Application Security Engineer

Security engineering,
from code to operations.

I work in application security — threat modeling, secure code review, and building security tooling that helps engineering teams ship confidently. Currently expanding into security operations by building a home SOC lab from scratch and documenting the journey.

About me SOC Lab blog LinkedIn

Core skills

Threat Modeling Secure Code Review SAST / DAST / SCA CI/CD Security Web App Pentesting API Security Security Automation Developer Training Python · JavaScript · Java

Currently learning

SOC / Threat Hunting SIEM / Log Analysis DFIR

Projects

Active project

Home SOC Lab

Building a full security operations stack from scratch — Security Onion, Wazuh, Sysmon, Atomic Red Team, TheHive, MISP, and Velociraptor — all free, all open source. Documenting every component as it goes live.

Security Onion Wazuh MITRE ATT&CK VirtualBox

Read the blog AppSec

Application Security Engineering

Day-to-day work spanning threat modeling, secure SDLC integration, security automation tooling, and working directly with engineering teams to build security into software from the start.

Threat Modeling Pentest CI/CD Automation

About me

Security engineering,from code to operations.

Core skills

Home SOC Lab

Application Security Engineering

Security engineering,
from code to operations.