Principle Mobile Engineer with a strong understanding of agile mobile development Extensively experienced with Android (Kotlin), Flutter (Dart), GCP, AWS, Azure, Built mobile solutions for fortune 500 companies including Pearson, Google, and Shopify. I enjoy finding the best way to solve technical challenges.
Architected E2E encryption and Cloud KMS key management across mobile clients and GCP services, eliminating plaintext data exposure in all environments.
Built mobile CI/CD pipelines with SAST, coverage gates, and dependency scanning, enforcing shift-left security and reducing production defects.
Hardened Flutter apps with secure storage, biometric auth, obfuscation, and anti-tampering controls — achieving OWASP Mobile Top 10 compliance.
Led threat modeling, security audits, and penetration testing across mobile and GCP infrastructure, remediating critical vulnerabilities pre-release.
Enforced zero-trust auth, RBAC, and session management via Firebase Auth and GCP IAM across dev, staging, and production environments.
Drove incident response and vulnerability remediation workflows, reducing MTTR and strengthening post-incident process hardening.
Google Cloud Certified Professional Cloud Security Engineer — expertise in IAM, encryption, network security, and GCP workload hardening.
Enforced org-level security policies via Organization Policy Service and Security Command Center, maintaining compliance across all projects.
Deployed VPC Service Controls, Cloud Armor WAF, and Private Google Access to prevent data exfiltration and protect against DDoS attacks.
Managed CMEK strategies with Cloud KMS and Secret Manager across GCS, BigQuery, and Cloud SQL.
Implemented least-privilege IAM, service account governance, and Workload Identity Federation, eliminating long-lived credential exposure.
Built real-time threat detection using Security Command Center, Cloud Audit Logs, and Pub/Sub alerting pipelines.
United States
Technical ownership of the Credly Mobile applications and DevOps infrastructure.
Extensively experienced with native Flutter using Dart, Android using Kotlin/Java, and Web using JS
Build and maintain cloud hosted CI/CD pipelines for automatic deployment, as well as various types of testing including unit, integration, UI, security, static code analysis, and dynamic code analysis (with code coverage. (Using Snyk, SonarQube among others)
Extensively experienced with Fastlane, Github actions, Gitlab CI/CD scripting, and Jenkins CI/CD automation using Groovy, Docker and Kubernetes
Apply standard OOP design principles and industry standards to the Credly mobile application, emphasizing secure design patterns to enhance data protection and user privacy.
In charge of building security into the mobile architecture, DevOps infrastructure and engineering processes by creating scalable app-sec components
Perform risk rating, threat modeling, and regular security audits
Perform security testing including SAST, DAST, IAST, and creation of a Runtime Application Self Protection system
Build and maintain effective analytics monitoring using Firebase Analytics, Crashlytics, DataDog, ELK
Stay up-to-date with new trends and technologies in mobile security, discovering and integrating secure features to strengthen the Credly application.
Cross-Functional Collaboration: Liaise with product and design teams to build a high-quality, secure mobile experience that protects user data and maintains compliance with security standards.
Team Development: Mentor and grow the mobile engineering team, fostering a security-focused mindset by sharing knowledge and best practices for building secure, reliable applications.
New York, United States
Security Architecture Design and Review: Designing, reviewing, and updating
the security architecture for mobile applications and platforms. This includes
ensuring the security of both the mobile devices and the backend systems they
interact with.
Threat Modeling and Risk Assessment: Conducting threat modeling and risk
assessments for mobile applications and infrastructure. Identifying potential
threats and vulnerabilities and devising strategies to mitigate them.
Security Standards and Best Practices: Establishing and enforcing security
standards and best practices for mobile application development, deployment,
and maintenance. This may involve staying updated with the latest security
trends and technologies in the mobile space.
Secure Coding Guidance: Providing guidance on secure coding practices to
development teams. This can include overseeing code reviews and educating
developers on security-related concerns specific to mobile development.
Incident Response and Management: Leading incident response activities
in the event of a security breach or attack on the mobile infrastructure. This
includes investigation, containment, eradication, recovery, and post-incident
analysis.
Compliance and Regulatory Adherence: Ensuring mobile applications and
infrastructure comply with relevant laws, regulations, and industry standards
related to security and privacy (like GDPR, HIPAA, etc.).
Security Testing and Auditing: Overseeing and conducting security testing
of mobile applications, which can include penetration testing, vulnerability
scanning, and auditing of security controls.
2015 — 2018
Montreal, Quebec, Canada
Interfacing directly with our customers to evaluate, implement and operate any mobile solutions they require (Android and React Native)
Working with the development team to respond to any customer issues in a Level 3 capacity to perform deep diagnostics and root cause analysis. Resolving the issue with software patches if necessary or involving the development team as required.
Update schedules using standardized methodology based upon project goals as well as flag dependencies and priorities between tasks
Communicate project plan and progress to customers and stakeholders. Liaise with internal and external groups on issues requiring attention
2014 — 2015
Montreal, Quebec, Canada
GOLO - a mobile eCommerce platform for ordering and buying local. GOLO provides convenient mobile ordering for pickup or delivery from your favorite local shops.
Develop and uphold the GOLO app and libraries, including secure payment and ordering SDKs, ensuring robust security features are in place to safeguard user data.
Performance and Quality: Ensure the application performs optimally with end-to-end encryption and responsive UI. Adhering to industry security standards and protocols while maintaining continuous delivery.
Technical Specifications: Review and contribute to technical specs, with emphasis on implementing strong security protocols.
Bug Fixing and Improvement: Identify and fix security vulnerabilities while improving application performance.
Testing: Create secure test cases and automated tests to ensure high-quality, secure code.
Tools and Customization: Utilize Gradle, Maven, Proguard, and cross-platform tools to develop highly customizable and secure solutions.
API Updates: Stay updated with the latest secure APIs and implement them to enhance mobile security.
Continuous Integration: Run and maintain a continuous integration server (Jenkins), emphasizing secure deployment practices.
Agile Collaboration: Collaborate within a SCRUM team (sprint planning, standups, etc.) and manage a backlog of work items with a security-oriented mindset.
Cross-Functional Collaboration: Work with cross-functional teams to define, design, and ship new secure features.
Analytics and Monitoring: Design and monitor application usage and consumer behavior with analytics to identify potential security issues.
Continuous Discovery: Continuously discover, evaluate, and implement new secure technologies that can bolster mobile security.
Education
2002 — 2007
The American University in Cairo
Bachelor of Engineering - BE
2002 — 2007