Joseph Ekene Ejike

Joseph Ekene Ejike

Lead Product Security Engineer & DevSecOps Architect

I combine the mindset of an adversary with the discipline of a systems architect to build secure, scalable platforms.


View Architecture Contact Me

About Me

I am a Lead Product Security Engineer who believes you cannot secure what you cannot break.

My background is rooted in offensive security—uncovering critical logic flaws like Race Condition, Authentication & Authorization flaws and IDOR in complex financial systems. I leverage this deep understanding of attack vectors to architect "Golden Pipelines" and Zero-Trust Identity systems that stop adversaries before they gain a foothold.

Currently, I lead security engineering initiatives for enterprise-scale platforms, bridging the gap between aggressive penetration testing and automated DevSecOps defense.

Architectural Case Studies

1. The Enterprise "Golden Pipeline" Standard

The Challenge: Fragmented deployment processes led to unverified dependencies and base image staleness entering production.

The Solution: I architected a unified DevSecOps standard using Google Artifact Registry as the central control plane.

This enforces a strict supply chain policy:

  • Dependency Proxying: Caching public/private dependencies to prevent upstream outages.
  • Base Image Refresh: Automated triggers to rebuild containers when base images are patched.
  • Provenance: Signing images with Cosign before pushing to the registry.

Impact: Adopted by all product teams. Eliminated unverified binaries and ensured 100% of production artifacts are signed and scanned.

Google Artifact Registry Snyk Cosign OWASP ZAP
DevSecOps Pipeline Architecture 
                        graph TD
                            HR[Jira Service Mgmt] -->|Webhook| Okta[Okta Workflows]
                            Okta -->|Onboard| Prov[Provision AWS & JumpCloud]
                            Okta -->|Offboard| Kill[Revoke Sessions & Lock Device]
                            style Kill fill:#7f1d1d,stroke:#fff

2. Zero-Touch Identity & Access Automation

The Challenge: Manual onboarding created "ghost accounts" and delayed access revocation, risking compliance failures.

The Solution: Engineered a fully automated lifecycle using Jira, Okta, and JumpCloud. Access is granted based on Role (RBAC) and revoked instantly upon contract termination.

Impact: Reduced IT overhead by 90% and ensured 100% audit compliance for ISO 27001 access controls.

Okta Workflows Jira Automation JumpCloud Python

Technical Arsenal

Offensive Security & VAPT

  • Web/API: Burp Suite Pro, Postman, OWASP ZAP
  • Mobile (iOS/Android): Frida, Objection, Jadx-GUI, Apktool, adb, Ghidra
  • Network Recon: Nmap, Wireshark, Metasploit
  • Exploit Dev: Python Scripting, Bash Automation

Cloud & Infrastructure

  • AWS Security Hub & GuardDuty
  • Docker & Kubernetes Security
  • Terraform (IaC) & System Hardening
  • Linux Endpoint Security

AppSec & Supply Chain

  • Google Artifact Registry Governance
  • Snyk, Checkmarx, SonarQube
  • GitHub Advanced Security
  • Threat Modeling & SBOM Management

Governance & Identity

  • ISO 27001 & PCI DSS Implementation
  • Zero Trust Architecture (Okta/JumpCloud)
  • RBAC Design & Policy Enforcement
  • Incident Response & Forensics

Professional Experience

Lead Product Security Engineer

FCMB Group | Oct 2024 - Present
  • Advanced Penetration Testing: Led grey-box assessments on flagship financial platforms, uncovering and remediating critical business logic flaws including a Double-Spend Race Condition, IDOR-based Account Takeover, and a Pre-Account Takeover ("Ghost User") vulnerability.
  • DevSecOps Standardization: Designed the "Golden Pipeline" standard for the organization's products and Payment APIs, ensuring secure delivery for high-volume transactions.
  • Supply Chain Governance: Enforced strict artifact integrity by mandating verified container registries, eliminating risks of dependency confusion and unverified binaries.
  • Identity Architecture: Engineered an automated identity lifecycle system, integrating HR triggers with cloud IdPs to enforce Zero Trust access controls.

Application Security Engineer

First Bank Plc | Sep 2023 - Sep 2024
  • API & Web Security: Conducted in-depth VAPT on Consumer Mobile Apps and Corporate APIs. Discovered critical Broken Authentication flaws on account endpoints and Refresh Token Hijacking scenarios caused by lack of rotation.
  • Pipeline Security: Integrated automated security gates (SAST/DAST) into CI/CD workflows, reducing the deployment of critical vulnerabilities by 40%.
  • Infrastructure Protection: Deployed and tuned Web Application Firewalls (WAF) to protect backend database connections and sensitive customer data from application-layer attacks.

Cybersecurity Instructor & Mentor

10Alytics | Sept 2024 - Sept 2025
  • Curriculum Development: Designed and delivered hands-on labs focused on Cryptography, SIEM Architecture (Wazuh), and Incident Response.
  • Mentorship: Mentored over 50 students, guiding them through practical capstone projects to transition into professional cybersecurity roles.

Technical Support Engineer (L3)

Tek Experts (OpenText) | Sept 2021 - Aug 2023
  • Infrastructure Monitoring: Managed enterprise-grade network monitoring solutions (NNMi), overseeing cluster management and platform upgrades for global clients.
  • Container Operations: Supported Kubernetes and Docker deployments, ensuring configuration compliance with enterprise security policies.

Open Source & Tools

Threat Hunting with Wazuh

Combining Wazuh FIM with Yara for proactive threat detection on Linux endpoints.

Read Article →

Bash Log Analyzer

Automated script for parsing failed login attempts and performing geolocation analysis.

View Code →

Network Vuln Scanner

Bash-based network mapper and service identifier for rapid assessments.

Watch Demo →

Thought Leadership & Knowledge Sharing

Technical Workshops & Speaking

AWS Cloud Architecture: Deploying Scalable Workloads

Focus: AWS ECS Fargate, RDS MySQL, Application Load Balancers (ALB).

Designed and delivered a technical session on deploying production-grade WordPress architectures. Demonstrated container orchestration patterns, ECS-to-RDS networking, and the integration of Docker Hub into the deployment workflow.

"Simplifying complex networking to help practitioners connect the dots between stateless containers and stateful databases."


View LinkedIn Post

Exploiting Vulnerabilities: Network & App Security

Focus: Ethical Hacking, Real-world Attack Simulations.

Hosted a live interactive session for over 100 cybersecurity professionals. Walked through the lifecycle of an attack, demonstrating how ethical hackers identify network vulnerabilities and mitigate application exploits in real-time.


Watch Session Clip

Featured Publications

Kubernetes Operations with Warp

A technical series on optimizing K8s workflows using the Warp terminal. Covering advanced log analysis and deployment management.

Read: Kube Logs → Read: Kube Delete →