4. Security & Compliance

Provides secure coding practices to prevent vulnerabilities, manage secrets, and conduct security reviews.

Guides effective configuration of Claude Code permissions for security policies, including allow/deny patterns, sandboxing, and settings.json setup.

Validates code changes against governance constraints, CALM compliance, and architecture boundaries using spec-guard and flow-lint to enforce SEA™ governance rules before PR submission.

Designs system and security architecture, including diagrams, technology selection, and security considerations.

Runs security review workflows including security assessments and data privacy compliance checks via dedicated review and audit tools.

Provides security patterns for loading and running third-party widgets in the 3SC host, covering sandboxing, permissions, code signing, and trust levels.

Provides security patterns for 3SC widget host, covering credential storage, input validation, and user data protection.

Models security layers for documentation robotics systems, ensuring compliance and secure architecture.

Expert security layer modeling for Documentation Robotics, ensuring robust security architecture design and implementation.

Generates structured threat reports with MITRE ATT&CK mappings, detection logic, and professional security documentation for cybersecurity analysis.

Enables behavioral threat hunting and detection in Google SecOps using YARAL, creating custom detections without magic strings or IOC lists.

Expert in crafting KQL queries for threat hunting, security investigations, and detection rule development within Microsoft security platforms like MDE and Sentinel.

Guides security assessments and system hardening with principles for prioritizing vulnerabilities and enhancing system security.

Performs security audits on Rust and WebAssembly applications, identifying vulnerabilities and ensuring compliance with OWASP and Rust security best practices.

Automates secure secret management by detecting plaintext secrets, converting environment files, and injecting secrets via 1Password CLI for enhanced security compliance.

Manages Hostinger VPS security via Fail2ban configuration, WordPress security audits, and infrastructure hardening assessments.

Automates requirements traceability matrix creation and gap analysis to ensure compliance with regulatory standards.

Reviews and scores FastMCP MCP server quality for auditing, improvement, and directory publishing readiness.

Audits Notion databases for compliance, calculating conformity percentage and identifying orphaned pages to support migration planning.

Conducts comprehensive quality audits on SEMO packages, ensuring standard compliance, detecting inefficiencies, and supporting regular audit cycles.

Manages remote access requests with security controls: status verification, pending request reviews, and manual permission approvals or rejections.

Validates SEMO package structure and Sub-Agent optimization rules for compliance, consistency, and quality gate before versioning.

Automates governance, compliance, and security policies for infrastructure and Kubernetes using OPA, Kyverno, and Checkov.

Automates Linux intrusion investigation via SSH-guided system analysis, threat intelligence lookup, and WHOIS queries for rapid security incident response.