Split, Split-Dalmatia, Croatia
I am a highly motivated and skilled security engineer with expertise in web, mobile, and cloud penetration testing, as well as vulnerability management. I am an Offensive Security Certified Professional (OSCP), AWS Certified Solutions Architect, and AWS Certified Security. I am passionate about finding and mitigating security vulnerabilities and committed to improving the security of projects. In my work, I am constantly seeking ways to enhance the resilience of projects against potential threats and to provide valuable insights to clients
-Led extensive penetration testing and vulnerability management for web, API, network (PCI DSS compliant), and mobile applications, providing technical guidance for the remediation of high-risk flaws -Conducted manual and automated secure code reviews using Snyk and Semgrep for JavaScript applications, eliminating high-risk flaws prior to production release -Applied AWS and Kubernetes security best practices, focusing on infrastructure hardening and reducing the attack surface through basic configuration audits -Streamlined vulnerability management within the SDLC by implementing tracking workflows that reduced the mean time to remediate (MTTR) critical findings -Guided junior team members in strengthening their vulnerability analysis and mitigation skills
-Conducted detailed security assessments of payment provider integrations, discovered critical vulnerabilities that prevented multi-million losses -Managed external security communications with Payment Service Providers (PSPs) to disclose vulnerabilities and coordinate secure transaction processing -Integrated SAST tools into GitLab CI/CD pipelines, reducing the mean time to remediate (MTTR) vulnerabilities by 30% -Executed comprehensive security evaluations of third-party JavaScript scripts, mitigating potential risks to web applications
-Conducted comprehensive penetration tests across web applications, api, networks (PCI DSS compliant), and mobile applications, identifying and mitigating vulnerabilities to bolster system security -Performed detailed cloud security assessments, evaluating and enhancing cloud infrastructures to protect against emerging threats -Developed and implemented information security standards and policies, ensuring consistent security practices across all phases of the SDLC -Fostered a culture of security awareness and best practices within the development teams, improving the overall security posture of projects
-Identified critical vulnerabilities for clients across the fintech, gambling, and healthcare industries and provided actionable remediation guidance to engineering teams to ensure effective risk mitigation -Demonstrated expertise in web, network, and Android application penetration testing, employing advanced techniques to uncover security weaknesses -Conducted detailed assessments of cloud infrastructures, identifying vulnerabilities and verifying the effectiveness of security controls -Participated in creating threat models to identify system-level vulnerabilities, aiding in the design of robust security defenses