Delivery systems and quality
Improved how offensive security work gets scoped, onboarded, reviewed, and delivered by contributing to templates, tooling, training material, quality review, and internal process improvements.
~/ about
Antonios
Papadopoulos
@ SignalCraft
I'm Antonios — the practitioner behind SignalCraft. I've spent the last six years delivering offensive security work across web, mobile, cloud, and infrastructure.
My work spans hands-on penetration testing, vulnerability research, secure code reviews, and security program leadership.
Experience
Technical Director
@ Anvil SecureMar 2025 – Present · Seattle, WA / Remote
- Leading offensive security practice, delivery quality, and technical strategy
- Running web, mobile (iOS & Android), cloud, and infrastructure security assessments
- Advising engineering and security teams on remediation, architecture, and risk trade-offs
- Mentoring technical teams and raising the bar on offensive depth
Senior Security Engineer & Manager
@ Anvil SecureSep 2022 – Feb 2025 · Seattle, WA / Remote
- Delivered offensive security assessments across web applications, APIs, mobile apps, and infrastructure
- Performed vulnerability research, exploit development, and attack-path validation
- Supported engineering teams with security architecture reviews, delivery improvements, and pragmatic remediation guidance
Security Specialist
@ SecuraAug 2019 – Sep 2022 · Amsterdam, Netherlands
- Performed web, mobile, and infrastructure penetration testing for major European financial institutions
- Acted as technical program lead for a large banking-sector engagement
Cryptanalyst Intern
@ LogMeIn (LastPass)Feb – Jun 2019 · Budapest, Hungary
- Secure code reviews and cryptographic implementation audits
- Bug bounty validation on BugCrowd
- Master thesis research
Research Assistant
@ University of TwenteMar – May 2018 · Enschede, Netherlands
- DDoSDB (DDoS Clearing House) — tools for analyzing and generating fingerprints of DDoS attacks
Certifications
A selection of certifications across application security, mobile security, cloud, and broader security engineering.
GMOB
GIAC Mobile Device Security Analyst
eMAPT
eLearnSecurity Mobile Application Penetration Tester
eWPTXv2
eLearnSecurity Web Application Penetration Tester eXtreme
eCPPTv2
eLearnSecurity Certified Professional Penetration Tester
eWPTv2
eLearnSecurity Web Application Penetration Tester
AWS-SCS
AWS Security Certified Specialty
AWS-SAA
AWS Solutions Architect Associate
AWS-CLF
AWS Cloud Practitioner
SWIFT CSCF
SWIFT Certified Security Framework v2022
ICSI | CNSS
Certified Network Security Specialist
Google PM
Google Project Management Certificate
Selected Impact
The work I'm most proud of is usually less about flashy project names and more about building quality, structure, and repeatability into security work.
Leadership in complex environments
Led and supported demanding security work across large, process-heavy environments where consistent quality, reliable execution, and strong coordination mattered as much as technical depth.
Mentoring and people growth
Managed engineers and helped colleagues grow through mentoring, structured feedback, better project ownership, and targeted technical support across areas like mobile security and delivery quality.
Training and internal enablement
Contributed to training policy, onboarding improvements, internal talks, and broader initiatives that made it easier for others to ramp up, stay aligned, and produce stronger work.
Research & Recognition
CVECVE-2020-12687
May 2020 · MITRE Serpico ≤ 1.3.3 — Path Traversal leading to Attachment Disclosure
Authenticated non-admin users could retrieve all attachments via the /admin/attachments_backup endpoint.
Any authenticated user could access administrative attachments through path traversal, exposing sensitive report data across all users.
Recognition
- ECSC2018 — European Cyber Security Challenge participant