JONATHAN TROWBRIDGE

CAREER SUMMARY

Principal software engineer with over 10 years of experience building mobile, web, and backend systems in production environments. Brings deep understanding of application architecture, authentication flows, APIs, backend services, and trust boundaries, along with the ability to identify and clearly communicate real security risk. Now pursuing penetration testing roles, backed by hands-on offensive security training through the OSCP+, GPEN, GCIH, GSEC, GFACT, and practical lab and CTF experience.

CERTIFICATIONS & EDUCATION

SECURITY TRAINING & HANDS-ON EXPERIENCE

• Completed hands-on offensive security training through the OSCP+, GPEN, GCIH, GSEC, and GFACT, with experience in enumeration, exploitation, privilege escalation, pivoting, and adversary-minded assessment.
• Strengthened practical skills through TryHackMe and Hack The Box across Linux and Windows environments, including service enumeration, exploitation, and post-exploitation workflows.
• Applied software engineering experience during labs and exercises to analyze backend behavior, authentication flows, trust boundaries, implementation weaknesses, and misconfigurations while documenting findings clearly.

PROFESSIONAL EXPERIENCE

• Led the end-to-end migration of Coinme’s native iOS and Android applications to Flutter, modernizing the mobile platform while working across client and backend boundaries that included authentication, onboarding, payments, and other security-sensitive user flows.
• Designed and implemented a scalable application architecture using Riverpod, enabling maintainable, testable, and modular code to support rapid feature growth.
• Directed key engineering initiatives including onboarding, mentorship, and team process improvements enhancing team productivity, consistency, and long-term scalability of development efforts.

• Led development of a commercial real estate listing module for Android, along with the supporting ASP.NET Core Web API, delivering a seamless end-to-end solution used across platforms.
• Built and maintained scalable web applications with React, .NET, and Node.js, and developed a reusable .NET Core AWS push notification system adopted across the organization to support real-time, cross-platform communication.
• Collaborated cross-functionally with design, product, and engineering teams to deliver intuitive user experiences and ensure consistent, high-quality feature releases across mobile and web.

• Built cross-platform iOS and Android applications using Xamarin Native and Xamarin Forms, delivering custom mobile solutions across industries including skiing, agriculture, and logistics.
• Developed and modernized backend systems with ASP.NET and Azure Mobile App Services, including migrating monolithic APIs to modular services and implementing robust unit testing.
• Engineered real-time inventory and shipping synchronization within a cross-platform mobile application, using advanced PCL code and LINQ queries to streamline data flow across distributed devices and APIs.

• Led implementation of claims-based authentication and user management systems for government applications, including a secure recruiting portal for the U.S. Air Force, enhancing access control and compliance.
• Developed environmental and conservation-focused modules for Virginia state agencies using Backbone, Marionette, and ASP.NET Web API, improving regulatory workflows and monitoring efficiency.
• Modernized legacy web applications, including migrating from jQuery to Dojo, resulting in improved performance, user experience, and maintainability.

PERSONAL PROJECTS

• Built a full-stack Flutter frontend and Ktor backend as a boilerplate project to accelerate rapid application bootstrapping, supporting user registration, profile updates, and SMS-based two-factor authentication (2FA).
• Implemented JWT-based authentication and authorization, with MySQL for persistent user data, Redis for transient 2FA token storage, and GitHub Actions for automated backend deployment.
• Architected the Ktor backend using a modular, feature-based structure grounded in Clean Architecture principles and Domain-Driven Design (DDD), organizing core business logic into clearly defined use cases to enhance separation of concerns, scalability, and testability.

• Built a native Android application that facilitates the sequential streaming of torrent media for playback on the local device or Chromecast devices.
• Powered media playback using a custom VLC/libVLC wrapper.
• Integrated in-app torrent search capabilities, enabling users to find and stream content without leaving the application.

• Built a native Android application that integrates with the Jackett torrent indexer aggregation engine.
• Implemented a custom Foreign Function Interface (FFI) to enable direct interop between Kotlin and a Jackett .NET Core library, offloading indexer management to the Jackett project.
• Leveraged cross-runtime communication to reduce maintenance overhead and align with upstream improvements.

• Developed a comprehensive Android media player library leveraging the core libVLC library and Open Subtitles API, facilitating seamless media playback on Android and Chromecast devices

TECHNICAL SKILLS

(Download resume as PDF; private GitHub repositories available for review upon request)