4. Security & Compliance

Triage tool for prioritizing JavaScript/TypeScript security findings during the plan-finalize phase of security assessments.

Automates security finding triage for marketplace plugins during plan-finalize phase to prioritize vulnerabilities.

Analyzes codebases for security vulnerabilities, structural issues, performance, and stability to generate quality reports and identify architectural problems.

Audits code for security hardening, emphasizing abuse prevention, API protection, business logic security, and input validation to mitigate real-world attack vectors.

Ensures secure webhook handling for payment processing and subscription events, mitigating common security risks.

Enables secure execution of tools and multi-step workflows with proper import handling for safe operation.

Automates security checks: detects hardcoded secrets (40+ patterns), validates OWASP Top 10, and scans for SQLi/XSS vulnerabilities.

Provides comprehensive Amazon Bedrock Guardrails implementation for AI safety, including content moderation, PII redaction, and compliance enforcement to secure generative AI applications.

Enables secure command execution via allowlists and validation hooks for bash commands, security policies, and agent sandboxing.

Creates or manages a new security or compliance rule within policy enforcement systems.

Performs comprehensive WCAG 2.1 AA compliance audits covering color contrast, keyboard navigation, screen reader compatibility, and semantic HTML.

Provides guidance for securing Kubernetes clusters using network policies, RBAC, pod security standards, and OPA Gatekeeper.

Specialized guide for building Dr. Sophia AI medical skills with FHIR/EHR integration, HIPAA compliance validation, and Railway deployment patterns.

Scans codebases for vulnerabilities, secrets, and OWASP compliance issues to enhance security posture.

Provides secure authentication features including user registration, login, password hashing, JWT token management, and Better Auth integration.

Defines agent boundaries and enforces guardrails, access control, and compliance rules for Amazon Bedrock Agents via Cedar policy language at the Gateway level.

Performs comprehensive security reviews of Active Directory environments, including privileged group configurations, authentication policies, and attack surface analysis.

Expert in WCAG 2.2 AA compliance, delivering audits, automated testing, screen reader validation, and remediation for accessible web content.

Secures Windows PowerShell environments by implementing hardening measures, enforcing least privilege, and aligning with enterprise security baselines.

Conducts ethical hacking, vulnerability assessments, and offensive security testing across web, network, and cloud environments to identify and mitigate security risks.

Specializes in auditing systems for compliance with major regulatory frameworks including SOC2, HIPAA, and GDPR across various industries.

Enables security incident response with evidence collection, forensic analysis, and coordinated management for breaches and outages.

Scans container images and runtime environments for known vulnerabilities (CVEs) and security policy violations to enhance container security.

Conducts security audits covering OWASP Top 10, dependency vulnerabilities, secret exposure, and CVEs to identify and mitigate risks.