Haitham Gad, Developer in San Diego, CA, United States
Haitham is available for hire
Hire Haitham

Haitham Gad

Verified Expert  in Engineering

AWS Developer

San Diego, CA, United States

Toptal member since July 15, 2022

Bio

Haitham is a technical leader with over 15 years of experience building products and services for several enterprises. Before starting his AWS consultancy, he spent over five years at AWS, where he helped build Amazon GuardDuty, AWS's intelligent threat detection and security monitoring service. Haitham's work was instrumental in accelerating GuardDuty's adoption by thousands of AWS customers like Snap, HBO Max, Siemens, Volkswagen, and Southwest Airlines.

Portfolio

Rehashly
Node.js, Python, Amazon Web Services (AWS), Web Security, Cloud Security...
Amazon Web Services (AWS)
AWS CloudFormation, Security, Amazon GuardDuty, Java, Python, TypeScript...
Cadence Design Systems
C++, Lisp, Python, Compilers, Compiler Design, Linux, Databases...

Experience

  • Python - 10 years
  • C++ - 10 years
  • Application Security - 6 years
  • Serverless - 6 years
  • Security - 6 years
  • Java - 6 years
  • Compliance - 4 years
  • Node.js - 4 years

Availability

Part-time

Preferred Environment

Python, Node.js, Amazon Web Services (AWS), Serverless Architecture, Cloud Security

The most amazing...

...thing I've built is Amazon GuardDuty, AWS's intelligent cloud threat detection service, which was quickly adopted by the majority of big-name AWS customers.

Work Experience

Independent AWS Consultant

2022 - PRESENT
Rehashly
  • Ran an AWS cloud consultancy to help clients build resilient, secure, and cost-optimized solutions on AWS.
  • Helped a client build their SOC program by analyzing their system, filling gaps in logging and monitoring, writing incident response runbooks, and training the development team on secure coding and AWS security best practices.
  • Bootstrapped the organization's AWS cloud infrastructure by building an AWS Control Tower landing zone and connecting their Google Workspace identities to AWS SSO. Also helped them establish security best practices.
  • Performed forensic investigation for a security incident where a client lost access to some production S3 buckets. Gave the client detailed advice on how they should proceed from there to mitigate the incident and make sure it doesn't happen again.
  • Assisted a client in the medical field to build a HIPAA-compliant network and data security infrastructure and set up a process for continuously monitoring and remediating compliance-related security controls.
Technologies: Node.js, Python, Amazon Web Services (AWS), Web Security, Cloud Security, Security Testing, Secure Coding, Web App Security, Security Audits, MongoDB, Infrastructure as Code (IaC), AWS Cloud Architecture, AWS CloudFormation, Back-end Development, Back-end, Functional Programming, DevOps, AWS DevOps, Architecture, OpenAPI, Swagger, OAuth 2, JSON, JSON Web Tokens (JWT), PostgreSQL, Jinja, React, HTML, CSS, Flask, REST APIs, NoSQL, MySQL, SQL, Next.js, Full-stack, Full-stack Development, Technical Leadership, Terraform, Identity & Access Management (IAM), DevSecOps, Boto 3, Google Cloud Platform (GCP), Software Design, API Integration, Integration, CI/CD Pipelines, Git, GraphQL, Cloud Platforms, Engineering, Go, IT Security, Leadership, Requirements Analysis, Technical Project Management, Postman, Prototyping, Docker, Data Modeling, Amazon CloudFront CDN

Software Development Engineer

2016 - 2022
Amazon Web Services (AWS)
  • Built, launched, and helped grow Amazon GuardDuty into an indispensable tool for security operations teams looking to secure their businesses' AWS workloads. GuardDuty is AWS's intelligent threat detection and security monitoring service.
  • Worked closely with leadership on planning feature roadmaps, prioritizing customer requests, scoping, estimating, and tracking projects, and addressing high-urgency escalations.
  • Helped architect and build several high-throughput scalable back-end microservices with strict reliability and security requirements, each processing billions of events daily.
  • Built some of GuardDuty's high-value security detections end-to-end, from ideation, working with a cross-functional team of product managers, applied scientists, and security engineers, prototyping, testing, operationalization, and launch.
  • Led the design and implementation of GuardDuty's multi-account functionality, simplifying GuardDuty's usability across member accounts of an AWS organization. This feature was instrumental in accelerating GuardDuty's adoption by many AWS customers.
  • Pioneered the technical design and evolution of GuardDuty's control plane architecture, including external APIs, multi-language SDKs, and CloudFormation resources. Set processes and standards for API launch readiness.
  • Provided technical leadership and mentoring for multiple generations of engineers over my tenure with AWS.
Technologies: AWS CloudFormation, Security, Amazon GuardDuty, Java, Python, TypeScript, AWS Cloud Architecture, Apache Spark, Scala, Ruby, Serverless, REST, APIs, Microservices, Node.js, AWS IAM, C++, AWS CloudTrail, Amazon Kinesis, AWS Lambda, Elasticsearch, Application Security, Amazon CloudWatch, Amazon Simple Queue Service (SQS), Amazon Simple Notification Service (SNS), Amazon S3 (AWS S3), Amazon Elastic Container Service (ECS), AWS Fargate, Amazon DynamoDB, Amazon Route 53, AWS Certificate Manager, Amazon API Gateway, AWS Glue, Dagger 2, Gradle, Program Management, Technical Program Management, Compliance, Web Security, Cloud Security, Amazon EC2, Amazon Virtual Private Cloud (VPC), AWS Organizations, GRC, PCI DSS, PCI Compliance, HIPAA Compliance, GDPR, SOC Compliance, SOC 2, Web App Security, Amazon Elastic MapReduce (EMR), Threat Modeling, Secure Coding, Security Testing, Security Audits, API Design, Amazon Web Services (AWS), Serverless Architecture, Machine Learning, Software as a Service (SaaS), Linux, JavaScript, Databases, Back-end Development, Back-end, Functional Programming, DevOps, AWS DevOps, Architecture, OpenAPI, Swagger, OAuth 2, JSON, Jinja, React, HTML, CSS, REST APIs, NoSQL, Full-stack, Full-stack Development, Technical Leadership, Identity & Access Management (IAM), DevSecOps, Boto 3, Spark, Software Design, API Integration, Integration, CI/CD Pipelines, Git, Cloud Platforms, Engineering, Go, IT Security, Leadership, Requirements Analysis, Technical Project Management, Postman, Agile, Prototyping, Docker, ETL Implementation & Design, Data Modeling, Amazon CloudFront CDN, ETL

Lead Software Engineer

2012 - 2016
Cadence Design Systems
  • Developed module generators, layout-only object generators such as dummies, guard rings, and polyfills, and place and route tools for the Cadence Virtuoso GXL physical layout suite.
  • Built a system for the assisted routing of physical layout devices, which accelerates the effort of routing components while allowing physical layout engineers to customize specific routing parameters.
  • Led module generator qualification efforts on TSMC's advanced node process design kits (PDKs), for example, TSMC 16nm and 10nm, which gave customers better confidence in adopting them.
Technologies: C++, Lisp, Python, Compilers, Compiler Design, Linux, Databases, Functional Programming, Architecture, JSON, HTML, CSS, Technical Leadership, Software Design, API Integration, Legacy Software, Legacy Code, Integration, Git, Engineering, Requirements Analysis, Desktop App Development, Technical Project Management, Prototyping

Software Development Engineer

2007 - 2012
Mentor Graphics (Acquired by Siemens)
  • Built compilers and automations to help the custom IC design group accelerate PDK development for the foundries' advanced technology nodes, for example, TSMC 16nm.
  • Contributed to reducing the mentor's release cycle, from 7-8 weeks down to 4-5 days, for advanced node PDKs of key foundries like TSMC and GlobalFoundries.
  • Represented Mentor Graphics in the OpenPDK Coalition, an open coalition aiming to define a set of open standards to allow an OpenPDK to be created once and then translated into specific EDA vendor tools and specific foundry formats.
  • Trained Mentor Graphics' PDK development team on using new PDK automation systems and building foundry partnerships.
Technologies: C++, Python, Compilers, Compiler Design, Linux, Databases, Functional Programming, Lisp, Architecture, JSON, HTML, CSS, Technical Leadership, Software Design, API Integration, Legacy Software, Legacy Code, Integration, Engineering, Requirements Analysis, Desktop App Development, Prototyping

Threat Intelligence Ingestion Service

Built GuardDuty's threat intelligence ingestion service, an extensible microservice for ingesting various in-house, third-party and open source threat-intelligence feeds for use in finding generation decision logic.

I developed control-plane APIs to define new ingestors when new threat intelligence feeds become available. I also developed configurable ingestion components that allow for initiating ingestion requests with various parameters and authentication options, transforming responses, and dispatching results to different destinations.

I built data-plane APIs to invoke ingestors on a schedule or as a response to some events, such as SNS notifications. I then used the control-plane APIs to define ingestors for various in-house, third-party, and open source threat-intelligence feeds required by GuardDuty.

AppSec Review Acceleration Program

Led an AppSec review acceleration program within AWS GuardDuty that achieved the following results:

• Reduced the AppSec review process timeline for new features from months to weeks.
• Uncovered and mitigated several weaknesses in the service's security posture.
• Worked with proactive security teams to mitigate very subtle and intricate attack vectors, including resource-level authorization, confused deputy protection, and cross-account access control.

I provided continuous education to the GuardDuty team on authoring effective threat models, securing their infrastructure, and writing secure code. I also continuously educated the AppSec team on the security measures that govern GuardDuty's infrastructure components, AWS account settings, and DevSecOps practices.

Governance, Risk, and Compliance Program

Led GuardDuty's GRC program, helping achieve compliances and building solutions and processes for continuous adherence.

I partnered with the GRC team to understand the auditor requirements for different compliances and identify the gaps in GuardDuty's infrastructure and process security that needed to be filled to achieve each compliance. I then led a group of engineers to implement mitigations for the identified gaps.

Within the program, I helped GuardDuty achieve several compliances, including GDPR, SOC 2, Payment Card Industry Data Security Standard (PCI DSS), HIPAA, and Federal Risk and Authorization Management Program (FedRAMP).

I also built solutions and processes to ensure GuardDuty is continuously adhering to all its existing security compliances.

GuardDuty's Operations Platform

Led the design and implementation of GuardDuty's Operations Platform, an extensible system built in Python and used by on-call rotation engineers to scale critical administrative and operational activities across GuardDuty's 28 commercial and GovCloud production regions.
2001 - 2006

Bachelor's Degree in Electrical Engineering and Computer Science

Cairo University - Cairo, Egypt

JANUARY 2022 - JANUARY 2025

AWS Certified Security Specialist

Amazon Web Services

DECEMBER 2014 - PRESENT

Machine Learning

Coursera

APRIL 2013 - PRESENT

Compilers

Coursera

Libraries/APIs

Node.js, OpenAPI, REST APIs, React

Tools

AWS CloudFormation, AWS IAM, AWS CloudTrail, Amazon Simple Queue Service (SQS), Amazon Simple Notification Service (SNS), Amazon Elastic Container Service (ECS), AWS Fargate, Amazon Virtual Private Cloud (VPC), Amazon CloudWatch, Amazon Elastic MapReduce (EMR), Boto 3, Git, Postman, Amazon CloudFront CDN, AWS Glue, Gradle, Terraform

Languages

Python, TypeScript, Java, C++, JavaScript, Lisp, HTML, Scala, Ruby, CSS, SQL, GraphQL, Go, Python 3

Frameworks

Swagger, Jinja, Apache Spark, Dagger 2, OAuth 2, JSON Web Tokens (JWT), Next.js, Spark, Flask

Paradigms

REST, Microservices, Serverless Architecture, Functional Programming, DevOps, DevSecOps, Requirements Analysis, Desktop App Development, Agile, ETL Implementation & Design, ETL, HIPAA Compliance, Compiler Design

Platforms

AWS Lambda, Amazon EC2, Amazon Web Services (AWS), Linux, Docker, Google Cloud Platform (GCP)

Storage

Amazon S3 (AWS S3), Amazon DynamoDB, Elasticsearch, Databases, JSON, NoSQL, MongoDB, PostgreSQL, MySQL

Other

Amazon GuardDuty, AWS Cloud Architecture, Amazon Route 53, AWS Certificate Manager, Amazon API Gateway, Program Management, Technical Program Management, Application Security, Web Security, Cloud Security, AWS Organizations, GRC, Compliance, Web App Security, Serverless, APIs, Amazon Kinesis, Threat Modeling, Secure Coding, API Design, Software as a Service (SaaS), Infrastructure as Code (IaC), Back-end Development, Back-end, AWS DevOps, Architecture, Technical Leadership, Identity & Access Management (IAM), Software Design, API Integration, Legacy Software, Legacy Code, Integration, CI/CD Pipelines, Cloud Platforms, Engineering, IT Security, Prototyping, Data Modeling, Security, PCI DSS, PCI Compliance, GDPR, SOC Compliance, SOC 2, FedRAMP, Security Testing, Security Audits, Compilers, Full-stack, Full-stack Development, Leadership, Technical Project Management, Machine Learning

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring