Aug 2023 – Present · 2 yrs 7 mos · Remote

• Seats.aero is the #1 website to discover the best flights for your points.
• GTM

Oct 2022 – Aug 2024 · 1 yr 10 mos

• Shockwave specializes in protecting businesses from externally facing Cyber Security threats through our advanced and comprehensive Attack Surface & Continuous Threat Exposure Management Platform.
• Our vision is to create a unified portal for managing everything related to your Externally Facing assets, from continuous monitoring to running your Bug Bounty strategy and collaborative pen-testing environment.
• Shockwave are one of the industry leaders within the External Attack Surface Management space with our Next-Gen platform, Shockwave supports small business to F100 companies and assist them in protecting their assets & identify threats at industry-leading pace through our unique SaaS offering.
• shockwave.cloud is dedicated to eliminate the "False Positive" security concept by delivering concrete and detailed vulnerability reports and alerts, dedicating great value to our customers time dealing with cyber security incidents.
• Learn more at the link below:
• https://www.shockwave.cloud

Jan 2022 – Oct 2022 · 9 mos

• During my time at Salesforce I've been working as Senior Product Security Engineer within the Root Cause Analysis team on the Discovery Department.
• Throughout my tenture I've overseen incoming vulnerabilities from Bug Bounty programs and through Code Bases static analysis, and I've created signatures and modules to automatically detect additional occurrences of the same misconfigurations across different assets and code components, that way reducing the risks throughout most of Salesforce integral CORE applications and major leading acquisitions.
• I was an integral part of the team and decided to leave in order to pursue my own company within the Attack Surface Management space - Shockwave

Feb 2021 – Nov 2021 · 9 mos

• 15 for 15 Winner - April 2021
• Synack Acropolis - 2020/2021

Dec 2020 – Jan 2022 · 1 yr 1 mo · Tel Aviv, Israel

• Conducting AppSec vulnerability assessments on customers, assessing integrated data to provide impactful insights which affect the client's Application Security Posture.
• In charge of the creation and integration of self written open-source based application security vulnerability modules, such as Blackbox Reconnaissance, Subdomain Takeovers, SSRF, etc.
• Monitoring routinely for AppSec related vulnerabilities on Enso's product as part of the SDLC.
• Analysing logs and data from various AppSec related sources in order to put the spotlight on potentially vulnerable endpoints and relations, easing the client's Application Security Engineer day to day tasks.
• Creating Blog Posts and Presentation slides of my own AppSec based research.

Aug 2020 – Present · 5 yrs 7 mos

• Personal Profile: https://hackerone.com/nagli
• One of the few > $2,000,000 bounty earnings hackers on the platform
• Top 5 on HackerOne's all time leaderboard
• Reported valid critical security issues among all to dozens of F50 companies
• > 5 Top 5 finishes on Live Hacking Events, Won twice the "Exterminator" award for identifying the most critical vulnerability of the event.

Aug 2020 – Present · 5 yrs 7 mos

• Personal Profile: https://bugcrowd.com/nagli.
• Top 20 on All Time Leaderboard.
• Best Bug on T-Mobile’s 2024 Bug Bash
• Best Bug on T-Mobile’s 2023 Bug Bash
• Best Collaboration Award on 2021 Okta's Virtual Live Hacking Event
• Won 2022 BugBash Live Hacking Event in Vegas hacking Indeed.
• Reported valid critical security issues among all to Tesla, T-Mobile, Volkswagen, Atlassian, OpenAI, Bugcrowd, Okta, Walmart, SurveyMonkey, TripAdvisor, etc.