- Capabilities
- 5
- Tools & platforms
- 5
- Discipline
- Security
Validate running applications and APIs from the outside in — combining automated dynamic scanning in CI with manual penetration testing to surface vulnerabilities that only appear at runtime.
- Automated DAST scanning integrated into CI/CD
- Manual web and API penetration testing
- Authentication, session and access-control testing
- Business-logic and chained-vulnerability validation
- Remediation guidance and re-test verification
The stack behind the work.
The tools I reach for day to day — with a rough sense of where my depth sits.
Burp Suite
ExpertManual web app pentesting & interception
OWASP ZAP
AdvancedAutomated DAST scanning in CI
Nuclei
ProficientTemplate-based vulnerability scanning
Postman
AdvancedAPI security & abuse-case testing
SQLMap
ProficientInjection discovery & validation
Projects that put this to work.
Enterprise AppSec Migration
Driving tiered application onboarding into a unified AppSec program with automated CI/CD gating.
IAM Least-Privilege Redesign
Role redesign and policy enforcement program reducing over-privileged access across cloud accounts.
CI/CD Security Automation
Embedded SAST, DAST and SCA gates into shared CI/CD pipelines for automated pre-deployment validation.
AI/LLM Security Guardrails
Secure-by-design review and guardrail program for AI/LLM-integrated services across the platform.
Application Security
Embedding secure-by-design into the SDLC.
SAST
Static analysis that finds flaws in source before it ships.
Cloud Security
Hardening cloud-native estates at enterprise scale.
DevSecOps
Automating security as code into every pipeline.