SOHAIB ZAFAR

SOHAIB ZAFAR

Backend / Full Stack Software Engineer

Multan, Pakistan

#OpenToWork

About

Backend / Full Stack Software Engineer with production experience building identity, access, authentication, authorization, account-security, and risk-engineering systems using Python, Django, FastAPI, PostgreSQL, Redis, Celery, Docker, GitHub Actions, Linux, and RESTful APIs. Delivered security-critical SaaS platforms for 2 banking-sector organizations, including cyber attack simulation campaigns for 5,000+ employees, secure access workflows, audit logging, RBAC, token-based authentication, encrypted identity-sensitive data handling, and compliance automation. Strong fit for Identity and Access engineering with hands-on experience in user authentication, session management, JWT, MFA-ready access controls, account takeover risk signals, fraud-aware security workflows, privacy-aware data modeling, API design, database performance, reliability, and user-facing product delivery.

Experience

Mobilink Bank

Backend Engineer / Full Stack Developer

Mobilink Bank

Aug 2025 – Present

• Built and maintained 2+ production-grade backend/full stack platforms using Python, Django, FastAPI, Flask, and Django REST Framework (DRF) for security-critical banking, identity, access, compliance, and risk workflows. • Designed secure RESTful APIs for authentication, authorization, dashboards, analytics, campaign engines, compliance workflows, asset governance, reporting, and third-party integrations, improving backend maintainability and frontend delivery speed. • Implemented JWT authentication, token-based access, session management, RBAC, least-privilege permissions, custom middleware, audit logging, CSRF protection, XSS protection, secure headers, SSL/TLS, and encrypted handling of sensitive user and security data. • Developed account-security and risk workflows using credential event tracking, employee behavior analytics, suspicious submission indicators, access audit trails, role-permission controls, and reporting signals relevant to account takeover detection and prevention. • Optimized PostgreSQL and MySQL schemas, ORM queries, indexes, migrations, and relational data models, reducing database load by 40%+ while improving performance, reliability, and data integrity for real-world production systems. • Shipped user-facing features across dashboards, forms, campaign flows, reporting views, admin experiences, and security training workflows, balancing security, privacy, compliance, usability, and polished product experience for non-technical users. • Automated CI/CD workflows using GitHub Actions, Docker, Docker Compose, automated tests, deployment checks, and repeatable build pipelines, improving release consistency and reducing manual deployment effort. • Implemented asynchronous processing with Celery and Redis for high-volume background jobs, campaign execution, data synchronization, report generation, compliance checks, email delivery, and scheduled operational tasks. • Owned production deployments on Linux/Ubuntu servers, managing release execution, rollbacks, backups, environment hardening, service uptime, incident response, SSL/TLS certificates, Nginx reverse proxy, and Gunicorn WSGI application serving. • Collaborated with security, compliance, operations, and business stakeholders in Agile/Scrum delivery, technical design discussions, peer code reviews, debugging, testing, API documentation, and production-readiness reviews.

PythonDjangoPostgreSQLFastAPIPAM IntegrationREST APICeleryRedisParamikoNetmiko

Education

FAST-NUCES, Peshawar

Bachelor of Science · Computer Science

2020 – 2024

Skills

Audit LoggingEncryptionRedisCeleryDockerGitHubSQLite3MySQLPostgreSQLRBACAuthorizationREST APIFlaskFastAPIDjangoCSSHTMLJavaScriptSQLPython

Languages

English (Professional working proficiency)Urdu (Native or bilingual proficiency)