Skip to content
View Niki-1337's full-sized avatar
1 follower · 4 following
  • @NKStudio.IT

Achievements

Achievement: Pull Shark

Achievements

Achievement: Pull Shark

Block or report Niki-1337

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Niki-1337/README.md

Nikolay Kuziev

Application Security / DevSecOps Engineer
Secure SDLC | CI/CD Security | AppSec Automation | Kubernetes & Container Security

I build practical security workflows for engineering teams: secure release processes, CI/CD security gates, vulnerability management, application security testing, dependency risk tracking and developer-facing security automation.

My background started in software engineering and moved through backend, DevOps, AppSec and DevSecOps. That helps me work close to code, delivery pipelines and production constraints instead of treating security as a separate checklist.

Focus Areas

  • Secure SDLC and CI/CD security for enterprise and product environments
  • SAST, DAST, SCA, SBOM, secrets scanning and container security
  • Application and API security, secure code review, OWASP Top 10, auth/authz, JWT/session risks
  • Vulnerability triage, false-positive reduction and remediation coordination
  • Kubernetes security visibility, Helm/IaC checks and container vulnerability management
  • Developer enablement, security documentation and practical security automation

Impact

  • Built secure SDLC and DevSecOps workflows across 300+ services and applications
  • Triaged and coordinated remediation for 1,500+ validated security findings
  • Supported remediation of 20+ confirmed critical production vulnerabilities
  • Delivered security enablement sessions for engineering teams
  • Worked across banking, fintech, crypto and product engineering environments

Technical Stack

Security & AppSec: SonarQube, Burp Suite Enterprise, OWASP ZAP, Dependency-Check, CycloneDX, Gitleaks, Trivy, DefectDojo, Dependency-Track, Semgrep, Snyk, Nuclei
DevSecOps & Platform: GitLab CI, Docker, Kubernetes, Helm, RBAC, NetworkPolicy, Pod Security, Trivy Operator, Cosign, Harbor, Nexus, GitLab Container Registry
IaC, Monitoring & SIEM: Terraform, Ansible, Checkov, tfsec, Terrascan, ELK, Wazuh, Grafana, Prometheus, Loki, Falco
Engineering: JavaScript, TypeScript, Node.js, NestJS, React, Express.js, Java/Maven, Go, PHP, Python, Bash, REST APIs

Public Projects

  • Secure Build Gradle Plugin - open-source Gradle convention plugin for developer-friendly SCA, SonarQube and CycloneDX SBOM workflows.
  • Secure Build Maven Extension - open-source Maven core extension for reusable security build logic, local checks and CI/CD-ready reports.

Current Direction

I am focused on building stronger public work around:

  • LLM security and sensitive data protection
  • Developer-friendly AppSec automation
  • Kubernetes and supply-chain security labs
  • Secure SDLC patterns for teams that ship fast but still need control

Most production and client work is private or covered by internal constraints, so this profile is intentionally focused on public signal, selected labs and security writing.

Contact

Email: kuzievkola.apple@gmail.com
Location: Tashkent, Uzbekistan
Open to remote roles, relocation and visa sponsorship.

Popular repositories Loading

  1. secure-build-maven-extension secure-build-maven-extension Public

    Maven core extension for Java AppSec and DevSecOps build checks

    Java 1

  2. secure-build-gradle-plugin secure-build-gradle-plugin Public

    Gradle convention plugin for Java AppSec and DevSecOps build checks

    Groovy 1

  3. Niki-1337 Niki-1337 Public

    Application Security / DevSecOps profile