Senior Security Engineer with expertise in Application Security, DevSecOps, and Cloud Security. Currently working at Unifonic, focusing on enterprise-wide security solutions and cloud-native security architecture.

Senior Security Engineer @ Unifonic

• Contributing to DevSecOps pipeline implementation with focus on security automation
• Working on security solutions for AWS and Kubernetes environments
• Participating in architecture reviews and threat modeling activities

• Discovered and responsibly disclosed critical vulnerabilities in Fortune 500 companies
• Notable companies: Twitter, Sony, Adobe, TripAdvisor, Ford Motors, Pinterest, Dell
• Published CVEs: CVE-2017-1000058 (Stored XSS at Chevereto CMS), CVE-2018-5222

• Offensive Security Web Expert (OSWE)
• Certified Cloud Native Security Expert (CCNSE)
• Certified Container Security Expert (CCSE)
• Certified DevSecOps Professional (CDP)

• Web Application Penetration Tester Extreme v2 (eWPTXv2)
• Certified Professional Penetration Tester v2 (eCPPTv2)
• Mobile Application Penetration Tester (eMAPT)

• Primary Languages: Python, Java, JavaScript
• Additional: Ruby on Rails, MySQL, Bash

• Security Testing: SAST, DAST, Penetration Testing
• Security Tools: BurpSuite Pro, OWASP ZAP, Nuclei, Subfinder, httpx, Nmap, Metasploit, Wireshark, SonarQube, Semgrep, Trivy

• Cloud Security: AWS, Kubernetes, Docker
• DevSecOps: CI/CD Pipeline Security, IaC, Security Automation

A comprehensive training project demonstrating common security vulnerabilities in banking applications.

• Built with Python, Flask, SQLAlchemy, React, JWT Authentication
• Includes modules on secure code review, authentication vulnerabilities, and API security
• Implements real-world security scenarios and industry security standards