Michael Stepankin

Staff Security Engineer at Google

London, England, Switzerland
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Michael Stepankin is a Staff Security Engineer with seven years of focused experience in application and research-driven security across industry leaders. He has advanced from application security roles at JPMorgan Chase to principal and research positions at Veracode, PortSwigger, GitHub, and now Google, blending offensive research with product-oriented defenses. Michael specializes in translating deep vulnerability research into practical mitigation strategies and secure development practices for large-scale platforms. Based in London with ties to Switzerland, he brings a global perspective to threat modeling and red-team-style discovery in complex enterprise environments. Notably, his career path shows a consistent shift from consultancy-style testing to embedding security within developer workflows and platform teams. He holds a bachelor’s in Computer and Information Systems Security from Bauman MSTU and is known for bridging technical rigor with actionable engineering outcomes.
code7 years of coding experience
job9 years of employment as a software developer
bookBachelor's degree, Computer and Information Systems Security/Information Assurance, Bachelor's degree, Computer and Information Systems Security/Information Assurance at Bauman Moscow State Technical University
languagesEnglish, Russian
github-logo-circle

Github Skills (68)

gadget10
jndi10
poc10
injection10
unsafe9
solr9
authentication9
security9
oauth9
cve9
vulnerability9
java9
exploit9
active-directory8
deserialization8

Programming languages (4)

JavaCPHPHTML

Github contributions (5)

github-logo-circle
Apache Solr Injection Research
Contributions:11 commits, 1 PR, 14 pushes in 5 months
solrinjectionapachebig-dataapache-solr
veracode-research/rogue-jndi

Nov 2019 - Sep 2020

A malicious LDAP server for JNDI injection attacks
Contributions:6 commits, 3 PRs, 3 pushes in 10 months
jndiinjectionsecuritymaliciousldap
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Michael Stepankin - Staff Security Engineer at Google