Muhammad Kashif Raza
I build full-stack web applications that are scalable by architecture and secure by design.
About Me
Who I Am & My Background
Designing resilient full-stack systems.
I engineer full-stack systems that scale—and resist attack. With 2+ years building ERP/CRM platforms using MERN, TypeScript, and Next.js, I specialise in backend-heavy architecture, API design, and system integrations. But I don't stop at "it works." I ask: "Is it secure by design?"
My security focus isn't theoretical. I apply OWASP guidelines to real projects: hardening authentication flows, implementing parameterised queries to prevent injection, and designing RBAC systems that follow least-privilege principles. I'm currently deepening my hands-on security skills through structured labs, vulnerability research, and automation scripting (Python/Bash).
What I bring to teams: senior-capable full-stack engineering (scalable backends, clean API contracts, performance optimization), security-aware development (threat modeling in design, secure coding patterns), and hybrid value—I bridge the gap between dev and security, reducing rework and accelerating secure delivery.
Years Engineering
Roles Delivered
Daily Transactions
Concurrent Users
Education & Qualifications
National University of Computer and Emerging Sciences (FAST-NUCES)
Bachelor's, Computer Software Engineering
September 2021 — September 2025
Experience
Enterprise delivery with security built in
Skills
Languages & Proficiency Profiles
JavaScript
TypeScript
Python
Dart (Flutter)
SQL
Bash / Shell
Tech Stack
My core development toolbox and stack
Other Skills
Methodologies & Supporting Technologies
Projects
Selected Engineering Work & Platforms
SifGen — WPS SIF File Generator
Free browser-based tool for UAE employers to generate WPS Salary Information Files (SIF) instantly. Supports bulk Excel/CSV import, IBAN validation, and outputs EDR & SCR records — all processed 100% client-side with zero data storage or registration.
ERP Notifications — Kafka & WebSockets
High-throughput, event-driven orchestration layer distributing enterprise real-time updates via decoupled microservices. Apache Kafka ingests invoicing actions; WebSockets stream sub-second status notifications to reactive UIs.
JWT Hardening Monorepo
Production-grade JWT authentication monorepo featuring Redis-backed refresh token rotation, breach detection via family wipe on token reuse, algorithm confusion prevention (HS256 pinning), XSS/CSRF mitigations, and a Next.js security lab workspace for live attack-and-defence scenarios.
WebSocket Resilience — React Native
Fault-tolerant network engine managing resilient WebSocket links across unstable mobile interfaces with exponential backoff, heartbeats, and offline message queues.
React Native Performance Demo
Hands-on demo taking a React Native list from 12 FPS → 60 FPS across 5,000 invoice records. Showcases three targeted fixes — React.memo, useMemo, and FlatList virtualization props — with a live FPS counter and side-by-side toggle between unoptimized and optimized modes.
PostgreSQL Optimization
Performance blueprint for PostgreSQL and Sequelize demonstrating indexing strategies, N+1 countermeasures, and transaction control for low-latency queries at scale.
Email Cleanup Service
Production-ready full-stack platform for secure OAuth2 Gmail linking, sender analytics, and asynchronous batch inbox cleanup with a glassmorphic UI.
CSR vs SSR vs ISR
Architectural laboratory comparing Client-Side, Server-Side, and Incremental Static Rendering lifecycles with identical layouts to expose TTFB, payload, and SEO trade-offs.
Cyberpunk Eid Card
Responsive thematic generator with cyberpunk neon components, programmatic user-string injection, and atomic style management.
MERN Lectures
Instructional repository of production-ready MERN patterns: REST route separation, Mongoose schemas, and React state integration examples.