Summary

Security-focused software engineer and DevSecOps specialist. Integrates application security and automated defenses into the SDLC: secure code reviews, threat modeling, CI/CD hardening, dependency and container scanning. Experienced with OWASP Top 10, API security, authentication, rate limiting, and log hardening. Builds secure-by-design systems without sacrificing delivery speed.

Skills

• • Secure code reviews, threat modeling, static/dynamic analysis (SonarQube, OWASP ZAP)
• • OWASP Top 10, API security, authentication, rate limiting, input validation
• • CI/CD pipeline security (GitHub Actions), dependency & container scanning (Snyk, Trivy)
• • Log hardening, data protection, secure-by-design development

Experience

Frontend & Blockchain Developer · Freelance / Independent · 2022 – Present

• • Applied application security best practices across projects: secure API consumption, input validation, access control, dependency risk reduction.
• • Implemented CI/CD pipelines with automated testing and security scanning to improve code reliability and deployment safety.
• • Integrated security into frontend and backend: secure UI patterns, API hardening, and OWASP-aligned practices in production systems.
• • Collaborated with engineering and product to embed security early — from design through deployment — reducing attack surface and data exposure risk.