About Me
I'm an applied-AI researcher and software engineer, focused on large-language-model tooling for software-security analysis and agentic code generation. My expertise blends modern web app development skills with hands-on experimentation in state-of-the-art LLMs.
I am currently completing my M.Sc. at York University, where my thesis investigates LLM-assisted vulnerability detection. Alongside my studies, I am working with Huawei Canada as a research intern to develop a repo-wide agentic test generation pipeline. Previously, I worked for 3 years as a software engineer at Dynamic Solution Innovators Ltd. and Synopsys Inc., contributing to large-scale and high-quality Java and Spring systems.
When I'm not working, you can find me traveling🌴, doing music🎸, or experimenting with new technologies🧑💻.
Experience
💼Professional Experience
Research & Development Intern
Building components for a repo-wide agentic test generation pipeline that transforms SRS requirements into executable test scripts.
- Evaluated RAG-based code retrieval strategies for repository context, revealing limitations of retrieval-only approaches.
- Analyzed the impact of repository code maps on context awareness with reduced token consumption.
- Designed a flexible logging framework to capture prompts, responses, tool calls, and agent execution traces.
- Developed labeling criteria to assess LLM steps and identify failure patterns.
- Collaborating with an overseas engineering team remotely and on-site visit to the Huawei Beijing Research Institute.
ClaudeCode
OpenAI SDK
Agent Skills
Python
OpenSearch
RAGAssociate Software Engineer
Here I worked on the HEMS project which is a nation-wide examination management system.
- Contributed to the initial database design of the application.
- Implemented the module that processes the grades of around 30,000 students per year.
- Integrated 2 payment gateways managing transactions of around 4 million BDT per year.
- Implemented REST APIs for mobile apps including JWT authentication.
Java
SpringBoot
PostgreSQL
RedisSoftware Engineer (External)
Remotely worked with Synopsys Inc. as an offshore employee from DSi. Worked on Synopsys-Detect project (now renamed to BlackDuck-Detect) which is a software compositional analysis tool. It scans a software repository to find component, security, and license vulnerabilities resulting from project dependencies.
- Worked on migrating the Detect project CI/CD pipeline from Jenkins to GitHub Actions.
- Found and fixed 2 hidden bugs in the current CI/CD that fixed cron jobs and artifact versioning.
- Fixed the broken analytics dashboard by migrating project analytics from Google UA to G44 protocol.
Java
Gradle
Jenkins
GitHub Actions
Google Analytics💡Research Experience
LLM-based C/C++ Vulnerability Detection Benchmark
In this project, I constructed a benchmark dataset of C/C++ vulnerabilities called SecVulEval. It solves the lack of statement-level granularity and contextual information in previous datasets.
- Collected 5,867 real-world C/C++ vulnerabilities.
- Curated 25,440 functions, including vulnerable statements and contextual information, related to the vulnerabilities.
- Designed and implemented an agentic vulnerability detection framework to evaluate various LLMs on C/C++ vulnerability detection.
- Made the dataset publicly available at HuggingFace - SecVulEval for community use.
- Published in AIware 2026 - Benchmark & Dataset track entitled SecVulEval: Context-Aware Benchmarking of LLMs for Vulnerability Detection. [ Pre-print ]
Python
TransformersOpenAI SDKBug Detection Framework for Java Static Analysis Tools with LLMs
Static analysis tools are widely adopted in the industry to detect bugs in software systems. However, it is important that the tools themselves are reliable, i.e., do not miss bugs or produce false positives. In this project, I created an LLM-based metamorphic testing framework to detect inconsistencies in Java static analysis tools.
- Analyzed 3 popular Java static analysis tools: SpotBugs, ErrorProne, and PMD.
- Designed and implemented an LLM-based metamorphic testing framework to uncover faulty rule implementations in Java static analysis tools.
- Evaluated 5 widely used coding LLMs—GPT-4o, CodeLlama-34B, Codestral-22B, DeepSeek-Coder-33B, and Qwen2.5-Coder-32B.—on their ability to uncover bugs in the static analysis tools.
- Uncovered total 42 faulty rule implementations in all 3 tools. All the bugs have been reported to the respective developers.
PythonJavaTransformersOpenAI SDK
SpotBugs
ErrorProne
PMDSkills & Technologies
AI
OpenAI SDKClaudeCodeTransformers
LangGraphRAG
Languages
JavaPython
JavaScript
Frameworks
SpringBoot
Node.js
PyTorch
Database & ORMs
PostgreSQLRedis
Hibernate
SqlAlchemyOpenSearch
DevOps
DockerGitHub ActionsJenkins
Tools
Bash
Git
OpenTelemetryGoogle AnalyticsProjects
Education
York UniversityToronto, Canada
Shahjalal University of Science & TechnologySylhet, Bangladesh
Get In Touch
Have a project in mind or just want to connect? Feel free to reach out to me using the form or through any of the channels below.