reach me →
shiki = {
"role": "Web Application Security Engineer @ Exfil Security (US · Remote)",
"focus": ["Web & API Pentesting", "AI-Powered Systems", "Full-Stack Dev"],
"origin": "Colombia 🇨🇴",
"mindset": "I know how it's built. That's why I know how it breaks.",
"off-duty": ["Anime", "Medieval fantasy", "Gacha Gaming"],
"crafts": ["Clean UIs that actually feel good to use", "Systems that scale", "Code that doesn't embarrass me"],
}I'm a security engineer with a developer's brain — and a designer's eye. Before moving into AppSec, I designed and shipped full-stack cloud-native applications end-to-end: architecture, backend, frontend, AWS deployment, the whole thing. That background is what makes my pentesting different: I don't just find the cracks, I understand exactly why they exist.
Currently performing enterprise web application security assessments — testing authentication flows, authorization logic, complex API chains, and cloud-native architectures across modern web stacks.
When I'm not breaking things, I'm building them. AI-powered systems, 3D web experiences, polished UIs. I care about how things look and feel as much as how they work.
🔐 Security
Core tooling
Web application & API pentesting · Authentication & authorization bypass · Business logic testing · Vulnerability chaining · Manual request manipulation · Thick-client testing (training) · Developer-friendly report writing · Syft/Grype (SBOM/CVE scanning) · Prompt injection & jailbreak detection
💻 Languages
⚙️ Backend
🎨 Frontend
Also using
React Three Fiber · shadcn/ui · HeroUI
🗄️ Databases
Also using
☁️ Cloud & Infrastructure
Also using
ECS/Fargate · EKS · EC2 · S3 · Lambda · CloudWatch · IAM · VPC · EMR · KMS · Cloud Run · Cloud Build · Cloud Storage
🧠 AI & ML
Also using
LangGraph · LlamaIndex · Pinecone · RAG pipelines · LSTM networks · SARIMAX · Fuzzy logic (skfuzzy) · Presidio
📊 Observability
Also using
Loki · structlog
📡 Networking & Protocols
TCP/IP · MQTT · Berkeley Sockets API · RIPv2 · OSPF · PAT/NAT · VLSM · Cisco Packet Tracer
🛠️ DevOps & CI/CD
Docker Compose
🔧 Dev Tools
Also using
🔒 Sentinel — Vulnerability Scanning Platform
A security-focused scanning platform built to detect and surface web application vulnerabilities. Designed with an AppSec-first mindset after hands-on pentesting experience with real enterprise targets.
Tech Stack: Python FastAPI Security Tooling
⚔️ DnD-AI — AI Dungeon Master (Premios Inventiva Winner!)
Over 10 million D&D sessions fail to happen each year because there's no Dungeon Master. DnD-AI replaces the DM with an AI that generates the story, enemies, and map in real time.
- 🗺️ Real-time map visualization
- 🎨 AI-generated scene imagery (OpenAI / HuggingFace)
- 🧠 Natural language action interpretation via Google Gemini
- ⚔️ Full game loop: characters, combat, inventory, campaigns
Tech Stack: Django Python Gemini API OpenAI API LangChain
🏗️ Poneglyph Reduce — Distributed MapReduce System
A Hadoop/Spark-inspired MapReduce system built from scratch across three heterogeneous languages. One Piece-themed architecture: Road-Poneglyph (Master · Java), Poneglyph (Workers · C++), Clover (Client · Python).
- 📡 gRPC for Master ↔ Worker communication
- 🔀 Full shuffle/partition pipeline with hash-based key routing
- 📊 Real-time React dashboard with MQTT telemetry
- 🔧 Fault tolerance: task timeouts, worker heartbeats, automatic re-queuing
- 💾 Redis state persistence
- 🐳 Full Docker Compose cluster
Tech Stack: Java C++ Python React TypeScript gRPC MQTT Redis Docker
🌍 3D Real Estate Platform
Immersive real estate exploration using 3D environments. Users can navigate and interact with properties through a rich visual experience, built with Three.js and Next.js.
Tech Stack: Three.js Next.js React GSAP
📰 Fake News Detection Pipeline
Distributed real-time fake news classification using streaming data infrastructure. Ingests articles via Kafka, processes with Spark, and indexes results into OpenSearch.
Tech Stack: Apache Kafka Apache Spark OpenSearch Python MLOps
🤖 More Projects
| Project | Stack | Description |
|---|---|---|
| AI Travel Planner | Python · FastAPI · LLM | AI-powered itinerary generation |
| Parking Forecasting | skforecast · GitHub Actions | Time-series demand prediction with CI/CD |
| MLOps Iris Pipeline | FastAPI · GCP · sklearn | End-to-end ML pipeline on Google Cloud |
| E-commerce (Moto Detailing) | NestJS · Next.js · PlaceToPay | Full store with payment gateway |
| BIM Project Management | Full-Stack | System for electrical engineering firms |
| MQTT Broker from Scratch | C | Custom protocol implementation |
| WhatsApp/Messenger Chatbots | Python · APIs | Automated customer conversation flows |
| sebastian-salazar-osorio | |
| sebasalazaro@gmail.com | |
| 🌎 Location | Colombia · Open to Remote |
"Security is about understanding systems — sometimes you need to explore the dungeon to find the flaw in the castle walls."