Security & Systems Engineer

Matthew Bowman

I build security automation, defensive cryptography, and audit infrastructure for autonomous systems — and I respond when things break.

Austin, TX → relocating to NYC · incident response · endpoint & multi-cloud · 15+ years

↧ Résumé (PDF) ✉ [email protected]

Selected Work

Independent security R&D — original systems I designed and built. Concept-level; no client data, targets, or findings.

Autonomous Security Research

Meridian

A containerized pipeline that chains reconnaissance → vulnerability analysis → exploit validation, built to understand how automated adversaries operate at scale.

Problem

Modern attack surfaces are too large to assess by hand, and defenders rarely see how an automated attacker actually prioritizes and moves.

Approach

A multi-stage, WAF-aware pipeline with CVE-first prioritization and breadth-then-depth heuristics that decide when to pivot vs. go deep — with evidence capture and structured reporting built in.

Impact

Turns days of manual recon into continuous, prioritized signal, and doubles as a defender's lens on attacker tooling, tempo, and decision-making.

PythonDocker Compose · 30+ servicesorchestrationrecon / vuln toolingLLM-assisted triage

AI Agent Security · Cryptography

Seal

Cryptographic provenance for AI-agent prompts — replacing brittle "injection detection" with signatures that fail closed.

Problem

Prompt-injection defenses based on reading language are guesswork; an attacker only has to phrase it differently.

Approach

Every prompt carries an Ed25519-signed Verified Prompt Envelope proving who authorized it, its scope, and that it wasn't tampered with. Turns an NLP problem into key management.

Impact

A defense-in-depth primitive for agent systems that rejects unauthorized instructions by construction, not by vibes.

PythonEd25519HMAC-SHA256protocol design

Agent Infrastructure · Audit

Division

A hierarchical multi-agent system with durable episodic memory and a full audit trail of autonomous work.

Problem

Multi-agent systems lose context across sessions and leave no record of who did what, when, or why.

Approach

A coordination layer (lead → supervisor → specialized agents) over four-level episodic memory, with an HTTP API that checkpoints every task and outcome.

Impact

Cross-session memory plus a forensic, replayable audit trail — observability and accountability for agents.

PythonHTTP APIepisodic memorybi-temporal records

Threat Intelligence · Attack Surface

Sentinel Engine

Certificate-Transparency monitoring that surfaces new and anomalous infrastructure from internet-scale CT noise.

Problem

New subdomains, certs, and look-alike infrastructure appear constantly — phishing and shadow assets hide in the volume.

Approach

Continuously ingest public CT logs, extract and normalize domains, correlate against tracked roots, and surface only the new or anomalous as actionable intel.

Impact

Early warning on phishing infrastructure, subdomain sprawl, and shadow assets — attack-surface monitoring that runs unattended.

PythonCertificate Transparencystreaming correlationOSINT

About

I'm a security and systems engineer with 15+ years across enterprise IT, multi-cloud architecture, and security operations. My day-to-day is keeping production systems healthy and defensible across AWS, GCP, and Azure; my nights are spent building the autonomous security tooling above.

Hands-on with EDR-driven incident response (SentinelOne across 100+ environments), cloud security hardening, and high-tempo production incident work. Deep operator history in the gaming and media industry. Former U.S. federal Confidential clearance. I like problems where security, automation, and scale meet.

Focus

Incident response · detection · security automation

Cloud

AWS · GCP · Azure · Kubernetes

Security

SentinelOne EDR · IAM · PKI · log analysis

Code

Python · Bash · PowerShell · Go

Certs

CompTIA Security+ · Network+

Based

Austin, TX → relocating to NYC