Busra Kugler

Security Engineer

Germany8 yrs 10 mos experience

Key Highlights

Built security programs from scratch in multiple organizations.
Achieved SOC 2, ISO 27001/27701, and HIPAA certifications.
Active bug bounty hunter with real-world vulnerability discoveries.

Stackforce AI infers this person is a Security Architect specializing in SaaS and compliance-driven environments.

Contact

Skills

Core Skills

Product SecurityInfrastructure SecurityComplianceSecurity OperationsApplication Security

Other Skills

Amazon Web Services (AWS)Bash scriptingBuffer Overflow ExploitationBurp SuiteCCPA complianceCI/CD securityCloud SecurityComputer SecurityContainer SecurityCyber-securityDocker ProductsGDPR complianceHIPAAISO 27001Information Security

About

Security Lead with 10 years of experience across offensive and defensive security, building and scaling security programs from scratch. My expertise spans product and infrastructure security, penetration testing, application security, secure code reviews, and designing security training programs for engineering teams. Skilled in cloud infrastructure (AWS, Azure, Kubernetes, Terraform), CI/CD security (GitHub Actions), and compliance frameworks (SOC 2, ISO 27001/27701, HIPAA, PCI). Strong background in threat modeling, automation, and resilient system design, with hands-on proficiency in Python for building custom automation and security tooling. Alongside my security career, I’ve been a freelance penetration tester and active bug bounty hunter for the past 6 years, consistently uncovering real-world vulnerabilities across diverse industries on platforms including Cobalt, HackerOne, and Synack. I also give back to the security community through blog posts and YouTube content, sharing practical insights and lessons learned.

Experience

Xbow

Security Engineer

Nov 2025 – Present · 4 mos · Berlin, Germany · Remote

Databricks

Member of Technical Staff

Jun 2025 – Nov 2025 · 5 mos · Berlin, Germany · Remote

After Neon’s acquisition, I’m responsible for integrating Neon’s existing security, compliance, and IT functions into Databricks’ broader security organization. While driving this integration, I continue to lead Neon’s security operations end-to-end — covering product security, infrastructure security, compliance, and IT — until the transition is complete.
This includes maintaining security reviews, cloud and CI/CD security, and IT processes, while collaborating with Databricks teams to align Neon’s practices with enterprise-wide frameworks.

Neon

Lead Security Engineer

Aug 2023 – Jun 2025 · 1 yr 10 mos · Remote

As Neon’s first security hire, I built both the security, compliance and IT functions from the ground up. I established the company’s compliance foundation, making Neon SOC 2, ISO 27001/27701, and HIPAA certified, while automating GRC and audit processes to scale with rapid growth.
On the engineering side, I introduced and operationalized cloud vulnerability management, dependency and image scanning, static code analysis, CI/CD security for GitHub Actions, penetration testing, and a bug bounty program. These initiatives embedded security into the development lifecycle and reduced risks across the stack.
For IT and corporate security, I automated onboarding/offboarding, device security enforcement, phishing defense, SAML/SSO integrations, and vendor procurement. This improved both security and efficiency while reducing manual overhead.
I also worked closely with legal counsel on GDPR and CCPA compliance, and partnered with sales by leading customer security reviews, questionnaires, and enterprise due diligence calls — directly supporting revenue growth through security assurance.

cloud vulnerability managementdependency and image scanningstatic code analysisCI/CD securitypenetration testingbug bounty program+4

Offsec

2 roles

Content Developer

Promoted

Jan 2023 – Aug 2023 · 7 mos

Contributed as one of the authors of the OSCP and OSCE certification exams, designing real-world penetration testing challenges and vulnerable machines. Helped build enterprise training labs that enabled thousands of security professionals to practice and advance their offensive security skills in realistic environments.