Application Security Engineer - DevSecOps
I am a Security Engineer with over 5 years of hands-on experience, currently working at Tranchulas where I lead efforts in securing cloud-native applications, conducting advanced penetration tests, and implementing scalable DevSecOps practices. My focus is on enabling secure software delivery pipelines, improving security posture across infrastructure and applications, and reducing risk exposure through proactive assessments and automation.
Over the years, I’ve worked across a wide range of security technologies and practices. My core competencies include penetration testing, vulnerability assessments, API security, secure code reviews, and implementing SAST/DAST tools within CI/CD pipelines. I have hands-on experience with Python, Bash, Docker, Kubernetes, GitLab CI, and security tools like Burp Suite Pro, Nessus, OWASP ZAP, MobSF, and DefectDojo. I'm also experienced in managing cloud security for AWS and Azure, including IaC via Terraform and Ansible.
I’ve had the opportunity to collaborate with cross-functional engineering and DevOps teams to deliver secure, compliant, and scalable platforms. Known for being a fast learner, I pride myself on delivering high-quality results on time and continuously improving my technical and soft skills. I am now looking forward to taking on new challenges in international teams.