Security Engineer with 11 years of experience based in Zurich, Switzerland, focused on building and hardening backend systems for network security tooling. An active open-source contributor to Google's well-regarded Tsunami security scanner, they’ve improved core engine extensibility, added dynamic plugin support, and tightened test reliability by fixing race conditions and enhancing SSL and HTTP handling. Comfortable working at the intersection of development and security, they translate deep technical issues—like accurate web service detection and plugin execution timing—into practical improvements that increase scanner accuracy and observability. Known for pragmatic engineering that balances feature delivery with secure, auditable behavior, they bring a steady track record of advancing complex security scanners used in real-world assessments.
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
Role in this project:
Back-end Developer & Security Engineer
Contributions:4 releases, 3 reviews, 3 PRs in 1 year 4 months
Contributions summary:tooryx primarily contributed to enhancing the core functionality and security of the Tsunami security scanner. They addressed race conditions in the `HttpClientModule` tests and added features related to SSL version support and HTTP method tracking within the network service proto. Moreover, the user refined the logic for determining if a service is a web service and modified the scanning workflow to correctly reflect host status. They also added a feature to log the execution time of the plugins and extended the core engine of Tsunami to support dynamic plugins.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.