS HIPAALinux HardeningIAM

SDET — Emergency Services Platform

Critical Infrastructure

2020 — 2021

Architected scalable test automation frameworks for mission-critical emergency networks requiring 99.9% uptime SLAs. Conducted rigorous functional, regression, performance, and security testing cycles. Collaborated with cross-functional teams under strict Agile/Scrum governance.

SeleniumPlaywright99.9% SLA Regression TestingAgile/Scrum