I work at the intersection of software development and cybersecurity, bringing a coder's mindset to security engineering. I understand how systems are designed and implemented, and just as importantly, how security weaknesses emerge from architectural decisions, trade-offs, and everyday coding choices.
Earlier in my journey, I was deeply involved in competitive programming and full-stack development, confidently building working systems. It was only later that I realized how easily security issues were slipping into my otherwise well-structured code. That realization reshaped how I approach security engineering today.
This perspective now guides my work in managing and fixing vulnerabilities in Ubuntu. I hold a thesis-based master's degree in Information Systems Security from Concordia University and a bachelor's degree in Computer Science from BUET. I am also actively learning and practicing reverse engineering and source code analysis.
/experience
Associate Security Software Engineer
Canonical Ltd.
Jan 2026 - present
Securing Ubuntu’s software ecosystem at Canonical, the publisher of Ubuntu. Driving vulnerability triage-to-patching work across main and universe packages, while supporting broader security engineering commitments. Also designing LLM-assisted workflows to increase engineering velocity.
Security Research Assistant
Concordia Information Security Research Lab
Sep 2023 - Dec 2025
Research on risk-aware vulnerability management, exploring how CVE lifecycles and runtime signals can reshape patch prioritization in containerized environments. Produced multiple peer-reviewed publications with academic and industry collaborators, including one best paper award.
Cloud Security Engineer
Sunphinx Cybersecurity
Summer 2024, Summer 2025
Cloud container security across two back-to-back summer internships. Automated vulnerability scanning, patch validation and Kubernetes rollouts for 500+ Docker images, reducing downtime by 75%.
/education
MASc, Information Systems Security (Thesis-based)
Concordia University
Sep 2023 - Dec 2025
Focused on security across cloud, networks, operating systems and cryptography, completed with a 4.3/4.3 GPA. FRQNT B1X Scholar (ranked 2nd by the Government of Quebec), department representative and @Hack CTF 2025 organizer.
BSc, Computer Science and Engineering
Bangladesh University of Engineering and Technology
Apr 2018 - May 2023
Computer science foundation across distributed systems, databases, networks, operating systems, ML/AI and data structures, completed with honors. Dean’s List recipient, RISE Scholar, Government Merit Scholar, and founding Vice President of BUET Cybersecurity Club.
/publications
JANUS: Coordinating Vulnerability Prevention and Exploit-chain Mitigation for Containerized CI/CD Pipelines
Shafayat Hossain Majumder, Suryadipta Majumdar, Sourov Jajodia, Patrick Jean-Baptiste
22nd EAI International Conference on Security and Privacy in Communication Networks (SecureComm), 2026
On Detecting Malicious Code Injection by Monitoring Multi-Level Container Activities
Md Olid Hasan Bhuiyan, Souvik Das, Shafayat Hossain Majumder, Suryadipta Majumdar, Md Shohrab Hossain
14th International Conference on Cloud Computing and Services Science (CLOSER), 2024
Layered Security Analysis for Container Images: Expanding Lightweight Pre-Deployment Scanning
20th Annual International Conference on Privacy, Security and Trust (PST), 2023
An Empirical Study of Code Smells in Transformer-based Code Generation Techniques
Mohammed Latif Siddiq, Shafayat Hossain Majumder, Maisha Rahman Mim, Sourov Jajodia, Joanna CS Santos
22nd IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), 2022
/contact
The best way to reach me is by email or
LinkedIn.
I am always open to thoughtful conversations around Linux security, open-source security,
source analysis, and reverse engineering, and food.
