Sajid Rahman

Sajid Rahman

Security Researcher

Iru

Hi, I’m Sajid

Software security is the core reason I became a researcher. To me, a vulnerability is more than a technical failure; it is a symptom of the complex, living organism that is human-technology interaction. My journey to understand this has spanned over 10 years, taking me from architecting financial backends serving millions of users to defending the world’s largest AI infrastructures.

I have explored the security landscape from every angle - from investigating why developers write vulnerable code during my PhD to fine-tuning GPT-2 for disinformation research at FireEye. Now, as an Applied Scientist and Security Researcher at organizations like Google and Iru, I focus on the pressing reality of the AI era: while LLMs and autonomous agents have exponentially expanded the attack surface, the bar to compromise these systems has dropped. Currently, I am focused on solving the ‘blind spots’ in generative AI and welcome new challenges in building robust, secure AI ecosystems.

Download my resumé.

Interests
  • AI Security & Data Privacy
  • Cybersecurity & Threat Intel
  • Human-centered Security
Education

  • PhD in Computer Science, 2022

    University of Florida

  • MS in Computer Science, 2017

    Kansas State University

  • BSc in Computer Science & Engineering, 2011

    Bangladesh University of Engineering & Technology

Experience

 
 
 
 
 
Senior Security Researcher
Iru.com
Aug 2025 – Present Remote
Developed ML and LLM-based threat detection pipelines for EDR systems, reducing alert fatigue and improving response times. Collaborated with engineering teams to integrate AI-driven detection into Iru’s security platform.
 
 
 
 
 
Research Data Scientist
Google Cloud Security (Team Mandiant)
Nov 2022 – Apr 2025 Remote
Applied ML, statistical modeling, and data analysis to enhance cybersecurity solutions (Google Threat Intelligence - GTI), improving incident detection rates by 30%. Developed ML models for threat detection, boosting platform efficacy, and reducing false positives by 20%.
 
 
 
 
 
Graduate Research Assistant
Florida Institute for Cybersecurity Research
May 2017 – Aug 2022 Florida
Analysing app privacy policies and 3rd-party libs' private data collection and sharing behavior.
 
 
 
 
 
Research Intern
Avast Software, Inc
May 2020 – Aug 2020 California
Investigated infidelity in Android apps privacy policy with their actual sensitive data access pattern.
 
 
 
 
 
Research Intern
FireEye, Inc
May 2019 – Aug 2020 Reston, Virginia
Fine-tuned GPT-2 to generate synthetic disinformation for disinformation simulation and detection.

Recent Publications

Quickly discover relevant content by filtering publications.
Muhammad Sajidur Rahman (2022). Combining Human Expertise with Automated Systems: Identifying Inconsistencies of First and Third-Party Privacy Disclosures in the Mobile App Ecosystem. PhD Thesis.

PDF Cite

Muhammad Sajidur Rahman, Blas Kojusner, Ryon Kennedy, Prerit Pathak, Lin Qi, Byron Williams (2021). SO{U}RCERER: Developer-Driven Security Testing Framework for Android Apps. In ASEW'21.

PDF Cite

Hadi Abdullah, Muhammad Sajidur Rahman, Christian Peeters, Cassidy Gibson, Washington Garcia, Vincent Bindschaedler, Tom Shrimpton, Patrick Traynor (2021). Beyond 𝐿𝑝 clipping: Equalization based Psychoacoustic Attacks against ASRs. In ACML'21.

PDF Cite

SM Taiabul Haque, Pratyasha Saha, Muhammad Sajidur Rahman, Syed Ishtiaque Ahmed (2019). Of Ulti, 'hajano', and "Matachetar otanetak datam": Exploring Local Practices of Exchanging Confidential and Sensitive Information in Urban Bangladesh. In CSCW'19.

Cite

Daniela Seabra Oliveira, Tian Lin, Muhammad Sajidur Rahman, Rad Akefirad, Donovan Ellis, Eliany Perez, Rahul Bobhate, Lois A DeLong, Justin Cappos, Yuriy Brun (2018). API Blindspots: Why Experienced Developers Write Vulnerable Code. In SOUPS'18.

PDF Cite Slides

See all publications

Teaching

I have been TA for the following courses:

  • CIS 6930: Applied Machine Learning (Spring'22) (Instructor: Prof. Vincent Bindschaedler)
  • CIS 6930: Trustworthy Machine Learning (Fall'21) (Instructor: Prof. Vincent Bindschaedler)
  • CIS 4930: Software Testing Continuous Delivery (Fall'21) (Instructor: Prof. Byron Williams)

I was a TA for the following courses at Kansas State University:

  • CIS450: Computer Architecture and Operations (Spring’15, 16 & 17)
  • CIS200: Programming Fundamentals (using Java) (Spring’15)

Recent Posts

Miscellaneous Troubleshooting Tricks
In this post we will present some useful hacks that I found useful in troubleshooting various things.
Sajid Rahman
Last updated on Oct 7, 2021 1 min read How-to
Tools and Techniques for NLProc
In this post I will list useful tools/libraries/techniques for text processing for various downstream ML/DL tasks.
Sajid Rahman
Last updated on Oct 7, 2021 2 min read How-to
Notes and Resources on Differential Privacy
Miscellaneous and Handy Java Functions
Sajid Rahman
Last updated on Oct 26, 2021 1 min read Notes
Refresher of Security Taxonomy
Refresher of Security Taxonomy
Sajid Rahman
Last updated on Aug 27, 2021 2 min read What-is
Install SonarQube on MacOSX
Installation of SonarQube on MacOSX
Sajid Rahman
Last updated on Aug 26, 2021 1 min read How-to
See all posts