open to AppSec & security engineering roles

Mihai-Denis
Tapalagă
// security

Got curious about how systems work as a kid watching a Minecraft server get DoS'd off the network. Behavioral economics master gives me a different lens on what makes applications insecure: not just code, but how humans actually interact with it.

That background also built the soft skills the engineering world chronically undersupplies: structured stakeholder communication, translating findings into language non-technical teams act on, and reasoning about decisions when the data is incomplete. In security, the technical work only matters if the right people understand it and move on it.

Focused on defensive application security: secure-by-design APIs, supply chain hardening, and threat modeling that accounts for the user-behavior side. Twelve months of hands-on security work on a production codebase, BSCP exam ahead.

Security Work

Application Security Contributor12 months · independent

EventLink (API-first SaaS, early stage)

Hands-on application security work on a production codebase. Manual code review against OWASP Top 10, dependency scanning across the open-source supply chain, CVE triage, and structured remediation reporting to project owners. Stack: TypeScript backend, PostgreSQL, OpenTofu for infrastructure-as-code.

Selected Work

Technical Stack

appsec

OWASP Top 10
hands-on
Burp Suite
hands-on
SQLi / XSS
hands-on
CVE analysis
hands-on

devsecops & tooling

Trivy
hands-on
Docker
hands-on
GitHub Actions
hands-on
Dependency scanning
hands-on

recon & exploitation

Nmap
daily use
Metasploit
hands-on
Wireshark
hands-on
Responder
hands-on

platforms & certs

TryHackMetop 7% · 47-day streak · 80 rooms
daily use
Kali Linux
daily use
PortSwigger Web Security Academy
learning
Burp Suite Certified Practitioner
learning

Writeups & Research

writeups

Security Writeups & Research

AppSec methodology, vulnerability walkthroughs, and DevSecOps tooling breakdowns. Hands-on practice documented in depth, focused on what actually translates into engineering work.

view all posts →

Let's Talk

Actively looking for AppSec and security engineering opportunities. Remote-first, with relocation open to discussion depending on the role and package. Also open to collaborations on security research and vulnerability assessments.