Michael Stepankin is a Staff Security Engineer with seven years of focused experience in application and research-driven security across industry leaders. He has advanced from application security roles at JPMorgan Chase to principal and research positions at Veracode, PortSwigger, GitHub, and now Google, blending offensive research with product-oriented defenses. Michael specializes in translating deep vulnerability research into practical mitigation strategies and secure development practices for large-scale platforms. Based in London with ties to Switzerland, he brings a global perspective to threat modeling and red-team-style discovery in complex enterprise environments. Notably, his career path shows a consistent shift from consultancy-style testing to embedding security within developer workflows and platform teams. He holds a bachelor’s in Computer and Information Systems Security from Bauman MSTU and is known for bridging technical rigor with actionable engineering outcomes.
7 years of coding experience
9 years of employment as a software developer
Bachelor's degree, Computer and Information Systems Security/Information Assurance, Bachelor's degree, Computer and Information Systems Security/Information Assurance at Bauman Moscow State Technical University
A malicious LDAP server for JNDI injection attacks
Contributions:6 commits, 3 PRs, 3 pushes in 10 months
jndiinjectionsecuritymaliciousldap
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Michael Stepankin - Staff Security Engineer at Google