About me
I'm Ioannis Papadoulis, Senior Application Security Engineer
I'm a Senior Application Security Engineer at SmartRecruiters in Kraków. I break web apps, APIs, and AI systems, then help engineers fix them properly. Recognized by PortSwigger, the makers of Burp Suite, as a Burp Suite Champion. My focus is the bugs that actually hurt: auth, access control, and business logic, along with the new attack surface that ships with AI-powered features and LLM integrations. I hold CompTIA PenTest+, SecAI+, CSCP, CNVP, Security+, and Cloud+, with BSCP and OSCP next on the roadmap, and I stay sharp through CTFs and labs on Hack The Box. Fluent in English, French, Spanish, Greek, and Polish. Outside of work: lifting, reading, and building tools I probably don't need.
Nationality : Greek
City : Kraków, Poland
More details on my GitHub
Education
2021 - 2022
Wyższa Szkoła Ekonomii i Informatyki w Krakowie
Computer Science
2017 - 2018
Lyceum Degree - Hellenic Lyceum of Brussels
Economics & Informatics
Experience
Jul 2026 - Present
SmartRecruiters
Senior Application Security Engineer
- • Lead internal penetration testing of web applications, APIs, and microservices, and manage external pentest engagements end-to-end
- • Operate the bug bounty program: triage and validate external submissions, coordinate with researchers, and drive fixes with engineering
- • Assess security of AI-powered features and LLM integrations, targeting prompt injection, model misuse, and insecure AI-generated code
- • Threat modeling, security design reviews, and architecture assessments for new and existing services
- • Manual and automated secure code review across SAST, DAST, IAST, and SCA, routing findings through issue tracking
- • Own the vulnerability lifecycle from triage and prioritization through remediation tracking and verification
Jan 2025 - Jun 2026
project44
Offensive AppSec Engineer
- • Lead internal application penetration testing, define scope, execute tests, document findings, and retest to confirm fixes
- • Identify and validate security weaknesses, prioritize risk, and provide clear remediation guidance to engineering teams
- • Assess security of AI-powered features and LLM integrations, covering prompt injection, model misuse, and adversarial (red team) testing of LLM systems
- • Plan, coordinate, and support third-party application penetration tests, including scoping, execution support, and follow-up on findings
- • Run SAST and DAST activities, triage results, validate true positives, and track remediation progress
- • Drive threat modeling and security impact assessments for new features and RFCs, translate outcomes into actionable security requirements
- • Subject matter expert (SME) and primary point of contact for application security (AppSec) questions, concerns, and guidance across teams.
Mar 2024 - Jan 2025
project44
Sr IT Specialist
- • Owned investigation and resolution of complex customer issues, including root cause analysis and stakeholder updates
- • Identified suspected product defects, documented repro steps, and escalated to engineering for remediation
- • Led customer calls and improved documentation through technical notes and knowledge base articles
Jul 2021 - Feb 2024
Karhoo
IT Specialist
- • Partnered with engineering teams, contributing to internal projects and gaining hands-on experience with Go-based systems
- • Provided first and second line technical support for Marketplace and Connect partners, troubleshooting issues and coordinating escalations
- • Managed urgent incidents and partner-impacting issues, driving resolution and keeping stakeholders aligned with clear updates
- • Supported both technical delivery and partner relationships for a client portfolio valued at over €5M, building strong, long-term relationships and feeding partner insights into process improvements
2 yrs 6 mos
HCL Technologies
IT Specialist
Feb 2021 - Jun 2021- • Owned second line incident handling end-to-end, including in-depth troubleshooting and resolution coordination
- • Acted as escalation point for first-line support, coached analysts, and improved triage quality
- • Managed critical and high-severity incidents, handling escalation and end-user communication through closure
- • Supported overflow call and ticket handling, contributed to service readiness activities for EMEA
Jul 2020 - Jan 2021
Senior IT Analyst
- • Owned backlog and floor support priorities, drove tickets to resolution, and supported consistent SLA delivery
- • Trained and onboarded new joiners, improved internal documentation and knowledge base articles based on recurring issues
- • Served as SME for Service Desk file shares and supported go-live readiness for the EMEA region
- • Provided regular operational updates to stakeholders, including ticket trends, knowledge gaps, and training needs
Jan 2019 - Jun 2020
IT Analyst
- • Triaged, diagnosed, and resolved end-user incidents and requests across Windows, Office 365, VPN, browsers, and connectivity, meeting SLAs
- • Logged and tracked work in ServiceNow and call tracking systems, documented troubleshooting steps and outcomes for repeatability
- • Coordinated with internal resolver teams and vendors, escalated complex issues, and kept users updated through closure
- • Administered user access and exit controls, maintained and improved knowledge base articles for recurring issues and standard procedures
Oct 2018 - Dec 2018 · 3 mos
IKEA
IT Analyst
- • Triaged and prioritized incoming IT support cases, assigned or resolved issues within agreed SLAs, escalated when needed
- • Managed end-user communication through resolution, documented fixes, and troubleshooting steps in the shared knowledge base
Certificates
Certifications
Courses
Contact Me
Don't hesitate to reach out to me
Open to connecting on application security, offensive security, and AI/LLM security
Based in
Kraków, Poland









