Back to Skills

DevSecOps

Securing applications, infrastructure, and game pipelines — from cryptographic key management to anti-tamper systems.

Application Security

OWASP Top 10 threat modeling and secure code review across Web3 backends (Golang, Node.js) and game clients (C#, Unity)
Penetration testing methodology covering API endpoints, smart contracts, and client-side attack surface
SAST/DAST integration into CI/CD (Semgrep, Trivy, SonarQube) for automated vulnerability detection
Dependency scanning (Dependabot, Renovate) with automated PRs for critical CVEs
Secrets management (AWS Secrets Manager, Vault, GitHub Secrets) with rotation policies and access audit trails

Game Security

Anti-cheat and anti-tampering systems for multiplayer games (memory protection, integrity verification, speed-hack detection)
Reverse-engineering prevention: control flow obfuscation, string encryption, symbol stripping for Unity (Mono/IL2CPP) assemblies
Asset bundle protection: AES-256 encryption, HMAC signing, signed URL delivery with expiration policies
Client integrity: jailbreak/root detection, debugger detection, code hooking prevention, certificate pinning
Secure progression storage with server-authoritative state validation and anomaly detection

Cryptography & Key Management

Cryptographic key hierarchy design: hot/cold wallet separation, quorum-based signing for high-value transactions
Key storage: AWS KMS, Secrets Manager, hardware-backed keystores, envelope encryption patterns
HSM integration and software fallback with audited key rotation policies
Transaction security: pre-flight simulation, replay protection, rate-limited RPC endpoints with request signing

Cloud Security (AWS)

IAM: least-privilege policy design, permission boundaries, role-based access across multi-account organizations
Container security (ECS/EKS): security groups, pod security policies, encrypted task definitions, image scanning in ECR
Network security: VPC isolation, private subnets, security group micro-segmentation, NAT gateway architecture
Monitoring & compliance: CloudTrail, Config rules, GuardDuty, Security Hub, automated incident response
Infrastructure as Code security: Terraform state locking, policy-as-code (Sentinel/OPA), drift detection

CI/CD Security

Secure pipeline design: branch protection, required reviews, signed commits, gated approvals for production
Build-time security scanning: dependency vulnerabilities, secret leakage prevention, container image scanning
Artifact signing and provenance attestation for deployable artifacts
Deployment security: canary releases, rollback automation, post-deployment validation

Tools & Technologies

Static Analysis: Semgrep, SonarQube, Trivy, Checkov
Secrets: AWS Secrets Manager, HashiCorp Vault, GitHub Secrets
Cloud Security: AWS IAM, GuardDuty, Security Hub, Config, CloudTrail
Obfuscation: Unity IL2CPP, ConfuserEx, Beebyte
Blockchain Security: Slither, Echidna, Mythril, go-ethereum
Compliance: COPPA, GDPR-K, SOC 2 knowledge