Hamed
Mohamed.
Full-Stack Engineer. Node.js & React. Focusing on Application Security and Performance.
About Me
Full-Stack Engineer.
Node.js & React.
I'm Hamed, a Full-Stack Engineer based in Turkey. I currently work at the AI & Digital Transformation Unit at Tokat University, where I build and secure Node.js systems.
Recently, I helped ship a high-throughput QR attendance platform for 2,000+ students across 7 faculties. We managed to cut the response latency by 98% while keeping the system highly available using circuit breakers.
My Philosophy
I don't build WordPress themes and I don't ignore edge cases. I care deeply about data integrity, system resilience, and treating security as a feature, not an afterthought. When I'm not writing APIs, I'm hunting for vulnerabilities in open-source tools like NodeSecure.
My Core Stack (Honest Opinions)
Node.js
Fast I/O. I love it, but I use strict linting to avoid spaghetti.
PostgreSQL
My go-to database. Data integrity is better than NoSQL hype.
Redis
Mandatory for rate-limiting and caching. Saves the DB from melting.
React
Great ecosystem, but I keep renders strictly controlled.
( 01 )
Backend Engineering
I build APIs and backends that scale. I focus on keeping latency low, database queries efficient, and the architecture clean.
( 02 )
Application Security
( 03 )
System Resilience
Career & Experience
Experience
Full-Stack Engineer & Security Researcher
AI & Digital Transformation Unit · Tokat, Turkey
- Led 3-person team building QR attendance system managing 2,000+ students across 7 faculties
- 98% latency reduction (94.91ms → 1.53ms) and +6,100% throughput (653 req/s)
- Implemented Opossum Circuit Breaker for 99.9% service availability
- Ingestion scripts processing 25,000+ records in <1.5s
- ~85% backend test coverage · SAST/DAST CI/CD · Fixed 15+ vulns before prod
Open Source Contributor
NodeSecure Ecosystem · Remote
- 7 merged PRs across js-x-ray & scanner repositories
- Built insecure-random probe (flags Math.random() misuse) — PR #452
- Improved localhost/SSRF detection in shady-url checker — PR #462
- Added sensitivity option (conservative/aggressive) across AstAnalyser — PR #456
- Built benchmarking infra with mitata to track AST baselines — PR #496
Education
B.Sc. Computer Engineering
Tokat Gaziosmanpaşa University, Turkey · GPA 3.38/4.0
0
1
2
3
QR Attendance System
Hybrid QR verification pipeline managing 2,000+ students across 7 faculties. 98% latency reduction — from 94ms down to 1.5ms. +6,100% throughput. Circuit Breaker pattern for 99.9% uptime.
💡 Behind the code:Lesson Learned: High throughput requires aggressive caching. I had to rip out the original DB queries and rewrite them to use Redis.
NodeSecure OSS Contributions
7 merged PRs to the NodeSecure ecosystem. Built insecure-random probe, improved SSRF detection, added configurable sensitivity modes and performance benchmarking.
💡 Behind the code:Lesson Learned: AST analysis is incredibly powerful but resource-intensive. Writing efficient recursive tree walkers is harder than it looks.
DragonSploit
AI-powered vulnerability scanning with intent-based orchestration engine. Dynamic strategy selection gives ~40% efficiency gain. Stack-detection module cuts false-positive alerts by 70%.
💡 Behind the code:Lesson Learned: AI engines can hallucinate vulnerabilities. The real challenge was building a deterministic validation layer to verify the AI's claims.
Technologies
My Stack
Languages
Frontend
Backend
Security & DevOps
Get in Touch
Let's build
something secure.
If you need someone to fix your backend performance, secure your infrastructure, or build a scalable system from scratch, send me an email.
curl -X POST https://api.hamed.dev/contact \
-H "Content-Type: application/json" \
-d '{"message": "Let's build something."}'