Application Security & SSDLC
- Threat modeling and secure design reviews
- Secure SDLC (SSDLC) practices and requirements
- Web and API security, WAF tuning
- Vulnerability management and remediation workflows
Senior Application Security Engineer
I help teams ship secure software.
Application Security and DevSecOps engineer focused on secure SDLC, threat modeling, security automation and governance of risks and controls in high-impact systems.
~/portfolio/appsec
> threat_model --target "modern web app"
> run ci-security --pipeline github-actions
> monitor logs --mode purple-team
✔ portfolio loaded successfullyAbout
I’m an Application Security Engineer with a strong focus on helping engineering teams build secure, resilient and scalable applications. Over the past years, I’ve worked closely with product, development and infrastructure teams, supporting secure design decisions, threat modeling, vulnerability remediation and security automation. My experience ranges from hands-on penetration testing and code-level guidance to designing AppSec programs, improving security pipelines and implementing governance practices inside large, fast-moving organizations. I enjoy tackling complex security problems in distributed systems, microservices and cloud environments, always aiming to reduce risk without slowing down delivery.
Skills
DevSecOps & Automation
- CI/CD security (SAST, DAST, SCA) integration
- Security automation with Python and Shell
- Collaboration with SRE and platform teams
- Evidence collection and pipeline-based controls
GRC, ITGC & Cloud
- GRC and IT General Controls (ITGC) assessments
- Risk assessment and security governance
- Familiarity with AWS, Azure and GCP
- Monitoring and dashboards (Grafana, Prometheus, BI)
Featured Projects
A few projects that reflect how I think about secure engineering and automation.
FP-GUI – False Positive Justification
Desktop app to manage false-positive justifications for vulnerability findings. Designed to keep triage disciplined and auditable.