Skip to content

OFFENSIVE SECURITY ENGINEER

Juan Nemiña

Offensive Security Engineer building practical security tools, workflows, and methodologies.

I build practical tools, workflows, and methodologies that help offensive security work become more repeatable, useful, and safe for real teams.

Illustrated avatar of Juan Nemiña

Juan Nemiña

Offensive Security Engineer

Security profile
Offensive Security Engineer
Tool Builder
Web/API Security
Mobile Security
Security Automation
Lab Design
AppSec / Product Security
WEB/API SECURITY MOBILE SECURITY APPSEC PRODUCT SECURITY BURP SUITE FRIDA OSCP SECURITY AUTOMATION LABS REPORTING WORKFLOWS

Focus

What I work on

Security disciplines and workflows I spend most of my time on.

Web/API Pentesting

Mobile Application Security

Application Security

Product Security

Security Automation

AI-assisted Security Workflows

Selected work

Featured work

A mix of public projects and sanitized case studies. Public projects link to repositories when available; case studies share only high-level, non-confidential details.

Sanitized case study

Internal Windows CTF Lab

Internal Windows-based vulnerable lab designed to support offensive security assessment and training scenarios.

  • assessment design
  • windows security
  • web exploitation
  • internal service exposure
  • privilege escalation
  • offensive methodology

Implementation details, source code, and walkthroughs are not publicly available due to confidentiality or release constraints.

Availability: Not public

Credentials

Certifications

Practical, hands-on certifications that support offensive security and cloud fundamentals.

OSCP+ certification badge

OSCP+

OffSec Certified Professional

Practical offensive security certification focused on enumeration, exploitation, and privilege escalation.

eJPT certification badge

eJPT

Junior Penetration Tester

Practical penetration testing fundamentals, methodology, and hands-on security assessment skills.

Microsoft Azure Fundamentals AZ-900 certification badge

Microsoft Azure Fundamentals AZ-900

Microsoft Certified

Cloud fundamentals covering Azure services, identity, security, governance, and cloud concepts.

Notes

Latest notes and writeups

Methodology-first writeups and short technical notes.

Note

Building a Repeatable OSCP-Style Lab Notes Workflow

A methodology-first note about organizing private OSCP-style lab practice into repeatable enumeration, evidence, and learning workflows.

  • oscp
  • proving-grounds
  • methodology
  • offensive-security
  • lab-notes

Let's talk security

I'm open to conversations about application security, offensive security, mobile security, security automation, CTFs and labs, and open-source security tooling.