Nasir Devlani

Application Security Engineer | CEH | CTMP | ECES | CASP

Karāchi, Sindh, Pakistan

About

I’m a Security engineer with 9+ years of experience in Application Security, Software Engineering, and DevSecOps, enabling me to secure applications built with different languages (Java, Python, NodeJS, PHP, .NET) and frameworks. Being skilled in threat modeling, secure code reviews, and CI/CD pipeline integration, I also manage vulnerabilities end-to-end — from triage and prioritization to developer enablement and closure. I enjoy close communication and collaboration with developers and stakeholders to secure modern applications and build secure development lifecycles that scale with today’s engineering teams. My YouTube Channel focusing on Cybersecurity: https://www.youtube.com/@cyseceveryday

Experience

  • Founder + Software Engineer at Dylen
    Nov 2025 - Present · 8 mos

    - Developed an API-first platform with FastAPI, SvelteKit, PostgreSQL, and cloud-hosted containerized services. - Built an AI-powered learning platform that reduces prompt fatigue through structured, guided lesson and practice flows. - Designed state and orchestration flows to preserve context and progression across user interactions. - Implemented 20+ interactive widgets to reduce wall-of-text output in AI-driven learning.

  • Senior Software Security Engineer at TimeXperts Pvt. Ltd.
    Oct 2023 - Feb 2025 · 1 yr 5 mos

  • Vulnerability Researcher at GitLab
    Dec 2023 - Dec 2024 · 1 yr 1 mo

  • Health and well-being at Career Break
    Jul 2023 - Sep 2023 · 3 mos

    -- Sabbatical -- I took a sabbatical after resigning from my position at Luxoft. Some of the significant things I did during this time are: - Met up and reconnected with all my friends. - Traveled to Kuala Lumpur and took a cycling tour across the city. - Reconnected with myself through meditation and me-time. - Binge watched two tv shows. - Went on a short vacation with my family. - Started having dinner with my family again. - Explored areas of Penang and its partying destinations. - Took up a course on Udemy about Red Teaming. - Completed a course on Udemy about Threat Modeling. - Learned more about AWS cloud computing. - Revised my NLP Practitioner content by taking the live training again.

  • Application Security Analyst at Luxoft
    Jan 2023 - Jun 2023 · 6 mos

    - Perform code reviews for all new developments. - Identify defects and vulnerabilities in new and existing software products through: o Static code analysis using HPE-MicroFocus Fortify SCA o Manual penetration tests using Burp Suite - Development of recommendations for software developers for addressing the identified security flaws. - Review technical designs and suggest improvements to ensure the new features are secure by design. I also learned a bit of Russian and Malay during this time as my entire team was comprised of Russians.