Senior Application Security & Red Team Engineer Istanbul, Turkey · hackwith.me · linkedin.com/in/adilburaksen
OSCP+ certified Application Security & Red Team Engineer with 8+ years across banking, telecom, aviation, insurance, and e-commerce. Bugcrowd Top 100 (2018) with 400+ reports submitted, 150+ validated. Hands-on across penetration testing, API security, threat modeling, secure SDLC, DevSecOps automation, and AI/LLM security.
Open to Senior AppSec / Penetration Tester roles — Europe, UK, Remote.
Most recently at Abu Dhabi Commercial Bank (ADCB), leading application security and red team engagements for cloud-native financial services.
CVE-2026-31974 — SSRF in OpenProject. Coordinated disclosure; fix merged upstream in v17.2.0.
CVE-2025-25257-Exploit-Tool — Public exploit tool for pre-auth SQL injection in Fortinet FortiWeb (CVSS 9.8).
AI-Powered Bug Hunting Framework — Multi-LLM orchestration pipeline: recon → vulnerability analysis → PoC generation across web, API, and mobile targets. Active in live bug bounty programs.
AI-Assisted Cryptographic Research (Bugcrowd Managed Program, 2026) — LLM-augmented audit of a production C++ MPC cryptography library; identified EdDSA nonce reuse (P1/Critical) enabling private key-share recovery.
- Application Security (Web / API / Mobile)
- Penetration Testing & Adversary Simulation
- Threat Modeling & Secure SDLC
- DevSecOps & CI/CD Security Automation
- AI/LLM Security (prompt injection, agentic systems, OWASP LLM Top 10)
- Cloud & Container Security (AWS, Azure, GCP)
| Certification | Issuer | Year |
|---|---|---|
| eWPTx (Web Application Penetration Tester eXtreme) | INE | 2026 |
| eMAPT (Mobile Application Penetration Tester) | INE | 2026 |
| CASP (Certified API Security Professional) | Practical DevSecOps | 2026 |
| OSCP+ / OSCP | OffSec | 2025 |
| CDP (Certified DevSecOps Professional) | Practical DevSecOps | 2024 |
| CEH Master | EC-Council | 2023 |
| ISO 27001 Lead Auditor | NTSS | 2022 |
Offensive: Burp Suite Pro, Metasploit, BloodHound, CrackMapExec, Impacket, Rubeus, Responder SAST/SCA: Fortify SSC, SonarQube, Coverity, Nexus IQ, Snyk DAST: Burp Suite, Invicti, BrightSec, WebInspect DevSecOps: Jenkins, GitLab CI, GitHub Actions, Docker, Kubernetes, Terraform Cloud: AWS (GuardDuty, Security Hub, WAF, IAM, ECS/Fargate), Azure, GCP Languages: Python, Bash, JavaScript/TypeScript, PowerShell, Java, C#, C/C++
Bugcrowd Top 100 (2018) · 400+ reports submitted, 150+ validated · Active across Bugcrowd, YesWeHack, Immunefi, Intigriti, and Synack Red Team.
CTF: HackTheBox, TryHackMe, PentesterLab.
📧 adilburaksen@proton.me 🌐 hackwith.me 💼 linkedin.com/in/adilburaksen