About

About

Muhammad Hidayat

Muhammad Hidayat

Full-Stack Developer | Security Engineer | Penetration Tester


Profile Summary

Security Engineer and Full-Stack Developer with experience in offensive security, application security testing, vulnerability research, and secure software development. Experienced in conducting enterprise web application penetration testing, security assessments, vulnerability identification, and remediation support for improving organizational security posture.

Strong background in software engineering and cybersecurity research with practical experience in attack surface analysis, security automation, and modern backend systems. Actively expanding expertise in Machine Learning and Blockchain technologies with research interests in integrating Large Language Models (LLMs), blockchain systems, and cybersecurity applications for intelligent security solutions.


Core Competencies

Cybersecurity

  • • Web Application Penetration Testing
  • • Vulnerability Assessment & Research
  • • Malware Analysis & Secure Code Review
  • • OWASP Top 10 & Black-box Testing
  • • Attack Surface Analysis & Threat Intelligence

Development

  • • Full-Stack Development
  • • REST API & Microservices Architecture
  • • Real-Time Systems & Socket.IO
  • • Secure Software Development
  • • Machine Learning & Blockchain (Solidity)

Professional Experience

Lead Backend Engineer @ CookPal

Mar 2026 – Present

  • Lead backend architecture and technical implementation initiatives.
  • Design scalable application services and backend systems.
  • Develop secure and maintainable infrastructure solutions.
  • Coordinate backend development aligned with product requirements.

Security Engineer @ MPN Indonesia

Dec 2024 – Present

  • Conduct enterprise web application penetration testing and security assessments.
  • Identify and validate security vulnerabilities using offensive methodologies.
  • Collaborate with engineering teams to improve remediation processes.
  • Support application security improvements aligned with security standards.

Security Engineer @ Bapera News

Jun 2022 – Apr 2025

  • Conducted web application penetration testing using black-box methodologies.
  • Performed vulnerability identification and validation through attack simulations.
  • Assisted security posture improvement initiatives and risk reduction activities.

Full-Stack Developer @ ADICI OPS

Nov 2022 – Dec 2022

  • Built custom WordPress themes and responsive corporate websites.
  • Developed scalable frontend and backend systems.

Intern Full-Stack Developer @ Cyber Edu Inkor

May 2022 – Jun 2022

  • Contributed to a real-time communication system using Socket.IO and MongoDB.
  • Participated in full-stack development using Vue.js, Express.js, PostgreSQL, and Laravel.

Research Experience

Undergraduate Research @ Gunadarma University

Implementation of Blockchain and Large Language Models (LLM) Integration for Data Integrity Verification in Malware Analysis

  • Researching integration between blockchain systems and Large Language Models (LLMs).
  • Designing data integrity verification mechanisms for malware analysis workflows.
  • Exploring decentralized approaches to improve trust and immutability of cybersecurity datasets.

Leadership & Community Experience

Lead @ Cyber Community Universitas Gunadarma (CCUG)

2026

  • Lead and coordinate cybersecurity initiatives and technical activities.
  • Mentor members in penetration testing and CTF learning pathways.
  • Organize workshops, sharing sessions, and technical discussions.

Event Organizer & CTF Problem Setter @ Gunadarma Code Week 2.0

2026

  • Served as one of the event coordinators.
  • Designed and developed CTF cybersecurity challenges.

CTF Problem Setter

  • Web Exploitation: TechnoFair 2025, Hackfest 0x09, TechnoFair 2024, Hackfest 0x08.

Education

  • Gunadarma UniversityBachelor of Informatics (2023 – Present) GPA: 3.89
  • SMK Negeri 2 JakartaSoftware Engineering (2020 – 2023)

Certifications

  • 2026
    • Certified Red Team Analyst (CRTA)
  • 2024
    • Web Application Penetration Tester eXtreme (eWPTXv2) INE
    • Certified AppSec Pentester (CAPen)
    • Certified Blockchain Practitioner (CBP)
    • Certified Network Security Practitioner (CNSP)
  • 2023
    • Cyber Threat Intelligence 101
    • Linux System Administrator (Adinusa)
    • KKNI Level II Software Engineering Certification
  • 2022
    • Linux+ CompTIA
  • 2019
    • Voluntary Vulnerability Disclosure Program (VVDP) BSSN

Achievements & Patents

Achievements

  • 2026
    • P2MW Funding Awardee — CookPal Team
  • 2025
    • Silver Medal — IoT iIDEX (International Innovation and Design Expo)
  • 2024
    • PKM-KC Project Funding Awardee — SIMBELMAWA
    • Finalist — Ericsson Hackathon
    • Finalist — Compfest CTF 16
    • Finalist — CTF Techcomfest
    • 3rd Place — ACT CTF
  • 2023
    • 10th Place — NiteCTF
    • 7th Place — Invofest Software Development Competition
    • 2nd Place — Hackfest 0x07 CTF
  • 2022
    • Medallion for Excellence — LKS National Web Technologies
    • 1st Place — LKS DKI Jakarta Web Technologies

Patent

  • ParQRReal-Time Illegal Parking Monitoring and Violation System
    • Patent ID: EC00202455229 · Issued: June 26, 2024

Trending Tags