I’m a security engineer with a strong focus on offensive security and application security, working closely with engineering teams to identify real attack paths and reduce risk in production systems.
My background spans backend development, red team operations, and AppSec engineering, which allows me to approach security problems with an engineering mindset. I care not only about finding vulnerabilities, but about understanding why they exist and how to fix them in a way that scales.
What I Do
In my day-to-day work, I focus on:
- Offensive security and penetration testing of web, API, and mobile applications
- Application security and secure code review
- Threat modeling and security architecture discussions
- CI/CD, cloud, and container security
- Security automation and tooling
I’m most effective in environments where security is treated as an engineering problem, not a compliance checkbox.
Certifications
I hold certifications that emphasize hands-on technical skills and real-world scenarios:
- CAPen - Certified AppSec Pentester
- eWPTXv2 – Web Application Penetration Tester eXtreme
- C-AI/ML Pentester - Certified AI/Machine Learning Pentester
- eMAPT – Mobile Application Penetration Tester
- eJPT – Junior Penetration Tester
- DCPT – Desec Certified Penetration Tester
Security Assessments & Contact
If you’re interested in a security assessment, penetration test, or application security review, feel free to get in touch.
✉️ [email protected] 🔗 https://www.linkedin.com/in/felipe-melchior