South Moravia, Czechia
Product Security Engineer at SolarWinds Hack the Box profile: https://profile.hackthebox.com/profile/019e1abf-12dd-7352-a352-4d65c57e4907, HTB Rank: Professional HTB certified CJCA
Software Security Group (SSG) • Designed, discussed with engineering, implemented, and validated security remediations across a broad attack surface, including privilege elevation, weak ACLs, AI vulnerabilities, HTTP vulnerabilities, SQL Injection (SQLi), Cross-Site Scripting (XSS), weak randomness, open redirects, insecure dependency usage, hardcoded secrets, and personal data protection gaps. • Collaborated with engineering teams to ship production-ready security fixes, ensuring alignment with secure coding standards and internal security policies. • Attended the OpenSSL Conference in Prague, a world-class event focused on cryptography, security, and migration to post-quantum algorithms. • Delivered a technical presentation on AI-assisted security testing using Burp Suite Professional to the SolarWinds AI Community, focusing on practical security workflows and tooling adoption. • Mentored associate software engineers and interns in network security, privacy engineering, and applied cryptography, supporting skill development and secure development practices. • Resumed threat modeling initiative in the age of AI. • Actively participated in the technical hiring process, including candidate evaluation and interview feedback for the Software Security Group. • Security Tooling: Burp Suite Professional & Burp AI, Nmap, Metasploit Framework, GitHub Advanced Security, Entro Security. • Continuous Security Training: Hack The Box Academy: 100% CJCA + Exam passed, 29.3% CDSA, 20.2% CPTS, 16.5% CWES.
• Led and delivered major performance optimisations for the PerfStack Metric Palette, reducing page load times from minutes to seconds and materially improving customer experience for a revenue-critical feature. • Implemented and validated security remediations across a large frontend codebase, addressing Cross-Site Scripting (XSS), HTTP Host Header Injection, open redirects, sensitive data handling issues, and dependency vulnerabilities. • Coordinated npm package upgrades and security updates across 40+ modules, improving maintainability and reducing security risk. • Actively onboarded and mentored interns, associate software engineers, and software engineers through the SolarWinds Mentorship Program, covering Angular fundamentals, networking concepts (ISO/OSI model), and introductory applied cryptography.
• Worked in a global, multi-team Agile (Scrum) environment, collaborating with distributed engineering and QA teams on enterprise-scale products. • Contributed to the migration and ongoing development of the PerfStack and High Availability modules, supporting platform modernisation initiatives. • Designed and implemented Angular-based web interfaces for internal and customer-facing features, including database maintenance statistics and credential management workflows. • Developed and maintained automated test suites, including unit tests (Karma), UI and end- to-end tests (C#/Selenium), and regression test coverage to support release quality. • Participated in FIPS compliance validation activities, test stability maintenance, and CI/CD pipeline health improvements using TeamCity and Orbit. • Maintained and published the open-source Nova framework, including dependency upgrades and security-related package updates in line with best practices. • Owned and curated team documentation in Confluence and supported onboarding of new engineers through technical guidance and knowledge sharing.
In the context of my diploma thesis, I worked as a project manager for an Information System developed for the Brno Exhibition Centre. Direct meetings with customers, on-site requirements gathering, documentation, and presentations.