4. Security & Compliance

Provides expert reviews from a single specialist role (e.g., Security, Performance) on specific targets like code or components.

Enables secure API authentication using JWT, OAuth 2.0, API keys, and session management to protect endpoints.

Configures critical HTTP security headers (CSP, HSTS, X-Frame-Options) to protect web applications from common attacks like XSS and clickjacking.

Conducts comprehensive security compliance audits against SOC 2, GDPR, HIPAA, PCI-DSS, and ISO 27001 for certification and validation.

Automates vulnerability detection using OWASP tools and CVE databases for security audits and compliance checks.

Generates security policies, compliance documentation, and security best practices guidelines for organizational standards.

Configures cloud security settings across AWS, Azure, and GCP with IAM, encryption, and compliance.

Performs security vulnerability scanning using SAST, DAST, and dependency analysis to detect OWASP top risks including SQLi and XSS.

Ensures web applications meet WCAG 2.1/2.2 standards for accessibility, including screen reader support and keyboard navigation, to achieve regulatory compliance.

Enables implementation of Zero Trust security principles including identity verification, microsegmentation, and least privilege access for cloud-native applications.

Secures REST APIs through authentication, rate limiting, CORS configuration, and input validation to prevent common vulnerabilities.

Provides secure implementation of OAuth 2.0, OIDC, JWT, and SSO authentication for web and mobile applications.

Creates and executes incident response plans for security breaches, data leaks, and cyber attacks, including forensic analysis.

Enables comprehensive security audit logging for compliance, forensics, and SIEM integration, building robust audit trails and security monitoring systems.

Performs ethical hacking to assess application security, identify exploitable vulnerabilities, and validate security posture using penetration testing tools and frameworks.

Prevents SQL injection vulnerabilities in database-driven applications through parameterized queries and input validation.

Manages secure storage and rotation of credentials using HashiCorp Vault, AWS Secrets Manager, or Kubernetes Secrets.

Tests web applications for WCAG compliance and ensures usability for users with disabilities through accessibility validation.

Prevents Cross-Site Scripting (XSS) attacks in web applications via input sanitization, output encoding, and Content Security Policy (CSP) configuration.

Automates rotation of API keys, credentials, certificates, and encryption keys for security compliance and lifecycle management.

Provides Role-Based Access Control (RBAC) implementation for secure permissions management and authorization policies in applications.

Provides strong encryption for data security using AES, RSA, and TLS with proper key management, securing data at rest and in transit.

Provides secure implementation of CSRF protection for web forms and state-changing operations using tokens, SameSite cookies, and origin validation.

Enables UART console interaction with IoT devices using picocom for security pentesting, including vulnerability discovery and root shell acquisition.