
Application Security Engineer - Contract at Strike 7
Overview
As an Application Security Engineer at Strike 7, I helped build and secure an autonomous AI-powered penetration testing SaaS platform for Managed Service Providers and enterprise clients. The platform supported isolated client/MSP provisioning, package assignment, direct client purchases, and automated pentest execution. I worked across Nest.js, TypeScript, PostgreSQL, and cloud infrastructure while applying secure REST API design, authentication and authorization controls, input validation, organization-level data segregation, tenant isolation, PostgreSQL Row Level Security, and GDPR/SOC2-aware architecture decisions. The platform also integrated AI-related services including mem0, Browserbase, and Langfuse to support automated security workflows and observability.
Key Responsibilities
- • Designed and developed backend services and frontend modules for an autonomous AI-powered penetration testing SaaS platform
- • Implemented isolated provisioning workflows allowing MSPs to assign testing packages and clients to directly purchase and execute automated pentests
- • Created and secured RESTful APIs with authentication, authorization, validation, tenant isolation, and safe error handling
- • Structured PostgreSQL databases with org-level data segregation, Row Level Security patterns, indexing, and query performance tuning
- • Contributed GDPR/SOC2-aware implementation choices for customer data handling and SaaS security boundaries
- • Integrated mem0 for contextual memory handling, Browserbase for browser automation, and Langfuse for LLM observability
- • Followed secure coding standards and performed security testing to reduce common web vulnerabilities
- • Contributed to admin dashboard development for centralized management of users, packages, pentests, and configurations
- • Worked in a collaborative team environment leveraging AI-assisted development for faster and more efficient implementation
Tech Stack
Backend
- Nest.js
Language
- TypeScript
Database
- PostgreSQL
- PostgreSQL RLS
Cloud
- AWS
- DigitalOcean
Security
- RESTful APIs
- Authentication
- Authorization
AI tooling
- mem0
- Browserbase
- Langfuse