Application security
Secure API design, auth boundaries, tenant isolation, input validation, and threat-led review.
[ SECURITY / PROOF INDEX ]
AVAILABLE FOR SECURITY ROLES
Evidence first.
I work across application security, offensive testing, and secure product engineering. Because I also build full-stack systems, I approach security from both sides: how software is assembled and how its boundaries fail.
Operating focus
Three working areas. Details live with their evidence, not repeated here.
Offensive testing
Web and API assessment, attack-surface analysis, vulnerability validation, and pentest workflows.
Secure engineering
Security controls built into full-stack products, cloud deployments, and AI-assisted systems.
Field record
Role context and published writing. Full histories stay on their own pages.
[ EXPERIENCE ]
Application Security Engineer - Contract
Built and secured an autonomous AI pentesting SaaS platform for MSPs and enterprises, focusing on secure APIs, auth/authz, tenant isolation, RLS, and compliant architecture.
Full Stack Developer - Intern
Architected and built a PTaaS and ASM platform with security testing modules, attack-surface workflows, XSS detection automation, cloud deployment, and technical documentation.
[ RESEARCH / ANALYSIS / WRITING ]
CVE-2026-20253: Splunk's PostgreSQL Sidecar Hands Out Shells. No Credentials Required
CVE-2026-10520: Ivanti Sentry's Internal Config API Was Open to the Whole Internet
CVE-2026-32625: LibreChat MCP Server Leaks Your Entire Secret Vault to Any Logged-In User
CVE-2026-0073: Zero-Click RCE in Android's Wireless ADB Authentication
CVE-2026-23918: Apache HTTP/2 Double-Free Enables DoS and Remote Code Execution
View all writingSkills / toolchain
Working capabilities grouped by security function and engineering context.
[ Offensive security ]
- Burp Suite
- Metasploit
- Kali Linux
- Linux
- Wireshark
- OWASP Top 10
- Web/API testing
- Attack-surface analysis
[ Application security ]
- Secure APIs
- Authentication & authorization
- Input validation
- PostgreSQL RLS
- Threat modeling
- Secure SDLC
[ AI security ]
- LLM security
- Prompt injection
- Agentic workflows
- MCP security
- AI pentesting SaaS
[ Engineering ]
- TypeScript
- Python
- Next.js
- Svelte
- Node.js
- FastAPI
- PostgreSQL
- Docker
- Cloudflare
- Git
Currently pursuing
Active training paths and lab work. Status reflects ongoing study, not completed credentials.
HTB Certified Penetration Testing Specialist path
Hack The Box
TryHackMe AI Security path
TryHackMe
TryHackMe DevSecOps path
TryHackMe
Android Security
Self-study and labs
[ NEXT OPERATION ]