Backend and AI engineering, with security at the core. I design backends that don't break, audit systems before attackers do, and ship AI features that hold up under scrutiny.
Most consultants pick one lane. I work where backend engineering, security, and AI intersect — because that's where modern systems actually break.
I find what an attacker would find — first. OWASP assessments, secure API design reviews, and penetration testing for systems that can't afford to leak.
Production-grade backends built to be maintained — not just shipped. Python-first, with the boring infra that keeps systems running long after launch.
AI features wired into existing systems — without the prompt-engineering theatre. LLM integrations, RAG pipelines, and tooling that earns a place in production.
Free, browser-based, AI-powered explanations built in.
Spot scam + phishing sites — TLS, headers, domain age, redirects.
Check emails & passwords against known breaches — privately.
Decode, flag alg / expiry / sensitive fields.
Validity, TLS, cipher, SANs.
Tools are choices, not religion. I lean Python-first for backend and security work, with the rest of the stack picked to fit the system's constraints.
The Stack below is what I reach for first — equally happy to inherit a stack or design one.
Fixed scope. Fixed duration. One measurable outcome. No retainers that quietly become salaries.
A free 60-minute call. I'll walk through your setup with you, hear what your team's wrestling with, and give you a straight answer.
Engagements run two weeks to six months with a single defined deliverable: an audit report, a shipped service, a feature integrated. Pricing is fixed up front. Scope changes go through a new contract, not a surprise invoice.
Everything ships with documentation, runbooks, threat models, and pairing time along the way. The bar is: the day after I leave, your team can operate, debug, and extend what we built. No black boxes, no me-shaped holes.
For three months after delivery I'm available — questions, post-mortems, the inevitable "what did you mean on line 247." Async support, no hourly billing. New work goes through a fresh engagement.
You brief the engineer who ships the code.
I'm Souhail Harrathi — a backend engineer and security analyst working independently from Brussels. Four years shipping production systems end-to-end for SaaS, agritech, and IoT teams: APIs and infrastructure, observability, security audits, incident response.
A few recent experiences.
Full Stack Engineer · SaaS · Freelance · Dec 2025 → present
3D-scanning SaaS for kitchen fitters, architects, and interior designers. Profiled and optimised REST APIs (N+1 fixes, versioned caching), consolidated tooling under a single pyproject.toml, hardened Celery with structured logging, drove the OWASP Top 10 / SAMM audit, and built Datadog observability with Slack alerting now used daily to catch regressions.
Python Backend Engineer · Agritech · Feb → Aug 2024 · Paris
Backend services for a data platform. Built FastAPI services with event-driven sync via Redpanda + FastStream, applied SOLID / KISS / YAGNI throughout, containerised the stack, and shipped GitLab CI/CD pipelines for a DevOps-driven Agile team.
Personal project · Microservices + IoT · 2024 → ongoing
Smart-agriculture platform integrating IoT sensors, real-time streaming, and clean architecture. Three FastAPI services (streamer, API, flow runner), a broker sandbox + sensor mocker for resilience testing, RBAC, and a React/Next.js dashboard for live monitoring of temperature, humidity, and irrigation status.
Python Backend Engineer · Freelance · Jan 2022 → Jan 2023
Migrated a legacy Django application to a scalable Django REST Framework architecture. Mapped legacy data models onto clean REST endpoints, added role-based access control, and hardened API security and performance through careful reviews and refactoring.
Want more detail on any of these? Email me and I'll share a fuller breakdown.
Brussels · Belgium · BE 1032.289.638