Andriy Rudyk
Product Security Engineer
Work Experience
Product Security Engineer IV
Aug 2023 – Present
Intuit Credit Karma · Charlotte, NC
- Architected and built Raptor, a centralized vulnerability management and triage platform (Go/React): ingests findings from Snyk, Twistlock, Semgrep, Traceable, Data Theorem, GitHub secret scanning, and custom scanners; auto-creates and routes tickets to owning teams; provides security engineers a full manual triage and review workflow with dashboards.
- Deployed an enterprise-wide Burp Suite DAST scanner and authored a custom Burp extension (Java) to handle GraphQL introspection and automated attack dispatch.
- Architected and developed an automated third-party library review and approval platform, reducing manual security review overhead.
- Perform internal application-layer penetration tests on new features undergoing security review.
- Conduct security design reviews of technical design documents (TDDs) and provide code-level security consultations to product engineering teams.
- Promoted from Product Security Engineer III in August 2023.
Product Security Engineer III
2021 – Aug 2023
Intuit Credit Karma · Charlotte, NC
- Launched and managed Intuit Credit Karma's HackerOne bug bounty program: triaged and validated submissions, coordinated remediation with engineering, performed CVSSv3 scoring and scope management.
- Performed internal penetration tests on new product features and reported findings through the security review process.
- Delivered security consultations to product teams: reviewed TDDs and provided actionable security recommendations.
Software Engineer III
Nov 2018 – 2021
Intuit Credit Karma · Charlotte, NC
- Scala / Java / TypeScript / PHP, Finagle, Spring, Kubernetes, Kafka.
- Developed microservices supporting the home/mortgage vertical; worked on the tax integration team for OCR, TaxHub, and IRS transcript retrieval services.
- NightsWatch (internal cybersecurity program) member, top-5 CTF nominee.
- Promoted to Senior Engineer III in 2020.
Software Engineer
Jun 2014 – Nov 2018
Premier Inc. · Charlotte, NC
- Designed and coded full-stack enterprise medical data processing applications using agile methodologies.
- Java / Groovy / Go, Spring / Grails / Ratpack with Hadoop map/reduce, Solr, Kafka, and a Vue.js front-end.
- Used Docker for simple app management and deployment; experience with event-driven Go APIs.
- Promoted from Associate Software Engineer in 2015.
- 2017 Premier Values team award winner.
Application Engineer Intern
May 2013 – Aug 2013
Premier Inc. · Charlotte, NC
- Worked on a summer-long project creating a configuration comparator tool.
- Python / Django / bash.
- Received a job offer at the end of the internship.
Skills
- Languages: Go, TypeScript, Java, Scala, Groovy, Python, JavaScript, SQL, bash, C, LaTeX
- Frameworks: ReactJS, Go gin, Twitter Finagle, Spring / Spring Boot, Grails, Flask, Kafka
- Tools: Burp Suite, git, Docker, Kubernetes, GitHub Actions, Snyk, Semgrep, Twistlock, HackerOne, JIRA, IDEA suite, VS Code, vim, Linux (Debian/RHEL) / Mac / Windows
- Security: Vulnerability management, application pentesting, DAST/SAST tooling, bug bounty management, security design review, GraphQL security, CVSSv3
- Misc: Pursuing OSCP certification. Trilingual: English, Ukrainian, Russian. Strong communicator with experience bridging security and product engineering teams.
Education
OSCP (Offensive Security Certified Professional) — In Progress
Expected 2026
Offensive Security · Remote
B.S. in Computer Science
2010 – 2014
Western Carolina University · Cullowhee, NC
- Vice President of the Computer Science ACM club.
- PiBot capstone: a Raspberry Pi remote tour robot controlled via a Flask web app.
- Coursework: Algorithms, Networking, Computer Graphics, Databases, MIPS Assembly, Operating Systems, Software Engineering.