José Chávez is a Security Software Engineer with 11 years of experience building secure, distributed systems and observability tooling, currently at Okta. He has deep hands-on expertise in Go and tracing technologies, contributing to flagship projects like Zipkin, OpenTelemetry, and the OWASP Coraza WAF where he fixed critical RBL leaks and improved testability. José blends a pragmatic engineering style—doing things right while keeping them simple—with a strong open-source ethos, co-leading Coraza and authoring tracing libraries used by Datadog and others. He regularly mentors, gives talks and workshops on distributed tracing, and leverages a lifelong passion for mathematics (he studies math at Universitat de Barcelona) to reason about complex systems. Colleagues describe him as collaborative and detail-oriented, with a knack for turning observability insights into practical security improvements.
11 years of coding experience
13 years of employment as a software developer
Systems Engineering, Systems Engineering at National University of Engineering
Mathematics, Mathematics at Universidad Nacional Mayor de San Marcos
Mathematics, Mathematics at Universitat de Barcelona
Contributions:16 releases, 12 reviews, 160 commits in 2 years 5 months
Contributions summary:José primarily focused on improving the Zipkin-js library by removing binary annotations for HTTP headers in spans and adding support for sampling flags extraction. They addressed several integration tests, modifying files related to express, restify, hapi and core zipkin functionalities. Furthermore, the user implemented a feature that added an error based on status code and added a flush method to the http reporter.
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
Role in this project:
Back-end Developer
Contributions:9 releases, 697 reviews, 112 commits in 9 months
Contributions summary:José primarily contributed to the `coraza` repository by addressing a critical security vulnerability related to RBL leaks. They fixed RBL leaks by implementing context-aware lookup, added a constant for timeout to improve code readability. Furthermore, they removed an unnecessary dependency and added support for DNS mocks and a mocking DNS server for testing purposes. Their work focused on improving the security and testability of the web application firewall library.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.