Lorenzo Gallegos is a Staff Software Engineer focused on product and application security with 11+ years of experience blending hands-on backend development, secure SDLC practices, and engineering leadership. He’s driven DevSecOps and CI/CD security initiatives across startups and consultancies, integrating SAST/SCA, secrets detection, IaC and container scanning into production pipelines. At Mattermost he contributed to the core open-source collaboration platform—refactoring server-side code and hardening mailing, permissions, and pipeline automation—while running bug bounty, Security Champions, and training programs. Previously he scaled engineering teams, led security audits and penetration tests, and taught software engineering at Colorado School of Mines, demonstrating a commitment to mentorship and developer enablement. Lorenzo holds advanced degrees in cyber defense and computer science and pairs practical cloud security work (AWS controls, WAF, GuardDuty, KMS) with a knack for translating security research into developer-facing tooling.
10 years of coding experience
11 years of employment as a software developer
Bachelor of Science - BS, Computer Science, Bachelor of Science - BS, Computer Science at Colorado School of Mines
Master of Science - MS, Cyber Defense, Master of Science - MS, Cyber Defense at Dakota State University
Mattermost is an open source platform for secure collaboration across the entire software development lifecycle..
Role in this project:
Back-end Developer
Contributions:96 reviews, 44 PRs, 49 pushes in 10 months
Contributions summary:Lorenzo primarily contributes to back-end development within the Mattermost project, as evidenced by their changes to server-side code. They focus on refactoring existing code to improve efficiency and maintainability, as demonstrated by the removal of unused constants and the migration to HTTP verb constants. Furthermore, the user modifies code related to mailing and permissions, indicating involvement in crucial platform functionalities. These changes suggest a focus on core platform functionality, performance improvements, and security within the Mattermost ecosystem.
Script to audit GitHub Action Workflow files for potential vulnerabilities.
Contributions:5 reviews, 1 PR, 5 comments in 1 year 9 months
sarifsecurity-toolsbugbountysecurityaudit
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.