# Savino Jossi > Reverse Engineer / Security Researcher Location: New York City Metropolitan Area, United States Profile: https://flows.cv/savino Researcher and engineer with more than 10 years of professional experience discovering, detecting and mitigating security issues. Passionate about uncovering behaviors of systems and executables and being able to communicate the impact and remediations. Able to communicate with a wide range of stakeholders from exec to low-level tech. Happiest exploring and understanding complex and low-level systems that others find scary and taming them. ## Work Experience ### Senior Software Engineer @ Copia Automation Jan 2023 – Jan 2025 | New York City Metropolitan Area In-house reverse engineering expert, supporting the development of the Source Control and DeviceLink product by analyzing the APIs, file formats and network protocols of various vendors. Rockwell Network Stack: - Reverse engineered and reimplemented the network stack of Rockwell PLCs - Wrote a portable Rust library, supporting EtherNet/IP, Common Industrial Protocol (CIP) and PCCC protocols - Developed an interposer to analyze and store a project upload for later replaying of the upload, effectively imitating a PLC Rockwell File Format: - Analyzed ACD binary project format to read contained data, allowing advanced analysis of the project to display CODESYS project file format: - Identified compression and encryption in custom file format for protected CODESYS password archives, supporting passwords and certificate based decryption Various Copia application contributions: - Identified and fixed proxy configuration issues in the Copia Desktop application, written in TypeScript - Implemented diff support for encrypted rungs in Rockwell project files ### Senior Security Researcher @ Red Balloon Security, Inc. Jan 2021 – Jan 2023 | New York City Metropolitan Area Embedded security research and defensive development. Finding vulnerabilities on a variety of hardware and software platforms including Linux, VxWorks and custom platforms on ARM, MIPS and more. Reverse Engineering with IDA Pro and Binary Ninja, writing custom plugins where necessary. Automating analysis and attacks, as well as developing host-based security solutions in Python and C. Vulnerability research in ICS and consumer devices (VxWorks, Linux, Android) - Building custom hardware for debugging via JTAG/SWD and UART - Automating attacks and binary modification in Python and C - Source code review and reverse engineering of binaries and drivers to understand internal processes Contributed components and core functionality for OFRAK - Python development in large code base - Translating protocols and standards to an abstract usable interface Managed and developed demos for display at major conferences - Three demos at two villages at DEF CON with over a dozen employees involved ### Security Analyst @ - - Jan 2020 – Jan 2020 | Zurich, Switzerland Detection engineering in large corporate network. Automated processes using PowerShell for Windows-heavy environment. Used advanced offensive techniques to improve detection practices. ### Security Consultant @ - - - Jan 2020 – Jan 2020 | Zurich, Switzerland Supported building baseline framework for security incident detection in a small SOC. Leveraged MITRE ATT&CK to formalize coverage and Sigma based patterns to reduce initial engineering. ### Security Professional @ Julius Baer Jan 2017 – Jan 2020 | Zürich Area, Switzerland • Collaborate with Security Operations team to identify malicious actors in organization • Conduct internal penetration testing to efficiently find network vulnerabilities, as well as adversary emulation to replicate threat actors and finetune detections to enemy TTP’s (Tactics, Techniques, and Procedures). • Used expertise in Powershell to develop an automated program for SOC monitoring pattern testing that simulates hacker attacks to test detection patterns. o Utilize program to train 2 IT apprentices per year in detecting vulnerabilities. • Technical support for a new, standardized vulnerability management process for assessing threats and determining best responses and patch times, increasing efficiency by streamlining communications. • Manage and export info on system vulnerabilities each week from scanning system Nexpose. ### Forensic Consultant @ KPMG Switzerland Jan 2015 – Jan 2017 | Zürich Area, Switzerland • Developed “investigation servers”: configured on-site environments for Nuix, Relativity and Clearwell reviewing platforms, created programs to search through millions of emails and create chain of evidence. • Served as Technical Lead for Incident Response team, preparing playbooks and technical environments (SIFT Workstation, REMnux) for on-site analysis and action planning. • Developed and implemented improvements to Zurich CyberLab for remote management of client data, housing 50 TB of storage across 10 different servers totaling over $1M. o Created multiple segregated networks, redundant firewalls and switches, storage management, and OS deployment to greatly increase efficiency, resolve issues and eliminate lost projects. ### Software Engineer @ MeteoNews Jan 2014 – Jan 2015 | Zürich Area, Switzerland Collaborated with 4 other team members to develop software applications, resolve data issues, and handle other IT needs for weather service. • Expanded and debugged in-house library, improving both internal weather data processing as well as website and customer data output (PHP) • Developed and fixed bugs for main website and modules for customers using Javascript and PHP. • Created automated daily and special weather reports for customers (PHP generating HTML, rendered as PDF) • Handled various internal needs, including managing a remote controller for TV Studio in C and a time reporting tool in PHP and Perl • Monitored and maintained external and internal load (using Apache, MySQL, Memcached) and BGP Routers. ### IT Coordinator @ University of Zurich / Institute of Anatomy Jan 2012 – Jan 2014 Administration and maintenance of existing infrastructure (Primarily Windows Active Directory server with some custom Linux servers and applications) Consulting and purchase of Hard- and Software for various research groups Evaluation and operation of internal software e.g. issue management, server monitoring, licensing Support for staff and students Many smaller IT related tasks ### Level 3 Technical Support Analyst @ BMC Software Jan 2010 – Jan 2011 ## Education ### Bachelor of Science - BS in Computer Science ZHAW Zurich University of Applied Sciences ## Contact & Social - LinkedIn: https://linkedin.com/in/sjossi --- Source: https://flows.cv/savino JSON Resume: https://flows.cv/savino/resume.json Last updated: 2026-03-31