# Muhammad Hijazi > Software Engineer at GitHub Location: New York, New York, United States Profile: https://flows.cv/muhammadhijazi Experienced Software Engineer with a demonstrated history of working in the computer and network security industry. Skilled in Ruby, Automated Testing, Databases, and Behavior-Driven Development (BDD) practices. ## Work Experience ### Software Engineer @ GitHub Jan 2021 – Present - Built experiences allowing Security teams to quickly identify, delegate, and remediate leaked secrets, security vulnerabilities, and third party alerts. This included work to create dashboards for tracking security posture over time, identification of high risk code bases, quickly enabling security features across entire organizations, and building a query language that unifies these experiences and allows for a user to quickly find alerts and vulnerabilities of interest. - Implemented fine-grained access control for security products, allowing teams to create roles specifically designed to have access to view, manage, and configure security alerting for their repositories. - Built settings enforcing alert scanning policies across an entire GitHub enterprise, allowing security teams to ensure uniform compliance to security standards, while still providing flexibility for organization owners to make modifications if needed. - Delivered robust alerting around GitHub Code Scanning alerts, as well as third party static analysis tooling. This work allowed teams to quickly enable static analysis on their code base through a one-click setup process, gate PRs introducing vulnerabilities or violations, as well as providing remediation recommendations and CWE documentation directly in PRs or alerts to more easily shift left and empower devs to resolve security issues while freeing up security teams to focus on more challenging items. - Worked to scale Secret Scanning to GitHub enterprises, allowing organizations to identify leaked secrets in their code base from a variety of common services, as well as the ability to define custom tokens, worked to provide Push Protection across all code bases in an enterprise, ensuring that tokens are blocked before they could be pushed to GitHub, preventing secret leakage - Development followed a microservice architecture written in Go, Ruby, and TypeScript (React), with robust monitoring, linting, and testing across all three languages ### Software Engineer @ Bishop Fox Jan 2020 – Jan 2021 • Worked as part of a team to design and build an efficient system of micro-services that allowed us to map out the Attack Surface of FAANG sized organizations. • Built and maintained a single page application built using React that provided customers with both a high-level view of their companies Attack Surface as well as detailed views that clearly identified, the Attack Surface itself, as well as any vulnerabilities that had been detected in a clear and intuitive way. • Built a robust set of APIs that allowed both internal operators and external customers to leverage our data for more intensive analysis. • Worked to improve the performance of read and write operations against the Database for large datasets by optimizing both the queries used and the schema design itself. • Used RabbitMQ to provide efficient communication between micro-services. • Designed and ran a twice weekly bug triage meeting that quickly identified and escalated critical bugs while maintaining visibility on lower criticality issue, ensuring they were still worked on and resolved. • Established and led a Standards guild that identified, discussed, and published guidance for the engineering team to better deliver consistent, maintainable, well tested, and efficient software. ### DevOps Engineer @ Bishop Fox Jan 2019 – Jan 2020 | Atlanta, Georgia - Helped design and standup a micro-service driven architecture in AWS - Used Terraform to manage infrastructure across multiple projects - Collected metrics data across all services using Cloudwatch and Sumologic - Designed and maintained a set of dashboards in Sumologic aimed at helping engineers quickly find and diagnose issues in the system. Alerting was also provided to help notify on-call staff of critical issues. - Designed and maintained CI/CD pipelines in CricleCI that allowed the team to quickly test, publish, and deploy services to testing and production environments. Pipelines also provided quality of life features such as making sure the service version had been updated, linting, and warnings for deprecated libraries - Assisted in Development work as needed, mainly working in Go and Python projects. ### Software Engineer In Test (Dev Ops/Test Architecture) @ Cisco Jan 2018 – Jan 2019 | Alpharetta, GA Architect automation tests to be more uniform across the floor, allow for more code reuse, and be more consistent. Designed and wrote internal tools and libraries to allow automation test engineers to spend less time writing their own test beds and instead focus on writing high quality tests. Maintained testing infrastructure to allow teams to get feedback on their work more quickly and ensuring that bugs and missed requirements were caught early. Communicated with developers to help improve quality of unit tests. Trained teams on proper use of Gherkin, Cucumber, RSpec, and Ruby. ### Test Automation Engineer (Security and Compliance Team) @ Cisco Jan 2017 – Jan 2018 | Alpharetta, GA Designed and executed testing around Security Compliance (mainly FIPS and Common Criteria) for an enterprise grade product. Wrote internal tools to assist in more easily allowing teams to validate their work maintains compliance. Developed automation testing to efficiently check for and maintain compliance. Work involved heavy emphasis around proper use, storage, and exchange of X509 Certificates. Validation of system permissions and file rights. Validation of proper password storage. Trained teams on proper security practices. ### Software Developer In Test @ Manheim Inc (via Software Automation Professionals) Jan 2016 – Jan 2017 | Atlanta Developed and maintained automated tests for a Big Data vehicle information Database, API, and GUI. Implemented automation tests for ETL using Sequel framework Implemented automation tests for API using Cucumber and ActiveRecord Implemented automation test for GUI using Cucumber, Watir-Webdriver and taza Assisted in both development and QA roles as necessary Helped lead team scrums and trained team on use of Gherkin in writing acceptance criteria for better definitions of done Helped build and maintain pipelines ### Software Developer (Co-Op) @ Eze Software Group Jan 2015 – Jan 2015 | Alpharetta GA Developed and maintained automated tests for an electronic voting system. Implemented automation framework using a Page-­‐Object design pattern. Assisted developers in the development of product features. Heavily involved in the full production cycle including daily scrums, backlog grooming, and release deployments. Trained developers in using the automation framework to allow tests to be written and maintained by the entire team. Trained QA in running automated tests and identifying root cause of failures. ### Research Assistant @ Georgia state University Jan 2014 – Jan 2014 | Atlanta Designed and implemented drivers for geophones to be used on MSP430 microcontrollers to detect seismic activity. Ported a Real Time OS (RTOS) onto a MSP430 microcontroller. Assisted professors and graduate students with research, planning, design and implementation of various research projects. ## Education ### Computer Science Georgia State University ## Contact & Social - LinkedIn: https://linkedin.com/in/muhammad-hijazi-83a60882 - GitHub: https://github.com/mhijazi1 --- Source: https://flows.cv/muhammadhijazi JSON Resume: https://flows.cv/muhammadhijazi/resume.json Last updated: 2026-03-23