Independent Security Researcher & Bug Bounty Hunter
Self-employed | Remote
2022 - Present
- Conduct independent vulnerability research across public and private disclosure programs, with reported findings spanning web applications, APIs, open-source packages, and multi-tenant SaaS platforms.
- Published three CVEs covering cross-site request forgery, stale authorization state, and cross-organization broken access control; two findings received High severity ratings.
- Discovered authentication and authorization weaknesses in Descope projects, including account-takeover risk, cross-project JWKS cache confusion, unverified-email migration, and sensitive logging issues.
- Earned recognition from 10+ public Hall of Fame and responsible-disclosure programs, including Check Point, Mercedes-Benz, SURF, Achmea, BASF, IBD, and movieXchange.
- Create clear reproduction steps, impact demonstrations, root-cause analysis, remediation guidance, and follow-up verification for engineering and security teams.