Skills

senior-security

Installation
SKILL.md

Senior Security Engineer

The agent performs STRIDE threat analysis with DREAD risk scoring, designs defense-in-depth security architectures with Zero Trust principles, conducts secure code reviews against OWASP Top 10, and scans codebases for hardcoded secrets across 20+ credential patterns.

Core Capabilities

  • Threat modeling — STRIDE per-element analysis, DREAD risk scoring, DFD creation, attack trees, and mitigation mapping.
  • Security architecture — defense-in-depth layering, Zero Trust, authentication pattern selection (OAuth/OIDC, JWT, mTLS, FIDO2), and encryption strategy.
  • Vulnerability assessment — automated (SAST/DAST/dependency/secret) plus manual testing, OWASP Top 10 mapping, severity classification, and remediation tracking.
  • Secure code review — auth/authz, data handling, and crypto review with a checklist and secure-vs-insecure pattern catalog.
  • Incident response — triage, containment, eradication, recovery, post-mortem, with severity tiers and runbook checklist.
  • Secret detectionsecret_scanner.py finds 20+ credential patterns (AWS/GCP/Azure, GitHub/Slack/Stripe, private keys); CI/CD-ready exit codes.
  • Compliance mapping — OWASP ASVS, CIS Benchmarks, NIST CSF, PCI-DSS, HIPAA, SOC 2 at the application layer.

When to Use

Installs
174
Repository
borghei/claude-skills
GitHub Stars
314
First Seen
Jan 24, 2026
Security Audits
Gen Agent Trust HubPass
SocketWarn
SnykPass
senior-security — borghei/claude-skills