DevSecOps & Application Security Engineer | Platform security, cloud defense automation, and security-focused open source

Public work I can explain deeply: Kubernetes hardening, WAF automation, and security-focused contributions to open-source security tooling.

• Public project: K8s Security Baseline -- CIS benchmark audit automation, RBAC templates, network policies, and SOC 2-aligned reporting
• Public project: AWS WAF Security Framework -- Terraform modules for AWS WAF v2 with bot protection, rate limiting, and eCommerce-focused rules
• Open-source contributor: PentAGI -- 51 merged PRs across 65 submitted PRs for OAuth hardening, runtime reliability, test coverage, Docker Compose infrastructure, flow-scoped file handling, and operator/user-facing docs
• Open-source contributor: Trivy -- test coverage contributions for container and IaC security scanning
• Open-source contributor: Strix -- documentation fixes and bug triage for AI pentesting agents

• PentAGI -- Contributor, not owner. 51 merged PRs across 65 submitted PRs, including OAuth hardening, runtime reliability, Docker Compose health checks, operator configuration docs, flow-scoped file uploads, assistant flow-management docs, and broad test coverage for core packages. Stack: Go, TypeScript, GraphQL.

I use GitHub to show public projects I can defend in detail and merged upstream work that has third-party validation.

• Security and auth hardening: OAuth GET callback state enforcement (#120), required field validation in OAuth state parsing (#125), missing return fix in OAuth callback redirect (#127), CA private key cleanup after certificate signing (#168), and OAuth callback setup documentation (#260).
• Runtime and reliability: browser tool graceful degradation on screenshot failure (#150), http.DefaultClient mutation guard in search tools (#151), error propagation in GetTool container lookup (#152), repeating tool-call infinite loop fix (#178), detached command context isolation (#179), configurable terminal tool timeout (#261), Docker Compose validation alignment (#265), and pgvector Docker Compose health checks (#243).
• Deployment and operator guidance: Docker mirror guidance for restricted networks (#262), first-use and memory-lifecycle docs (#264, #267), current capability/settings clarification (#269-#270), OpenVAS custom image guidance (#275), scope-of-work and evidence chain docs (#276-#277), OSINT integration scenarios (#278), assistant flow management for active flows (#292), processor wizard link fixes (#293), and web UI account setup docs (#294).
• Workflow and file handling: flow-scoped file uploads (#272).
• Test coverage and maintainability: search tools (#153), executor helpers and terminal utilities (#172), provider coverage (#189), config and terminal packages (#199-#200), response and embeddings packages (#201-#202), graph and server context helpers (#213-#214), server models and schema validation (#230-#231), Langfuse coverage (#241-#242), and Graphiti client coverage (#244).