4. Security & Compliance

Provides comprehensive Entra ID user security analysis including sign-in anomalies, MFA status, and security incidents with automated HTML reporting.

Investigates Conditional Access policy changes and sign-in failures (error codes 53000, 50074, 530032) for forensic analysis of policy modifications and potential bypasses.

Specializes in security audits for Heavy Helms using Slither and Aderyn, analyzing code for vulnerabilities and providing actionable fixes.

Provides Drupal security patterns covering OWASP Top 10, authentication, access control, and injection prevention best practices.

Provides application security expertise for vulnerability detection, code auditing, and secure development practices aligned with OWASP Top 10 standards.

Automates drafting of regulatory documents (e.g., FDA CTD) with citation management and audit trails for compliance.

Drafts healthcare regulatory documents to ensure compliance with standards such as HIPAA.

Designs and implements secure authentication systems including JWT, OAuth, and role-based access control with password security and token management.

Provides implementation of security best practices for web applications and infrastructure, addressing OWASP Top 10 vulnerabilities and security policies.

Drafts regulatory documents (FDA, EMA) with audit trails and Thinking Block reasoning for high-stakes compliance.

Automates legal compliance review of code by orchestrating parallel lawyer agents to generate a unified legal brief.

Documents security and compliance risks for changes affecting authentication, data, and database migrations, including testing, monitoring, and rollback strategies.

Conducts comprehensive manual code audits to evaluate security, logic, completeness, and quality in critical systems.

Provides comprehensive security engineering services including penetration testing, security architecture design, and compliance auditing.

Provides comprehensive security operations for vulnerability management, compliance checks, and secure development practices through scanning, assessment, and automation.

Provides comprehensive security incident response including detection, containment, investigation, and recovery with automated playbook execution.

Enables safe parallel execution of Codex subagents with configurable sandbox access levels to prevent unauthorized file system operations.

Conducts security threat modeling using STRIDE, ATT&CK, and Kill Chain frameworks to identify risks and develop mitigations.

Completes OAuth 2.0 login flows and securely stores tokens for session verification in browser-based authentication scenarios.

Performs a WCAG 2.1 AA-compliant accessibility audit on website changes to ensure regulatory compliance.

Automates binary analysis, decompilation, and reverse engineering tasks in IDA Pro using Python scripts for security research.

Provides a comprehensive security checklist for web applications covering OWASP Top 10, secrets detection, and security best practices to ensure secure code and data handling.

Generates portable security tokens for identity verification, capability management, and access control in digital systems.

Conducts security audits on code changes, providing vulnerability patterns and remediation guidance for authentication, input handling, and API endpoints.