Senior Product Security Engineer

OSCP, CEH, and ISTQB certified specialist driving secure-by-design software for Fortune 100 enterprises.

📂 View Use-Case Portfolio 📅 Book a Discovery Call

Tampa, Florida | contact@a3sec.net | [PGP Key]

12 years in Application Security, Cloud, and Test Automation delivering zero-friction DevSecOps and Secure SDLC programs. Hands-on with SCA, SAST, DAST tooling, AWS/GCP hardening, Terraform-driven IaC, container security, CI/CD pipelines, and Gen AI accelerators. Coding in Python & TypeScript. Based in Tampa, Florida.

Core Specializations

End-to-end Security Automation (CI/CD, IaC, ChatOps)
Secure SDLC Frameworks (BSIMM, SAMM)
Enterprise-scale Vulnerability Management (100k+ assets)
Threat Modeling & Testing (OWASP ASVS, OWASP TOP 10)
Gen-AI for security operations

Technical Security Expertise

SAST / DAST / SCA program design (Tenable, Snyk, Orca, SonarQube)
Cloud Security – AWS & GCP
Compliance automation & evidence collection (Slack, Asana, Athena)
Threat modeling & risk assessment (STRIDE, OWASP Top 10, ASVS)
Gen-AI for security operations (LLM-based triage & chatbots)

Technologies & Platforms

Python – built 50+ security automations saving 3,000 hrs/yr
GitHub Actions – governed 2,500 repos with policy-as-code
Jenkins / GitLab – shifted-left SAST in sub-5-minute pipelines
LLMs – RAG chatbot slashed compliance reporting time by 75 %

Security Tooling Proficiency

Tenable & Qualys – enterprise VM across 100,000 assets
Snyk, Orca, SonarQube – unified AppSec dashboarding
Burp Suite Enterprise – automated regression scans (2,000+ APIs)
Armis & Datadog – agentless runtime visibility in the cloud

Selected Engagements

Embedded Snyk, Tenable, Orca, Armis; slashed critical vuln backlog 60 % and rolled out Secure SDLC guard-rails across orgnization
Compliance Slack bot: automated evidence collection using Slack, Asana, AWS Athena & GitHub; cut audit effort by 75 %.
GlobalLogic – Enterprise SonarQube rollout: procurement, HA Terraform infra, CI/CD hooks, and training for 120+ engineers.
GlobalLogic – Enterprise Burp Suite Enterprise deployment: IaC setup, pipeline integration, workshops; scan coverage ↑ 0 → 85 %.
Cisco MSX – Automated open-source risk management (Black Duck) and CI/CD security gates, raising release compliance from 40 % to 90 %.

Certifications

OSCP – Offensive Security Certified Professional
CEH – Certified Ethical Hacker
ISTQB Certified Tester
Pentesting Fundamentals – Secure That Cert
Virtual Hacking Labs Penetration Testing Certificate

Speaking & Community

Ukrainian IT Tampa Bay Meetup (2024) – Presenter: "Current state of AI"
OWASP Ottawa (2020) – Presenter: "Buffer Overflows"
BSides Ottawa (2019) – Presenter: "Hack the Box challenge walkthrough"
Docker Ottawa (2019) – Lightning Talk: "Selenium Automation with containers"