Summary
Rhea Santos is a software engineer with eight years of hands-on experience specializing in web and cloud application security, currently focused on transitioning into Web App Security roles. She has conducted independent and team-based penetration tests across AWS and serverless environments, performed DAST/SAST/SCA assessments, and evaluated configurations for web apps, mobile, and emerging AI/ML services. At Hyland and DirectDefense she built security programs—creating a Security Champions initiative, improving tooling and documentation, and driving remediation with development teams. Rhea combines practical offensive testing (Burp Suite, manual OWASP techniques, phishing/OSINT) with DevSecOps integration and threat modeling to push security earlier in the SDLC. Unusually for someone with her profile, she also has built bespoke tooling such as a Python webcrawler for CVE discovery and has led local cybersecurity community events as a chapter president. Based in Florida, she holds bachelor’s and master’s degrees in cybersecurity and maintains active interest in both software development and bug-bounty style research.
8 years of coding experience
5 years of employment as a software developer
Networking Specialist, Networking Specialist at Southern Crescent Technical College
Certificate of Completion Bug Bounty, Certificate of Completion Bug Bounty at XSS RAT Bug Bounty Bootcamp
CyberSecurity Cybersecurity, CyberSecurity Cybersecurity at Western Governors University
Master's degree Cybersecurity, Master's degree Cybersecurity at American Public University