Daniel Carlier is an Offensive Security Engineer with 8 years of experience building developer-centric application security at scale, from Globo.com to QuintoAndar and now at Casco (YC X25). He designs and implements secure systems—authoring Security CI/CD pipelines, leading OIDC migrations, and building a distributed vulnerability management platform that cut vulnerability stale time by 51%. Technically fluent in Go and AWS, he contributed backend work to globocom/huskyCI (security tests in CI) and hardened OWASP-top10 demo apps, demonstrating practical, tool-focused expertise. Comfortable embedding security into product teams, he blends penetration testing and automation to shift left security practices while mentoring peers. Based in Rio de Janeiro, he pairs operational reliability experience from early network and server roles with a knack for turning security insights into usable developer workflows.
7 years of coding experience
5 years of employment as a software developer
Bacharelado em Engenharia, Computer Engineering, Bacharelado em Engenharia, Computer Engineering at Ibmec
A laboratory for learning secure web and mobile development in a practical manner.
Role in this project:
Back-end Developer
Contributions:24 reviews, 263 commits, 164 PRs in 1 year 10 months
Contributions summary:Daniel implemented several changes in the `owasp-top10-2017-apps` repository, specifically focusing on vulnerabilities in different applications. The commits show the user working on the OWASP Top 10, addressing security flaws in the applications by adding new folders, adding HTML files and fixing website problems. These changes include modifications to database connection files, suggesting a focus on back-end security and application functionality.
Contributions:5 releases, 5 reviews, 157 commits in 2 years
Contributions summary:Daniel primarily focused on backend development tasks, contributing to the core functionalities of the HuskyCI platform. The commits demonstrate work on the server-side logic, including implementing security test integrations (RetireJS, Bandit, Brakeman, Gosec, and Safety) and adjusting configurations for these tests. They also made changes to the API and the processing of security test outputs, reflecting a focus on the core functionality and integration aspects of the project.
pythonsastcontinuous-integrationsafetygitlab-ci
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Daniel Carlier - Offensive Security Engineer at Casco (YC X25)