Hamed Mohamed Logo
Graduate & Available Now · Open to Relocation

Hamed
Mohamed.

Full-Stack Engineer. Node.js & React. Focusing on Application Security and Performance.

Hamed Mohamed helps clients build websites, landing pages, dashboards, backend APIs, QR attendance systems, and secure full-stack web applications using React, Next.js, Node.js, and PostgreSQL.

0%
Latency Reduction
0%
Throughput Boost
0+
Active Students
0
OSS PRs Merged

Full-Stack Engineer.
Node.js & React.

I'm Hamed, a Full-Stack Engineer based in Turkey. I currently work at the AI & Digital Transformation Unit at Tokat University, where I build and secure Node.js systems.

Recently, I helped ship a high-throughput QR attendance platform for 2,000+ students across 7 faculties. We managed to cut the response latency by 98% while keeping the system highly available using circuit breakers.

My Philosophy

I don't build WordPress themes and I don't ignore edge cases. I care deeply about data integrity, system resilience, and treating security as a feature, not an afterthought. When I'm not writing APIs, I'm hunting for vulnerabilities in open-source tools like NodeSecure.

UniversityTokat Gaziosmanpaşa University, Turkey
DegreeB.Sc. Computer Engineering · GPA 3.5/4.0
LocationTokat, Turkey · From Minya, Egypt · Open to KSA (Riyadh, Jeddah)

My Core Stack (Honest Opinions)

Node.js

Fast I/O. I love it, but I use strict linting to avoid spaghetti.

PostgreSQL

My go-to database. Data integrity is better than NoSQL hype.

Redis

Mandatory for rate-limiting and caching. Saves the DB from melting.

React

Great ecosystem, but I keep renders strictly controlled.

Backend Engineering

I build APIs and backends that scale. I focus on keeping latency low, database queries efficient, and the architecture clean.

01API Design
02Database Optimization
03Node.js & React
04High-Throughput Systems

Application Security

Security shouldn't be an afterthought. I write custom AST checkers, find SSRF vulnerabilities, and integrate security directly into the CI/CD pipeline.

01SAST/DAST
02Vulnerability Research
03Threat Modeling
04Open Source Auditing

System Resilience

Servers go down and networks fail. I use circuit breakers and automated fallbacks to make sure the system stays up even when things go wrong.

01Circuit Breakers
02Automated Fallbacks
03Load Testing
04Performance Tuning

Experience

Apr 2025 – Jun 2026Hybrid

Full-Stack Software Developer

AI & Digital Transformation Unit · Tokat, Turkey

  • Primary Developer in a 3-member team — built QR Attendance System serving 2,000+ users across 42 courses, 13 departments & 6 faculties
  • 98% latency reduction (94.91ms → 1.53ms) and +6,100% throughput (10.54 → 653.39 req/s)
  • Implemented Opossum Circuit Breaker for automated recovery during peak traffic
  • Executed data migration of 25,019 academic records (14,100 courses, 50 faculties, 259 programs)
  • 313 automated tests across 38 test suites · SAST/DAST CI/CD · 18 security findings remediated
Q1 2026OSS

Open Source Contributor

NodeSecure Ecosystem · Remote

  • 7 merged PRs across js-x-ray & scanner repositories
  • Built insecure-random probe (flags Math.random() misuse) — PR #452
  • Improved localhost/SSRF detection in shady-url checker — PR #462
  • Added sensitivity option (conservative/aggressive) across AstAnalyser — PR #456
  • Built benchmarking infra with mitata to track AST baselines — PR #496

B.Sc. Computer Engineering

Tokat Gaziosmanpaşa University, Turkey · GPA 3.5/4.0

Graduated Jun 2026
Backend · Performance Engineering

QR Attendance System

Node.jsPostgreSQLRedisDockerJWTOpossumApr 2025 – Jun 2026

Production QR attendance system serving 2,000+ users across 42 courses, 13 departments & 6 faculties. 98% latency reduction (94.91ms → 1.53ms). +6,100% throughput. 313 automated tests across 38 test suites. 18 security findings remediated.

💡 Behind the code:Lesson Learned: High throughput requires aggressive caching. I had to rip out the original DB queries and rewrite them to use Redis.

94ms → 1.5ms latency+6,100% throughput2,000+ daily users18 vulns fixed
Security Research · Open Source

NodeSecure OSS Contributions

TypeScriptAST AnalysisSSRF DetectionSecurityQ1 2026

7 merged PRs to the NodeSecure ecosystem. Built insecure-random probe, improved SSRF detection, added configurable sensitivity modes and performance benchmarking.

💡 Behind the code:Lesson Learned: AST analysis is incredibly powerful but resource-intensive. Writing efficient recursive tree walkers is harder than it looks.

7 merged PRsMath.random probeSSRF detectionAST benchmarks
AI · Orchestration · Security

DragonSploit

Node.jsAI OrchestrationSecurityStack Detection2025

AI-powered vulnerability scanning with intent-based orchestration engine. Dynamic strategy selection gives ~40% efficiency gain. Stack-detection module cuts false-positive alerts by 70%.

💡 Behind the code:Lesson Learned: AI engines can hallucinate vulnerabilities. The real challenge was building a deterministic validation layer to verify the AI's claims.

+40% efficiency-70% false positivesIntent-based engineStack detection

My Stack

Languages

JavaScript (ES6+)TypeScriptPythonC#JavaSQLHTML5/CSS3Bash

Frontend

React.jsNext.jsRedux ToolkitZustandTailwind CSSFramer MotionViteResponsive Design

Backend

Node.jsExpress.jsNestJSREST APIsGraphQLWebSocketsPrisma ORMPostgreSQLMySQLMongoDBRedisJWT/OAuth

Security & DevOps

DockerLinux/UbuntuCI/CD (GitHub Actions)NginxPrometheus/GrafanaSAST/DASTCircuit BreakerThreat ModelingGit

Let's build
something secure.

If you need someone to fix your backend performance, secure your infrastructure, or build a scalable system from scratch, send me an email.

LocationTokat, Turkey · From Minya, Egypt · Open to KSA (Riyadh, Jeddah)
AvailableFull-time & Open to Relocate
Terminal
Click to copy

curl -X POST https://api.web3forms.com/submit \

-H "Content-Type: application/json" \

-d '{"message": "Let's build something."}'