Open to opportunities

Abigail Kauf

@abigailkauf

Message

Senior AppSec engineer and DevSecOps security architect building end-to-end security that ships.

Argentina

Message

What I'm looking for

I’m open to senior and lead roles in security engineering—remote or hybrid—where I can own AppSec/DevSecOps from design to production, drive threat modeling, automate controls, and partner with engineering and leadership to make security a built-in capability.

I help organizations build security that actually works—not just on paper. With 12+ years securing systems across fintech, banking, healthtech, and enterprise environments, I specialize in Application Security and DevSecOps: from threat modeling and SAST/DAST to secure delivery and production ownership.

Right now, I’m leading HashiCorp Vault deployments from scratch across multiple business units, eliminating hardcoded credentials and reducing secret sprawl company-wide. I also integrated dynamic database credentials, built Terraform-based IaC pipelines to provision and harden Vault for production, and defined SSDLC governance across teams. I managed SonarQube scanning coverage across 500+ repositories and designed the company’s DRP Coordination Framework from the ground up.

Previously, I owned end-to-end AWS security infrastructure for a US fintech startup, covering IAM, monitoring, patching, and incident response. I led SOC2 (Type I & II) and SOC1 compliance processes using Drata for evidence collection, drove PCI DSS remediation, and built and documented a full security policy suite from scratch. I also evaluated and onboarded security vendors to strengthen the security posture.

Earlier roles strengthened my hands-on execution: integrating Fortify, SonarQube, BlackDuck, Trivy, and other tooling into CI/CD, running end-to-end SAST/DAST remediation, and coordinating vulnerability management at scale. I also teach as an Ad-Honorem Professor, covering NIST/ISO frameworks, PCI/GDPR/HIPAA regulations, OWASP Top 10, DevSecOps, SSDLC, and ethical hacking foundations.

Experience

Work history, roles, and key accomplishments

Current

Security Architect & AppSec Eng

Current

Paramo Technologies

Nov 2024 - Present (1 year 5 months)

Led an end-to-end HashiCorp Vault deployment across business units, eliminating hardcoded credentials and reducing secret sprawl. Built Terraform IaC pipelines, integrated dynamic database credentials, standardized SSDLC governance, expanded SonarQube coverage to 500+ repositories, and designed a DRP coordination framework.

Terraform IaC SonarQube

Current

Ad-Honorem Security Professor

Current

Universidad de Buenos Aires

Mar 2020 - Present (6 years 1 month)

Teach audit and information security, covering NIST/ISO frameworks, PCI/GDPR/HIPAA regulation, OWASP Top 10, DevSecOps methodology, SSDLC, and ethical hacking fundamentals.

OWASP Top 10 DevSecOps SSDLC Ethical Hacking

Cybersecurity Engineer & DevSecOps

Goalsetter

Jun 2022 - Nov 2024 (2 years 5 months)

Owned AWS security infrastructure end-to-end for a US fintech startup, covering IAM, monitoring, patching, and incident response. Led SOC2 (Type I & II) and SOC1 compliance with Drata evidence collection, drove PCI DSS remediation, designed and tested the disaster recovery plan, and built the security policy suite from scratch.

AWS IAM Incident Response SOC2 Compliance Drata PCI DSS Disaster Recovery Planning Security Policies

Cybersecurity Engineer

Globant

Nov 2021 - Jul 2022 (8 months)

Managed a Qualys vulnerability program on AWS EC2, using ScoutSuite for continuous cloud posture assessment. Coordinated with SRE teams to automate vulnerability resolution and executed static code analysis with Fortify.

Qualys ScoutSuite AWS EC2 Vulnerability Management Continuous Posture Assessment SRE Remediation Automation

Cybersecurity Tech Lead

Rockwell Automation

Mar 2021 - Oct 2021 (7 months)

Led a 9-person DevSecOps pod under SAFe, integrating SonarQube, BlackDuck, Trivy, and Dotfuscator into CI/CD pipelines. Built a PowerBI dashboard to consolidate BlackDuck findings for leadership tracking.

DevSecOps SAFe CI CD Pipelines SonarQube Black Duck Trivy Dotfuscator Power BI

Cybersecurity Analyst

Fiserv

May 2020 - Mar 2021 (10 months)

Served as a security champion for a global team, executing end-to-end SAST/DAST and driving developer remediation. Reviewed card console architecture for compliance and presented biweekly security metrics at sprint closures.

SAST DAST Developer Remediation Security Metrics Security Architecture

Cloud Engineer

Philip Morris International

May 2019 - Jan 2020 (8 months)

Managed AWS cloud operations across 150+ accounts supporting IaaS, PaaS, and SaaS business needs. Served as the primary contact for infrastructure tickets, triaging and resolving issues to SLA, and ensured compliance with configuration management standards in a multi-account environment.

Cloud Operations IaaS IAM Support Configuration Management Cloud Environments

Cloud Security Consultant

Banco Comafi

Dec 2018 - May 2019 (5 months)

Advised on cloud migration strategy and implementation for technology innovation projects covering IaaS, PaaS, and SaaS adoption. Defined security requirements and architecture guidelines to meet banking compliance and risk standards, guiding teams through secure cloud onboarding.

Cloud Security Cloud Architecture Banking Compliance SaaS Security

IT Security Operations Analyst

Tenaris

Aug 2017 - Dec 2018 (1 year 4 months)

Managed IAM operations and DLP controls across a global organization, delivering security metrics and advisory reports to regional leadership. Contributed to global IT security projects by collaborating across geographies and business units.

Security Metrics Security Advisory Reporting Global IT Security Projects