Sim Kalkat

FullStack/Backend Engineer | AppSec | Vancouver, BC

Backend engineer with 6+ years of experience building Go, JavaScript, and PHP systems at scale. Led Application Security as primary POC for a 7-person engineering team: OWASP Top 10 + MITRE ATT&CK reviews, Rapid7/Snyk/TruffleHog CI tooling, threat modeling, and vulnerability escalation. Track record of measurable impact: 300x query optimization, $10K+ annual cost reduction, 6-hour runtime cut to under 1 hour. Working toward CSSLP.

Work Experience

Pixieset

Fullstack Developer

May 2024 – Present
Vancouver, BC
  • Led Application Security as primary POC for 7-person engineering team: conducted OWASP Top 10 and MITRE ATT&CK reviews/mitigations across new and key flows. (Threat Modeling, SDD)
  • Identified high-severity exploitable vulnerabilities across production systems and escalated findings to engineering leadership. (Rapid7 SIEM, Sentry, SAST, Snyk)
  • Integrated automated scanning (TruffleHog) into the CI pipeline and partnered with DevSecOps to harden legacy code paths.
  • Refactored legacy queries, achieving a 300x performance improvement for the flagship product. (PHP, New Relic)
  • Led CAPTCHA service migration, saving over $10,000 a year.
  • Designed and implemented database seeders to generate realistic test data for smoke tests and edge cases, saving engineers hours of manual setup. (Laravel 11, MySQL, AWS)
  • Prototyped facial grouping and search for natural language photo search. (Python DeepFace, AWS OpenSearch, Laravel 11)
  • Shipped features and enhancements for the flagship product. (PHP Yii 2, Laravel 11, Vue 3, TypeScript, JavaScript)
PHP/Laravel Vue 3 TypeScript AWS MySQL Python Snyk Rapid7

Priceline

Backend Developer

May 2021 – May 2024
Winnipeg, MB
  • Accelerated large SQL operations via batching in Go binaries, cutting runtime from ~6 hours to <1 hour (83% efficiency gain). (Go, PHP 8, MySQL)
  • Built an automated pipeline to generate and publish OpenAPI documentation from code annotations via scheduled job, reducing manual documentation effort for affiliates. (Go, Python, JavaScript, GCP)
  • Automated CSV and PDF generation by ingesting upstream data for Account Managers. (Go, PHP)
  • Prototyped a fuzzy-matching tool to detect likely-duplicate hotel amenity names to support data normalization. (Python, GCP)
  • Partnered cross-team to triage and resolve production incidents, reducing downtime from 2–3 days to ~5 hours.
  • Built and maintained internal and partner-facing RESTful APIs using Test-Driven Development. (Go, GCP, JavaScript/TypeScript)
Go GCP MySQL PHP Python

FleetOperate

Fullstack Developer

January 2020 – May 2021
Winnipeg, MB
  • Launched initial products for shippers, drivers, and recruiters; supported 1,000+ daily shipments and high-volume customers using queue-based workflows. (AWS DynamoDB, Amazon SQS, NoSQL)
  • Improved filtering experience; increased key-shipment findability by 80%, boosting user satisfaction and engagement. (JavaScript, TypeScript, Angular 8/10/12)
  • Created CI/CD pipelines for multiple services in AWS CodePipeline.
  • Mentored co-op students and new hires to accelerate onboarding.
Node.js TypeScript AWS Lambda DynamoDB SQS

Projects

Go Scrimmage ↗

Pickup soccer organizer with Go API, PostgreSQL, SMS via Twilio. Link-based RSVP, no app download.

Python Pantry

Barcode-scanning food inventory to reduce waste. Flask, PostgreSQL, Heroku.

Laravel Study Buddy

AI-powered language flashcards via Perplexity API. Laravel 11, Vue 3.

Community

CodeNShare

Developer showcasing series + Discord community

OWASP Vancouver

Regular attendee

Toastmasters

Technical communication practice

Education & Certifications

University of Manitoba

BSc. Sciences

CSSLP

In progress