Pavlo

PAVLO SVIZINSKYY
Backend / Full-Stack Engineer · Node.js / TypeScript · Web3, AI & Security
[open contact info](look above in the "contact info" section) · Telegram @an404on · [open contact info](look above in the "contact info" section) · LinkedIn

PROFILE
Backend-focused full-stack developer with 3+ years of commercial experience on Node.js and TypeScript. I design and ship
backend systems end-to-end — high-load REST and WebSocket APIs, web3 integrations, real-time services, and automation.
Hands-on experience integrating smart contracts with backends, building MCP (Model Context Protocol) servers, and
developing autonomous AI agents.
Currently studying cybersecurity and working as a developer and penetration tester at a security studio, so I build security into
code from the start rather than adding it after the fact. Self-driven and fully accountable for the result — from architecture
and business analysis through deployment and infrastructure.

TECHNICAL SKILLS
Programming Languages: JavaScript, TypeScript, C++, Python
Backend: Node.js, Express, REST API, WebSockets, Socket.IO
Frontend: Vue, Nuxt, React, Vite, PWA (Service Workers, Workbox), THREE.js
Databases: PostgreSQL, MySQL, MongoDB, Redis
ORM: Sequelize, TypeORM
Web3: Solana, TON, Anchor, smart-contract integration
AI & Agents: AI agents, MCP servers, LLM integration, prompt engineering
Automation: Puppeteer, Electron, Telegram Bot API (grammY)
Security & Reverse Engineering: Burp Suite, OWASP Top 10 / API Security Top 10, penetration testing, Android reversing (APK /
smali)
Infrastructure & DevOps: Linux, VPS, Docker, Nginx, Cloudflare, DNS, Google Cloud, Git

EXPERIENCE
Backend / Full-Stack Developer — Freelance & Contract2022 – Present
Building and shipping backend systems end-to-end for clients and product teams — high-load REST and WebSocket APIs,
real-time services, third-party integrations, and automation on Node.js and TypeScript. Owning projects solo from client brief
and architecture through deployment, monitoring, and support.
Responsibilities:
•​ Designed and shipped high-load REST APIs and WebSocket services on Node.js + TypeScript for thousands of active users.
•​ Built production-grade Telegram bots, including Telegram Business integrations on grammY.
•​ Implemented authentication and authorization — JWT, RBAC, middleware-based architecture.
•​ Integrated payment gateways and third-party APIs with reliable webhook handling.
•​ Profiled and optimized performance — fixed memory leaks and event-loop bottlenecks, added caching layers.
•​ Built SPAs on Vue 3 + Nuxt and React + Vite, PWAs (offline-first, push), and real-time interfaces on Socket.IO.
•​ Wrote scrapers and headless pipelines on Puppeteer with anti-bot evasion; built desktop utilities on Electron.
•​ Set up and maintained Linux servers (Ubuntu / Debian), Nginx reverse proxy, SSL / TLS, Cloudflare, and DNS on VPS and
Google Cloud.
Technologies: Node.js, Express, TypeScript, WebSockets, Socket.IO, Vue, Nuxt, React, Vite, PostgreSQL, MySQL, MongoDB,
Redis, Sequelize, TypeORM, Puppeteer, Electron, grammY, Docker, Nginx, Cloudflare, Linux, Google Cloud, Git.

Founder & Security Engineer — Vapan (vapan.org)2024 – Present
Founder of a development and penetration-testing studio that builds and security-tests web applications, with a mandatory
security review before every release. Runs client engagements directly — scoping, security standards, and remediation — and
produces Ukrainian-language cybersecurity content for the studio blog and community (@vapan_it).
Responsibilities:
•​ Conduct penetration testing against recognized methodologies — OWASP WSTG, MASVS, API Security Top 10, PTES, NIST
SP 800-115 — with CVSS-based reporting.
•​ Build and ship secure web applications, integrating security review into the release process.
•​ Communicate directly with clients on scope, security standards, and vulnerability remediation.
•​ Author technical security content, including a write-up on CVE-2026-26980 (Ghost CMS blind SQL injection).
Technologies: Burp Suite, OWASP Top 10 / API Security
Top 10, OWASP WSTG, MASVS, PTES, NIST SP 800-115, Android reversing (APK / smali), Node.js, Linux.

Backend Engineer — Crypto Payment Platform (TRON / USDT TRC-20)2024 – 2025
Built a cryptocurrency payment backend on the TRON network for USDT TRC-20, covering wallet infrastructure, compliance,
and fund management end-to-end.
Responsibilities:
•​ Implemented HD wallet generation (BIP44) for per-user deposit addresses.
•​ Built AML checks and fund-sweep mechanics for consolidating deposits.
•​ Integrated the TR.ENERGY API for Energy rental to reduce transaction costs.
•​ Handled reliable transaction monitoring and webhook processing.
Technologies: Node.js, TypeScript, TRON, USDT TRC-20, BIP44 HD wallets, TR.ENERGY API, PostgreSQL, Redis.

AI / Backend Engineer — Autonomous Multi-Project Agent System 2025
Designed an autonomous multi-project agent system that orchestrates Claude Code agents through MCP servers, using Slack
as the control interface for end-to-end task execution across projects.
Responsibilities:
•​ Architected agent orchestration across multiple projects via MCP (Model Context Protocol) servers.
•​ Built MCP servers exposing tools and data to LLM clients and AI agents.
•​ Used Slack as the task-orchestration and control interface.
Technologies: Node.js, TypeScript, MCP servers, Claude Code, LLM integration, Slack API.

Backend / Solana Engineer — AiFinPay (aifinpay.company) 2025
Built an x402-native Solana payment infrastructure for autonomous AI agents, developed for a hackathon. Delivered backend,
SPA, and deployment end-to-end.
Responsibilities:
•​ Built the Node.js / Express backend for x402-native agent payments.
•​ Integrated Solana (devnet) with USDC / USDT settlement.
•​ Built the React / Vite SPA and containerized the stack with Docker behind Nginx.
Technologies: Node.js, Express, React, Vite, Solana, USDC, USDT, x402, Docker, Nginx.

Full-Stack / Solana Engineer — Rekt4Good 2026
Built a satirical anti-gambling Solana application that redirects virtual leveraged-trading losses to Ukrainian charities, for an AI
vibe-coding hackathon sprint. Fully deployed to Solana devnet.
Responsibilities:
•​ Developed and deployed a verified Anchor on-chain program to Solana devnet.
•​ Registered and wired three charity fund wallets into the application flow.
•​ Built the full-stack application around the virtual leveraged-trading mechanic.
Technologies: Solana, Anchor, Rust, Node.js, TypeScript,React.

Security Researcher — SSH Honeypot & Threat Intelligence 2025
Discovered and documented a scam operation targeting cryptocurrency node operators, deploying a honeypot to capture
attacker behavior and preparing findings for CERT-UA.
Responsibilities:
•​ Deployed and operated a Cowrie SSH honeypot to capture attacker tooling and behavior.
•​ Analyzed and documented the scam operation targeting crypto node operators.
•​ Prepared and reported findings toward CERT-UA submission.
Technologies: Cowrie, SSH honeypot, Linux, threat intelligence, incident reporting.

Contributor — CTF Junior League (ctfjunior.com.ua) 2026
Contributor to a youth cybersecurity competition platform for participants aged 14–19. Creates technical and educational
content across CTF categories and runs the community channel through qualifiers and the offline final.
Responsibilities:
•​ Produce technical and educational content across Web, cryptography, reverse engineering, forensics, networks, OSINT,
and AI security.
•​ Manage Telegram channel content through the qualifier and the offline Kyiv final, coordinating visual assets and copy.
Technologies: Web security, cryptography, reverse engineering, forensics, OSINT, AI security.

EDUCATION & CERTIFICATES
•​ 2024 – 2028 · Bachelor's in Cybersecurity, West Ukrainian National University, Ternopil.
•​ Cisco Networking Academy — Junior Cybersecurity Analyst Career Path.
•​ Cisco Networking Academy — CyberOps Associate.

LANGUAGES
Ukrainian — Native.
English — Pre-Intermediate (fluent reading of technical documentation, basic client communication).