Open to opportunities

Dennis Mwanzia

@dennismwanzia

Message

Cybersecurity and application security researcher bridging development and security to remediate vulnerabilities.

Kenya

Message

What I'm looking for

I’m looking for a role where I can bridge development and security—doing threat modeling, application/API testing, and secure architecture—while collaborating on remediation that measurably reduces real risk.

I’m a results-driven cybersecurity professional with 5+ years of experience in software engineering, secure architecture, and vulnerability remediation. I focus on identifying critical security flaws and implementing scalable defenses, especially where application design and real-world misuse intersect.

As a freelance Security Researcher at Deutsche Telekom AG and Artsy, I’ve discovered and responsibly disclosed high-severity issues that directly strengthened security posture. I reported sensitive data exposure from a publicly exposed endpoint, uncovered privilege escalation via unauthenticated API endpoints, and developed a WAF-bypass technique exploiting regex filter weaknesses to access internal files—then proposed hardening measures to mitigate the risk.

My work also includes responsible disclosure and remediation collaboration: at Reddit (via HackerOne), I found a logic flaw that could enable malicious account deletion and supported fixes through RBAC and destructive-action confirmations. I’ve also identified client-side flaws in Jira Cloud and Confluence Cloud involving improper user output encoding, and I’m passionate about bridging development and security to build resilient systems.

Experience

Work history, roles, and key accomplishments

Security Researcher

Artsy, Inc.

Uncovered a critical proxy-system misconfiguration that exposed protected API endpoints, enabling unauthorized access to sensitive customer order details (including PII and real-time location via Google Maps integration). Demonstrated an exploit chain that could have led to leakage of 3 million customer records and worked with the security team to implement immediate safeguards preventing a large-

Application Security API Security Data Protection Access Control Vulnerability Remediation Responsible Disclosure

Security Researcher

Deutsche Telekom

Identified and reported a critical misconfiguration that leaked sensitive environment variables via a publicly exposed endpoint, and collaborated on remediation to prevent unauthorized access. Discovered unauthenticated API endpoints enabling privilege escalation, and developed a WAF-bypass technique exploiting regex filter weaknesses to access restricted internal files; contributed to hardening m

Application Security Vulnerability Assessment API Security Access Control Responsible Disclosure

Security Researcher

Atlassian Corporation

Conducted independent security research via bug bounty programs and identified critical client-side flaws in Jira Cloud and Confluence Cloud that enabled account compromise due to improper user output encoding. Reported findings and supported remediation efforts to reduce risk of unauthorized access to affected parties.

Web Security Output Encoding Injection Prevention Vulnerability Assessment API Security

Security Researcher

Reddit, Inc.

Discovered a critical logic flaw in a subsidiary (Memorable) that could allow malicious actors to delete entire organization accounts and associated data via unauthorized API requests. Reported through HackerOne and collaborated on remediation to enforce RBAC and require confirmations for destructive actions.

Responsible Disclosure Logic Flaw Analysis RBAC API Security Access Control Vulnerability Remediation Security Triage