Hello, my name is Ioannis Papadoulis

I'm a Senior Application Security Engineer

About me

I'm Ioannis Papadoulis, Senior Application Security Engineer

I'm a Senior Application Security Engineer at SmartRecruiters in Kraków. I break web apps, APIs, and AI systems, then help engineers fix them properly. Recognized by PortSwigger, the makers of Burp Suite, as a Burp Suite Champion. My focus is the bugs that actually hurt: auth, access control, and business logic, along with the new attack surface that ships with AI-powered features and LLM integrations. I hold CompTIA PenTest+, SecAI+, CSCP, CNVP, Security+, and Cloud+, with BSCP and OSCP next on the roadmap, and I stay sharp through CTFs and labs on Hack The Box. Fluent in English, French, Spanish, Greek, and Polish. Outside of work: lifting, reading, and building tools I probably don't need.

Nationality : Greek

City : Kraków, Poland

More details on my GitHub

Education

2021 - 2022

Wyższa Szkoła Ekonomii i Informatyki w Krakowie

Computer Science

2017 - 2018

Lyceum Degree - Hellenic Lyceum of Brussels

Economics & Informatics

Experience

Jul 2026 - Present

SmartRecruiters

Senior Application Security Engineer
  • • Lead internal penetration testing of web applications, APIs, and microservices, and manage external pentest engagements end-to-end
  • • Operate the bug bounty program: triage and validate external submissions, coordinate with researchers, and drive fixes with engineering
  • • Assess security of AI-powered features and LLM integrations, targeting prompt injection, model misuse, and insecure AI-generated code
  • • Threat modeling, security design reviews, and architecture assessments for new and existing services
  • • Manual and automated secure code review across SAST, DAST, IAST, and SCA, routing findings through issue tracking
  • • Own the vulnerability lifecycle from triage and prioritization through remediation tracking and verification

Jan 2025 - Jun 2026

project44

Offensive AppSec Engineer
  • • Lead internal application penetration testing, define scope, execute tests, document findings, and retest to confirm fixes
  • • Identify and validate security weaknesses, prioritize risk, and provide clear remediation guidance to engineering teams
  • • Assess security of AI-powered features and LLM integrations, covering prompt injection, model misuse, and adversarial (red team) testing of LLM systems
  • • Plan, coordinate, and support third-party application penetration tests, including scoping, execution support, and follow-up on findings
  • • Run SAST and DAST activities, triage results, validate true positives, and track remediation progress
  • • Drive threat modeling and security impact assessments for new features and RFCs, translate outcomes into actionable security requirements
  • • Subject matter expert (SME) and primary point of contact for application security (AppSec) questions, concerns, and guidance across teams.

Mar 2024 - Jan 2025

project44

Sr IT Specialist
  • • Owned investigation and resolution of complex customer issues, including root cause analysis and stakeholder updates
  • • Identified suspected product defects, documented repro steps, and escalated to engineering for remediation
  • • Led customer calls and improved documentation through technical notes and knowledge base articles

Jul 2021 - Feb 2024

Karhoo

IT Specialist
  • • Partnered with engineering teams, contributing to internal projects and gaining hands-on experience with Go-based systems
  • • Provided first and second line technical support for Marketplace and Connect partners, troubleshooting issues and coordinating escalations
  • • Managed urgent incidents and partner-impacting issues, driving resolution and keeping stakeholders aligned with clear updates
  • • Supported both technical delivery and partner relationships for a client portfolio valued at over €5M, building strong, long-term relationships and feeding partner insights into process improvements

2 yrs 6 mos

HCL Technologies

IT Specialist
Feb 2021 - Jun 2021
  • • Owned second line incident handling end-to-end, including in-depth troubleshooting and resolution coordination
  • • Acted as escalation point for first-line support, coached analysts, and improved triage quality
  • • Managed critical and high-severity incidents, handling escalation and end-user communication through closure
  • • Supported overflow call and ticket handling, contributed to service readiness activities for EMEA

Jul 2020 - Jan 2021

Senior IT Analyst

  • • Owned backlog and floor support priorities, drove tickets to resolution, and supported consistent SLA delivery
  • • Trained and onboarded new joiners, improved internal documentation and knowledge base articles based on recurring issues
  • • Served as SME for Service Desk file shares and supported go-live readiness for the EMEA region
  • • Provided regular operational updates to stakeholders, including ticket trends, knowledge gaps, and training needs

Jan 2019 - Jun 2020

IT Analyst

  • • Triaged, diagnosed, and resolved end-user incidents and requests across Windows, Office 365, VPN, browsers, and connectivity, meeting SLAs
  • • Logged and tracked work in ServiceNow and call tracking systems, documented troubleshooting steps and outcomes for repeatability
  • • Coordinated with internal resolver teams and vendors, escalated complex issues, and kept users updated through closure
  • • Administered user access and exit controls, maintained and improved knowledge base articles for recurring issues and standard procedures

Oct 2018 - Dec 2018 · 3 mos

IKEA

IT Analyst
  • • Triaged and prioritized incoming IT support cases, assigned or resolved issues within agreed SLAs, escalated when needed
  • • Managed end-user communication through resolution, documented fixes, and troubleshooting steps in the shared knowledge base

Certificates

Certifications

CompTIA Secure Cloud Professional - CSCP

CompTIA Secure Cloud Professional - CSCP

CompTIA Secure Cloud Professional (CSCP) validates hands on skills in securing cloud environments, implementing identity, network, and data protection controls, and applying risk, compliance, and governance practices across real world cloud operations.

CompTIA Cloud+ ce

CompTIA Cloud+ ce

CompTIA Cloud+ validates hands on skills in deploying, securing, and troubleshooting cloud infrastructure, managing cloud operations and networking, and applying security and risk controls in real world hybrid and multi cloud environments.

CompTIA SecAI+

CompTIA SecAI+

CompTIA SecAI+ validates hands on skills in securing AI systems, identifying AI specific threats, and applying governance and risk controls in real world environments.

CompTIA Network Vulnerability Assessment Professional - CNVP

CompTIA Network Vulnerability Assessment Professional - CNVP

CompTIA CNVP validates hands-on skills in network vulnerability assessment, analysis, and risk identification across real-world environments.

CompTIA PenTest+ ce

CompTIA PenTest+ ce

CompTIA PenTest+ validates hands-on penetration testing and vulnerability assessment skills in real-world environments.

InsightAppSec Certified Specialist

InsightAppSec Certified Specialist

Certified in using InsightAppSec to perform and analyze dynamic application security scans

CompTIA Security+ ce

CompTIA Security+ ce

CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career.

CS50's Introduction to Computer Science

CS50's Introduction to Computer Science

CS50 (aka CS50x through edX), Harvard University's introduction to the intellectual enterprises of computer science and the art of programming.

Courses

Application Security - The Complete Guide

Application Security - The Complete Guide

Developing security in the Software Development Life Cycle (SDLC)

Modeling Threats: Strategies in Threat Modeling

Modeling Threats: Strategies in Threat Modeling

Securing cybersecurity systems from design to deployment using modern threat modeling techniques

Contact Me

Don't hesitate to reach out to me

Open to connecting on application security, offensive security, and AI/LLM security

Based in

Kraków, Poland

Reach out on LinkedIn