Cosmin Cojocar is a senior software engineer specializing in cloud and application security, currently building secure systems at Google with over 11 years of experience in distributed systems and DevOps. He blends hands-on engineering in Go, Python and C/C++ with technical leadership, contributing production-grade fixes and features to projects like cert-manager, bank-vaults and the Kubernetes Security Profiles Operator. As maintainer of gosec (the Go security checker) and an active contributor to Jenkins X and Dex, he focuses on improving CI/CD pipelines, secure defaults and automated testing for cloud-native platforms. His work often targets subtle operational gaps—uninstall cleanup, BDD test coverage, seccomp/profile recording and Vault operational robustness—helping reduce real-world risk in Kubernetes environments. Based in Zurich, he pairs academic grounding (ETHZ CAS, M.Sc.) with a pragmatic open-source ethos, shipping both tools and process improvements that make secure deployments repeatable. Colleagues value him for bridging security tooling and platform reliability so teams can ship faster without sacrificing safety.
11 years of coding experience
Certificate of Advanced Studies, Certificate of Advanced Studies at Eidgenössische Technische Hochschule Zürich
Master of Science (M.Sc.), Master of Science (M.Sc.) at Transilvania University
Contributions:6 releases, 370 reviews, 262 commits in 4 years 11 months
Contributions summary:Cosmin's contributions primarily focused on improving the security posture of the Go project. They addressed vulnerabilities by adding features such as error checking whitelists, and a rule to detect pprof endpoint exposure. They also implemented rules to detect the use of weak cryptography and the use of insecure TLS settings. Furthermore, the user refactored tests and updated dependencies to maintain a high standard of code quality and security.
Contributions:263 reviews, 198 commits, 81 PRs in 10 months
Contributions summary:Cosmin primarily contributed to the Kubernetes Security Profiles Operator, focusing on bug fixes, and feature enhancements. They addressed issues related to seccomp profiles and the pod lifecycle, ensuring proper profile retrieval and controller readiness. Furthermore, the user implemented features related to profile recording, introducing the ability to define specific containers for seccomp profile recording. They also made improvements to the operator's stability by fixing lint warnings and adding tests.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.