Aleksandr is available for hire
Hire AleksandrAleksandr Krasnov
Verified Expert in Engineering
Security Engineer and Developer
Vancouver, BC, Canada
Toptal member since February 22, 2024
Bio
Aleksandr Krasnov is a principal security engineer who bridges the gap between rapid development and ironclad defense. With a powerhouse background at Meta, Dropbox, and Palo Alto Networks, he specializes in scaling DevSecOps for complex ecosystems. By automating security within the CI/CD pipeline, Aleksandr ensures innovation never outpaces safety. For organizations seeking to harden infrastructure without sacrificing velocity, he offers the elite expertise needed to build a resilient future.
Portfolio
Meta
Application Security, Web Security, Infrastructure as Code (IaC)...
Thinkific
Python, Go, Amazon Web Services (AWS), Docker, Kubernetes, Application Security...
Dropbox
Python 3, Go, Application Security, Amazon Web Services (AWS)...
Experience
- Application Security - 10 years
- Dynamic Application Security Testing (DAST) - 10 years
- IT Security - 10 years
- Penetration Testing - 10 years
- Web Security - 10 years
- Static Application Security Testing (SAST) - 10 years
- Offensive Security - 10 years
- Mobile Security - 10 years
Preferred Environment
Web Security, Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Secure Containers, Secure Coding, IT Security, Security, Cybersecurity, Artificial Intelligence (AI), Active Directory (AD), Azure Active Directory, Terraform
The most amazing...
...feature was engineering a patented AI guardrail system that autonomously neutralized adversarial injections, securing LLMs while meeting global standards.
Work Experience
Principal Security Engineer
2023 - PRESENT
Meta
- Published a portfolio of strategic patents in AI security, authorization architecture, and system integrity, establishing intellectual property for advanced adversarial defense mechanisms (patents, defensive publications, research, etc.).
- Engineered novel security frameworks for large language models (LLMs), securing official patent approvals for real-time injection mitigation and guardrail standards.
- Executed over 200 comprehensive security assessments for high-stakes product launches, identifying and remediating critical vulnerabilities prior to production.
- Architected cross-functional security standards for product teams, reducing the average security-review-to-launch timeline while increasing baseline coverage.
Technologies: Application Security, Web Security, Infrastructure as Code (IaC), Penetration Testing, Offensive Security, Secure Code Best Practices, Threat Modeling, Mobile App Security, Secure Coding, Security Research, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), IT Security, Mobile Security, Cyber Threat Hunting, Digital Forensics, Identity & Access Management (IAM), Active Directory (AD), Azure Active Directory, Terraform
Staff Security Engineer
2022 - 2023
Thinkific
- Engineered a patented AI guardrail system and redesigned sign-up workflows, resulting in a 35% reduction in malicious account creation and product abuse.
- Architected a comprehensive code security strategy by deploying SAST and a custom dependency "source of truth" tracker to provide 100% visibility into third-party vulnerabilities.
- Hardened web authentication protocols and OAuth flows successfully decreased account takeover (ATO) incidents and unauthorized API access.
- Established a formal vulnerability management program and automated dashboard, achieving a 90% adherence rate to internal security SLOs.
- Deployed integrated DAST and security scanning for REST and GraphQL APIs, increasing global security coverage across all production endpoints.
- Implemented organization-wide AWS security guardrails and a Zero Trust architecture to enforce least-privileged access across all cloud assets.
- Developed custom SRE-focused pre-commit and post-commit hooks for Terraform, preventing security misconfigurations in 100% of IaC deployments.
- Strategized and executed a three-year roadmap for securing serverless and Kubernetes environments using eBPF-based observability and runtime protection.
- Automated a self-service GCP access request system with built-in SOC integrations, saving the engineering team 20 manual hours per week.
- Directed a multi-year enterprise secrets management initiative, centralizing credentials and eliminating hardcoded secrets across the global CI/CD pipeline.
Technologies: Python, Go, Amazon Web Services (AWS), Docker, Kubernetes, Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Cloud Security, Source Code Review, Secure Coding, Cryptography, JavaScript, Ruby, React, Flutter, Dart, Mobile Security, SOC 2, ISO 27001, Thinkific, Ethical Hacking, DevSecOps, Infrastructure as Code (IaC), Cloud, CI/CD Pipelines, Cybersecurity, Security Audits, Code Review, Artificial Intelligence (AI), Web Security, Penetration Testing, IT Security, Offensive Security, Cyber Threat Hunting, Incident Response, Digital Forensics, Identity & Access Management (IAM), Active Directory (AD), Azure Active Directory, Terraform
Senior Security Engineer
2020 - 2022
Dropbox
- Engineered and patented a novel defense-in-depth solution to neutralize dependency confusion and supply chain attacks across the enterprise.
- Orchestrated a global migration to GitHub, implementing mandatory branch protections and automated Dependabot workflows for 1,000+ repositories.
- Standardized vulnerability lifecycle management by defining clear SLOs for discovery-to-remediation, significantly reducing the average time-to-fix for production assets.
- Established robust CI/CD security guardrails by optimizing legacy SAST configurations and integrating automated DAST into the deployment pipeline.
- Mitigated critical front-end vulnerabilities by leading cross-functional projects to harden Content Security Policies (CSP) and eliminate iframe-based exploits.
- Architected a 3-year network security roadmap, fostering strategic partnerships with Infrastructure teams to align security goals with engineering velocity.
- Co-led the enterprise adoption of Cilium for Kubernetes, achieving granular L7 network visibility and identity-based security between production pods.
- Automated external attack surface monitoring by developing a custom Shodan-integrated runbook to detect and remediate unapproved open ports in real-time.
- Enhanced production environment integrity by redesigning host-filtering solutions to restrict unauthorized lateral movement across high-traffic nodes.
- Led a comprehensive vulnerability eradication initiative, identifying and remediating 100% of critical third-party vulnerabilities across the software supply chain.
Technologies: Python 3, Go, Application Security, Amazon Web Services (AWS), Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Dart, Offensive Security, Infrastructure, IT Security, SOC 2, ISO 27001, Ethical Hacking, DevSecOps, Infrastructure as Code (IaC), Cloud, CI/CD Pipelines, Cybersecurity, Security Audits, Code Review, Artificial Intelligence (AI), Web Security, Penetration Testing, Mobile Security, Cyber Threat Hunting, Incident Response, Digital Forensics, Identity & Access Management (IAM), Active Directory (AD), Azure Active Directory, Terraform
DevSecOps Engineer
2017 - 2020
Berea College
- Developed a suite of custom Ansible playbooks to automate server provisioning and configuration, reducing manual deployment time by 40%.
- Architected and managed end-to-end CI/CD pipelines using Jenkins and Chef, ensuring consistent and repeatable software delivery across development environments.
- Administered a multi-region AWS infrastructure, optimizing resource utilization and enforcing security best practices for high-availability cloud services.
- Secured university-wide server infrastructure by performing ethical hacking assessments and implementing defensive hardening to prevent unauthorized access.
Technologies: Ansible, Jenkins, Chef, Amazon Web Services (AWS), Docker, Kubernetes, Prometheus, Application Security, Offensive Security, Network Security, Web Security, Penetration Testing, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), IT Security, Mobile Security, Cyber Threat Hunting, Incident Response, Digital Forensics, Identity & Access Management (IAM), Active Directory (AD), Azure Active Directory, Terraform
DevSecOps Engineer
2019 - 2019
Palo Alto Networks
- Integrated TwistLock, RedLock, and PureSec into global DevSecOps cycles, achieving 100% automated security scanning for containerized and serverless workloads.
- Engineered a custom API penetration testing utility to identify and remediate broken object-level authorization (BOLA) and weak endpoints across production environments.
- Architected an automated reverse engineering framework leveraging AI and LLMs, reducing the manual analysis time for obfuscated binaries by 60%.
- Optimized the open-source Binwalk tool by developing new decompression algorithms for embedded filesystems and proprietary archives, expanding forensic capabilities.
- Developed a centralized incident response platform that automated alert enrichment, enabling the SOC to triage and respond to critical incidents within a 30-minute SLA.
- Recruited and led a high-performing team of 10 security engineers, fostering a culture of technical excellence and cross-functional security partnership.
Technologies: Infrastructure as Code (IaC), DevOps, DevSecOps, Application Security, Infrastructure Security, Web Security, Penetration Testing, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), IT Security, Offensive Security, Mobile Security, Cyber Threat Hunting, Incident Response, Digital Forensics, Identity & Access Management (IAM), Active Directory (AD), Azure Active Directory
Experience
Twistlock Integration to Prisma Cloud
https://www.paloaltonetworks.com/prisma/cloudI worked on the integration of Twistlock into Prisma Cloud. It consisted of 50% software development, 25% SRE, and 25% security work. CircleCI Orb by Twistlock and Jenkins Plugin, both worked on within this project's scope, are now part of Prisma Cloud.
Education
2017 - 2020
Bachelor's Degree in Mathematics and Computer Science
Berea College - Kentucky, United States
Skills
Libraries/APIs
React
Tools
Ansible, Terraform, Jenkins, Chef
Languages
Python, Python 3, Go, JavaScript, YAML, Ruby, Dart
Paradigms
Penetration Testing, DevSecOps, Secure Code Best Practices, DevOps
Platforms
Amazon Web Services (AWS), Kubernetes, Docker, Thinkific
Industry Expertise
Cybersecurity
Storage
Azure Active Directory
Frameworks
Flutter
Other
Web Security, Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Secure Containers, Secure Coding, Network Security, Infrastructure, Cloud Security, Source Code Review, Offensive Security, IT Security, Security, SOC 2, ISO 27001, Ethical Hacking, Infrastructure as Code (IaC), CI/CD Pipelines, Security Audits, Code Review, Artificial Intelligence (AI), Cyber Threat Hunting, Digital Forensics, Identity & Access Management (IAM), Active Directory (AD), Cryptography, Mobile Security, Cloud, Incident Response, Networking, Software Development, Threat Modeling, Mobile App Security, Security Research, Infrastructure Security, Prometheus
Collaboration That Works
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
1
Share your needs
Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2
Choose your talent
Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3
Start your risk-free talent trial
Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.
Top talent is in high demand.
Start hiring