mohamedalyamin.com~/home
↓ CV
Mohamed Aly Amin
Available — freelance / full-time
~ $ whoami
Security & Infrastructure Engineering

Mohamed Aly Amin

I work where security meets systems: formed and led a six-engineer DevSecOps team, sole-built a real-time Go detection engine, and first-authored a peer-reviewed intrusion-detection paper (AINA 2024, Springer).

open-to DevSecOps · Platform/Backend (Go) · Security · Tech Lead
location Ankara — Istanbul / relocation / remote
languages Arabic (native) · English (C1) · Turkish (B2)
01impact --measured

Numbers that survived review.

~400k/s
security events — Go detection engine, 80+ sources
98.11%
IDS accuracy — first-author, AINA 2024 (Springer)
3 mo
SIEM/SOAR MVP shipped vs 6–12 mo company norm
6 eng
DevSecOps team formed, led, and trained
02experience --core

Experience

Jan 2023 — Present
project-based
Security & Software Engineer
INDEPENDENT / FREELANCE
  • Sole-built the 10-microservice PHP/Laravel rebuild of a live housing-listings platform (270k registered users, 360k+ cumulative listings) on AWS (EC2, RDS, S3); rebuild currently in staging.
  • Built protocol adapters (OCPP for EV chargers, SunSpec/Modbus for solar inverters, IEC 62056 for smart meters) to normalize multi-vendor energy-device data for a smart-grid monitoring stack (InfluxDB, Grafana).
Aug 2024 — May 2025
R&D Engineer — Cybersecurity
DOLUSOFT
  • Sustained ~400k events/sec by sole-designing and building a modular real-time filtering engine in Go, ingesting security events from 80+ sources (Kafka in, filter/aggregate, ClickHouse out, Redis-backed state, OpenTelemetry tracing).
  • Designed chained, first-seen, and z-score anomaly-detection rules in a configurable detection engine to cut false-positive noise.
  • Built a Go multi-channel alerting service (Slack, email, webhook) with rate limiting and policy-based routing for faster incident response.
Dec 2023 — Apr 2024
contract
Technical Consultant
CASTRUM
  • Assessed the codebases, architecture, and technical risk of 15-20 startup ventures to support investment decisions.
  • Joined investor meetings and produced feasibility assessments for prospective deals.
Sep 2023 — Jul 2024
contract
Web3 Security Engineer / DevSecOps
SARDIS
  • Investigated and remediated a security incident on the network's web infrastructure.
  • Reviewed and redesigned infrastructure, and quality-reviewed smart contracts written by the core team.
  • Top contributor to the network's StakeDex staking-platform frontend (7 commits, TypeScript).
Jan 2022 — Apr 2025
part-time
Research Assistant (TÜBİTAK-funded)
MIDDLE EAST TECHNICAL UNIVERSITY (METU)
  • Reached 98.11% intrusion-detection accuracy by developing an SGD one-class SVM model for containerized microservices; first-author publication at AINA 2024 (Springer).
  • Created a container-specific vulnerability dataset for Kubernetes environments as part of the AINA 2024 work.
  • Built the end-to-end GPU training pipeline (GPU-enabled Kubernetes cluster, dataset curation, evaluation) for the DIONA graduation project, shared with the AINA intrusion-detection research.
Jul 2021 — May 2022
Cyber Security Specialist (Tech Lead — OSSArch)
INTERPROBE BILGI TEKNOLOJILERI
  • Shipped an MVP SIEM/SOAR platform (OSSArch) in 3 months, against the company's 6-12 month norm, by forming and technically leading a 6-engineer DevSecOps team (TDD, DDD, daily agile).
  • Automated threat enrichment by integrating ELK, Wazuh, TheHive, Cortex, MISP, and Suricata with OSINT feeds (VirusTotal, AlienVault OTX).
  • Deployed EDR/EPP, WAF, and DNS-security solutions for enterprise clients, including a defense contractor and a municipality, and ran a penetration test for the municipal client.
  • Trained 4 engineers and ASELSAN partners; taught Introduction to Cybersecurity as visiting lecturer at Istanbul Aydın University; ran pre-sales demos/POCs at GISEC Dubai.
Jun 2019 — Jan 2020
Sales / IT Manager
APPLY CENTER (STARTUP)
  • Administered the company's Zoho CRM and ran its social media as Sales/IT Manager.
  • Worked with Odoo/Zoho ERP tooling across sales and IT operations.
Apr 2016 — Jan 2019
volunteer
Chairman
METU INTERNATIONAL STUDENT ASSOCIATION
  • Led the 200+ member International Student Association at METU; worked alongside NGOs on student integration.
  • Organized 5+ events including the 'Joining Efforts for Refugees' conference (METU, ASAM, HÜGO).
Jul 2018 — Sep 2018
Business Development Analyst
BORAQ-GROUP
  • Developed proposals and pitched them to leads and prospective clients.
  • Maintained business relationships and CRM records through direct and indirect research and market analysis.
Education
Class of 2023
Middle East Technical University (METU)
Ankara, Turkey

BSc Computer Engineering, Cyber Security specialization. Türkiye Bursları (Turkish Government Scholarship) recipient. Graduation project: DIONA — built the end-to-end MLOps/GPU training pipeline for an LSTM intrusion-detection system. Built a containerized MPLAB X development environment used by METU embedded-systems students.

03projects --selected

Selected work

2024 – 2025

Real-Time Detection Engine (Go)

Kafka → ClickHouse stream-processing engine at ~400k events/sec with Redis state, OpenTelemetry observability, and a configurable detection + alerting rule engine.

2022 – 2025

DIONA — LSTM Intrusion-Detection System

Graduation project (BSc, METU); built the end-to-end MLOps pipeline (GPU-enabled Kubernetes cluster, dataset curation, training, evaluation). Ran an enterprise pilot at Koç Sistem (Azure Sentinel/Defender integration phase). Ecosystem repos: ML training engine, GPU-LSTM prediction engine, and a Kubernetes IoT monitoring stack (ai4iot).

github ↗ · docs ↗
2024

SmartGridLedger — Permissioned Blockchain (Hyperledger Fabric)

Authored original multi-org Fabric chaincode (TypeScript) on a Kubernetes + Istio network for secure energy-distribution settlement; published at MedPower 2024 (TÜBİTAK-funded).

docs ↗
2021 – 2022

OSSArch — Open-Source SIEM/SOAR Platform

Modular NOC/SOC platform with tiered packaging (Zero-Dollar, Pro, Enterprise), built entirely on open source: TheHive, Cortex, MISP, ELK/Beats, Grafana, Snort, Wazuh, Zabbix, pfSense — with OSINT enrichment from VirusTotal and AlienVault OTX. Designed and delivered by the 6-engineer team formed and led at Interprobe.

2022

Container Security Vulnerability Assessment

Security assessment of microservices applications (Pitstop, Robot Shop, Kubernetes Goat); identified and documented SQL injection, NoSQL injection, RabbitMQ, and SMTP vulnerabilities. Groundwork for the AINA 2024 container-security research — presented at the international conference in Japan.

»Open source
PR
waybar-crypto

PR #105 (merged): custom formatting options — global and per-coin format strings, case-sensitive ticker support.

tool
mplabx-ide-odtu

Containerized MPLAB X development environment, used by METU embedded-systems students.

fork
rpi-os-custom-image-with-sensors

Maintained fork, +14 commits: Raspberry Pi OS images with sensor simulation for IoT test environments.

04skills --grouped

Skills

»Security & DevSecOps
DevSecOpssecure SDLCSAST/DAST/SCASIEM/SOAR (ELK · Wazuh · TheHive · MISP · Suricata · Sentinel)detection engineeringMITRE ATT&CKthreat huntingred/blue teamBurp · ZAP · Nmap · MetasploitFortiGate (NGFW)ISO 27001GDPR & CIS (familiarity)
»Cloud & Infrastructure
Kubernetes (Helm · Istio)DockerTerraformAnsibleAWS (IAM)CI/CD · GitOpsOpenTelemetryPrometheus · GrafanaProxmox
»Backend & Streaming
GoPythonC#TypeScriptBashKafkaClickHouseRedisPostgreSQLgRPC · RESTevent-driven
»Applied ML & Data
PyTorchTensorFlowscikit-learnMLOps (GPU K8s)anomaly detectionLSTM
»Fintech & DLT
technical due diligenceHyperledger Fabric (chaincode)transaction-grade streamingPCI DSS & SOC 2 (familiarity)
»Certifications
planned 2026: AWS Solutions Architect – Associatethen CKA
»Languages
Arabic (native)English (C1)Turkish (B2)
05research --published

Research

AINA 2024
Springer
Misuse Detection and Response for Orchestrated Microservices Based Software
Mohamed Aly Amin · Adnan Harun Dogan · Elif Sena Kuru · Yigit Sever · Pelin Angin
springer ↗
Presented in Japan. Supported by TÜBİTAK Grant #120E537 and the TÜBA GEBİP Program.
MedPower
2024
Permissioned Blockchain-Based Monitoring Framework for DER-Integrated Distribution Networks
Pelin Angin · et al. (incl. Mohamed Aly Amin)
TÜBİTAK Grant #120E537.
06honors --awarded

Honors

2012
International Chemistry Olympiad (IChO) 2012
Egypt national team, competition held in Washington, D.C.; certificate of participation (no medal).
2014
Türkiye Bursları (Turkish Government Scholarship), 2014
Funded his BSc studies at Middle East Technical University (METU).
2018
MIT Enterprise Forum Pan-Arab — Finalist, January 2018
Finalist team; three-day intensive entrepreneurship program (Amman, Jordan).
07services --list

Services

01

DevSecOps & Cloud Security

CI/CD hardening, SIEM/SOAR on open-source stacks (ELK, Wazuh, TheHive), Kubernetes and Terraform infrastructure, AWS security.

02

Go Backend & Streaming Systems

Real-time pipelines in Go with Kafka, ClickHouse, and Redis; built a filtering engine sustaining ~400k events/sec with OpenTelemetry tracing end to end.

03

Security Assessment & Technical Due Diligence

Architecture and code review, penetration-testing tooling, and technical due diligence on venture investments (15+ ventures assessed).

04

Detection Engineering & Security-ML

Anomaly-detection rules and models (one-class SVM, LSTM), detection-as-code on open-source SIEM stacks, and MLOps pipelines on GPU Kubernetes.

05

Web3 Development

Permissioned blockchain development on Hyperledger Fabric: multi-org chaincode in TypeScript on Kubernetes, published at MedPower 2024 (SmartGridLedger).

06

Blockchain Security

Smart-contract and chaincode review, permissioned-network security, and technical risk assessment of crypto ventures.

08writing --latest

Writing

2026-04-18
Archiving Claude Copilot

I archived Claude Copilot this spring. It deserves a proper goodbye instead of a quiet …

2025-06-10
The 400k events/sec engine

I spent most of the last year building one thing: a real-time filtering engine in Go that …

all posts →
09contact --open

Get in touch

emailcontact@mohamedalyamin.com
baseÇankaya/Ankara — Istanbul · relocation · remote
statusAvailable — freelance / full-time
elsewhereLinkedIn · GitHub · Telegram
1 stylesheet · 0 frameworks · plex mono/sans/serif · name-mark: Muhammad/Ali ambigram (Juzer/Gothika, CC BY-SA 3.0) last updated 2026-07-16