Najam Ul Saqib

Co-Founder

Gujranwala, Punjab, Pakistan4 yrs 3 mos experience

Key Highlights

  • Founder of Exfiltra, specializing in cloud security.
  • Expert in embedding security into engineering workflows.
  • Led multiple teams in achieving SOC2 compliance.
Stackforce AI infers this person is a Cloud Security and Application Security expert with a focus on high-growth startups.

Contact

LinkedIn

Skills

Core Skills

Application SecurityCloud SecurityPenetration TestingFull-stack Development

Other Skills

Application Security ArchitectureContinuous DevSecOpsOffensive SecurityCloud HardeningArchitecture DesignVulnerability AssessmentIAMRBACSOC2 complianceDASTScrumGitTypeScriptTypeORMMicrosoft Defender

About

Most security problems donโ€™t exist because teams ignore security. ๐Ÿ‘‰ They exist because security is treated as a "final gate" rather than a continuous process. ๐—œ ๐˜„๐—ผ๐—ฟ๐—ธ ๐—ฎ๐˜ ๐˜๐—ต๐—ฒ ๐—ถ๐—ป๐˜๐—ฒ๐—ฟ๐˜€๐—ฒ๐—ฐ๐˜๐—ถ๐—ผ๐—ป ๐—ผ๐—ณ ๐—”๐—ฝ๐—ฝ๐—ฆ๐—ฒ๐—ฐ, ๐—–๐—น๐—ผ๐˜‚๐—ฑ ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†, ๐—ฎ๐—ป๐—ฑ ๐˜๐—ต๐—ฒ ๐—ฆ๐——๐—Ÿ๐—–. Iโ€™m the Founder of Exfiltra, where we take full ownership of your security posture so you can focus on scaling your business. We don't just hand you a PDF of vulnerabilities; we embed into your engineering workflow to fix them at the root. How we help high-growth teams Scale Securely: ๐Ÿ”น Continuous DevSecOps: Moving security into CI/CD with automated SAST/DAST guardrails. ๐Ÿ”น Offensive Security: Rigorous Pentesting and Vulnerability Assessments (VA) that go deeper than automated scanners. ๐Ÿ”น Cloud Hardening: Zero-Trust and IAM architecture reviews for AWS, Azure, and GCP. ๐Ÿ”น Architecture Design: Building security into your design and code reviews, not just SOC alerts. TอŸhอŸeอŸ อŸEอŸxอŸfอŸiอŸlอŸtอŸrอŸaอŸ อŸSอŸtอŸaอŸnอŸdอŸaอŸrอŸdอŸ: We donโ€™t use generalist IT staff. Every engineer at Exfiltra is a highly trained specialist focused on breaking and defending modern cloud-native applications. We provide the elite oversight of a full security department without the $200k/year FTE overhead. Why most teams fail at security: โ€ข They treat AppSec as a one-time pentest instead of a lifecycle. โ€ข Cloud security is owned by โ€œeveryoneโ€ and therefore no one. โ€ข They prioritize detection-first strategies while preventable issues ship every sprint. I believe security shouldn't slow you downโ€”it should give you the confidence to move faster.ย ๐Ÿ’ช ๐Ÿ›ก๏ธ Ready to eliminate your security debt? DM me!

Experience

4 yrs 3 mos
Total Experience
1 yr 5 mos
Average Tenure
--
Current Experience

Exfiltra

Founder

Sep 2025 โ€“ Present ยท 7 mos ยท Tallinn, Harjumaa, Estonia ยท Remote

  • ๐— ๐—ผ๐˜๐˜๐—ผ: ๐—ฆ๐—ฐ๐—ฎ๐—น๐—ฒ ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ฒ๐—น๐˜†!
  • Exfiltra provides end-to-end Security Ownership for high-growth startups and scale-ups. We believe founders should focus on product-market fit and scaling, not on managing security debt or worrying about the next breach. We don't just "consult"โ€”we embed into your team to handle the heavy lifting of application and cloud security.
  • OอŸuอŸrอŸ อŸCอŸoอŸrอŸeอŸ อŸDอŸeอŸlอŸiอŸvอŸeอŸrอŸyอŸ อŸPอŸiอŸlอŸlอŸaอŸrอŸsอŸ:อŸ
  • ๐˜–๐˜ง๐˜ง๐˜ฆ๐˜ฏ๐˜ด๐˜ช๐˜ท๐˜ฆ ๐˜š๐˜ฆ๐˜ค๐˜ถ๐˜ณ๐˜ช๐˜ต๐˜บ: Comprehensive Penetration Testing and Vulnerability Assessments (VA) to identify exploits before they hit production.
  • ๐˜๐˜ฏ๐˜ง๐˜ณ๐˜ข๐˜ด๐˜ต๐˜ณ๐˜ถ๐˜ค๐˜ต๐˜ถ๐˜ณ๐˜ฆ & ๐˜Š๐˜ญ๐˜ฐ๐˜ถ๐˜ฅ ๐˜๐˜ข๐˜ณ๐˜ฅ๐˜ฆ๐˜ฏ๐˜ช๐˜ฏ๐˜จ: Architectural reviews and Zero-Trust implementations across AWS, Azure, and GCP.
  • ๐˜Š๐˜ฐ๐˜ฏ๐˜ต๐˜ช๐˜ฏ๐˜ถ๐˜ฐ๐˜ถ๐˜ด ๐˜‹๐˜ฆ๐˜ท๐˜š๐˜ฆ๐˜ค๐˜–๐˜ฑ๐˜ด: Moving security into the pipeline with automated SAST (Static Analysis) and DAST (Dynamic Analysis) guardrails.
  • SDLC Engineering: Building security into design, code reviews, and deployments so itโ€™s "secure by design," not "bolted on."
  • The Exfiltra Standard: Our talent is not "generalist IT." Every engineer at Exfiltra is a highly trained security specialist with deep expertise in breaking and defending modern cloud-native applications. We provide the elite oversight of a full security department at a fraction of the cost of a $200k/year FTE.
  • ๐Ÿš€ ๐—ฆ๐˜๐—ผ๐—ฝ ๐—ฟ๐—ฒ๐—ฎ๐—ฐ๐˜๐—ถ๐—ป๐—ด ๐˜๐—ผ ๐˜๐—ต๐—ฟ๐—ฒ๐—ฎ๐˜๐˜€. ๐—ฆ๐˜๐—ฎ๐—ฟ๐˜ ๐˜€๐—ฐ๐—ฎ๐—น๐—ถ๐—ป๐—ด ๐˜„๐—ถ๐˜๐—ต ๐—ฐ๐—ผ๐—ป๐—ณ๐—ถ๐—ฑ๐—ฒ๐—ป๐—ฐ๐—ฒ!
Application Security ArchitectureContinuous DevSecOpsOffensive SecurityCloud HardeningArchitecture DesignApplication Security+1

Perseus group, constellation software

2 roles

Senior Security Engineer

Promoted

Feb 2024 โ€“ Aug 2025 ยท 1 yr 6 mos

  • Working via Contour Software at Perseus Group, Constellation Software
  • Established and led the VA/PT department, conducting comprehensive penetration testing and vulnerability assessments across cloud platforms, infrastructure, web apps, mobile apps, and thick clients.
  • Performed in-depth static and dynamic security testing using both manual techniques and automated tools.
  • Architected a cost-efficient SOC leveraging Wazuh for real-time monitoring of Azure-hosted production servers.
  • Secured multiple Azure subscriptions by deploying and managing Microsoft CSPM tools.
  • Directed and supervised the security team, ensuring efficient operations and continuous improvement.
  • Implemented robust access control measures in the cloud, utilizing IAM and RBAC to enforce a least-privilege model.
  • Advised stakeholders on achieving and maintaining SOC2 compliance.
  • Eliminated hard-coded secrets across multiple products by adopting Azure Managed Identities.
  • Trained and mentored team members in best practices for secure software development.
Penetration TestingVulnerability AssessmentIAMRBACSOC2 complianceCloud Security

Security Engineer

Oct 2022 โ€“ Feb 2024 ยท 1 yr 4 mos

Tecvity

Co-Founder

May 2022 โ€“ May 2025 ยท 3 yrs ยท On-site

  • At Tecvity, I led the Cybersecurity Services Department, overseeing strategy, delivery, and innovation in security offerings tailored for diverse client needs. In addition to heading cybersecurity, I played a cross-functional leadership role, managing financial planning, sales strategy, and key operational decisions to drive overall business growth.
  • Key achievements:
  • Built and scaled the cybersecurity practice from the ground up, delivering secure solutions across various industries.
  • Spearheaded business development efforts, contributing to revenue growth through strategic client engagements and partnerships.
  • Directed financial operations, ensuring fiscal responsibility and operational efficiency.
  • Worked closely with co-founders and senior teams to shape and execute the companyโ€™s vision and roadmap.

Systems limited

Associate Security Engineer - VAPT & Application Security

Dec 2021 โ€“ Oct 2022 ยท 10 mos

  • Conducted thorough source code reviews, both manually and using automated tools such as HCL AppScan SAST.
  • Performed dynamic security testing on web and mobile applications using Burp, ZAP, MobSF, Frida, Objection, and other tools.
  • Led technical interviews to recruit top talent for the security team at Systems Ltd.
  • Executed cloud security and compliance reviews in alignment with CIS benchmarks.
  • Managed infrastructure vulnerability assessments utilizing Tenable Nessus.
  • Collaborated with stakeholders to interpret security reports and drive the remediation of identified issues.
Application SecurityDAST

Tkxel

Software Engineer

May 2021 โ€“ Dec 2021 ยท 7 mos ยท Lahore, Punjab, Pakistan

  • Developed a full-stack marketplace application with ReactJS on the frontend and ExpressJS on the backend.
  • Implemented a microservices architecture on the AWS platform, leveraging services such as S3, EC2, SES, and Aurora.
  • Designed and deployed a custom notification service in NodeJS utilizing Amazon SES.
  • Trained team members on secure coding practices in ReactJS.
ScrumGitFull-Stack Development

Education

PUCIT - FCIT

Bachelor of Science - BS โ€” Software Engineering

Jan 2017 โ€“ Jan 2021

Concordia Colleges

F.Sc Pre Engineering

Jan 2015 โ€“ Jan 2017

St Joseph High School, Gujranwala

Matriculation

Jan 2013 โ€“ Jan 2015

Stackforce found 100+ more professionals with Application Security & Cloud Security

Explore similar profiles based on matching skills and experience

Manish S.

Manish S.

Lead Information Security Engineer

at Gameskraft

Bengaluru, India5 yrs 5 mos exp
Pankaj Gaikar

Pankaj Gaikar

Senior Manager Application Security

at CoinDCX

Mumbai, India8 yrs 5 mos exp
Infrastructure SecurityThreat & Vulnerability Management
Mukesh chaudhari

Mukesh chaudhari

Application Security Manager

at Paytm

India10 yrs 1 mo exp
Penetration TestingVulnerability Assessment
Mohammad Y.

Mohammad Y.

Associate Consultant - Offensive Security

at CLA Global Indus Value Consulting

Mumbai, India11 mos exp
Network PentestingApplication PentestingVulnerability Assessment
Vartika Bhatt

Vartika Bhatt

Senior Product Security Engineer

at GoTo Group

Bengaluru, India7 yrs 3 mos exp
Jessie Ho

Jessie Ho

Senior Application Security Engineer

at ByteDance

Singapore, Singapore8 yrs 3 mos exp
Narek Babajanyan

Narek Babajanyan

Senior Incident Response and Threat Prevention Engineer

at ServiceTitan

Yerevan, Armenia5 yrs 10 mos exp
CybersecurityDigital Forensics
Soumya Gupta

Soumya Gupta

Associate

at Morgan Stanley

Bengaluru, India7 yrs 7 mos exp