Skip to content

Security & AppSec Engineer

Securing the software supply chain

I build real security tooling — from supply-chain defense to threat detection — backed by tests, CI, and strict typing.

About

Johan David Rodriguez Castro
Bucaramanga, Santander, Colombia (remote-ready)

Security & AppSec Engineer | Supply-Chain Security & Threat Detection

Advanced Systems & Software Engineering student (UPB, 7th semester), early-career — I ship real tools.

I'm a 7th-semester Systems & Software Engineering student at UPB (Bucaramanga) who operates at an engineering level rather than a findings level. I build production-grade security tools with tests, CI pipelines, and strict typing — not just reports. My flagship project, SlopGuard, addresses slopsquatting: the emerging attack surface where LLMs suggest non-existent package names and attackers pre-register them with malicious code. The tool runs a 5-layer detection engine with zero runtime dependencies, covering PyPI and npm, with CLI, pre-commit, GitHub Action and self-hostable SaaS frontends. I also have hands-on experience with mobile app hardening, TOTP 2FA, secure storage, and real-time network monitoring. Verified C2 English (EF SET 80/100). Available for remote collaboration.

Let's work together

I'm open to security & engineering roles, remote-first. Tell me what you're building.

Get in touch