Sofia Aberegg is a security consultant in K2 Integrity/Leviathan Security Group’s Technical Services team, specializing in web application penetration testing, exploit development, and secure code review. She brings deep technical expertise across offensive security testing, secure development practices, and vulnerability research to help organizations identify and mitigate complex security risks. In addition to client engagements, she contributes to internal research initiatives focused on emerging security topics and the continual refinement of web security testing techniques.
Prior to joining K2 Integrity/Leviathan Security Group, Sofia worked as a penetration tester at Hyland Software, where she performed white-box penetration tests across Hyland’s portfolio of content management applications. In this role, she also supported developer education on secure coding practices and assisted with triaging vulnerabilities reported by customers and external researchers. Earlier, Sofia served as a software developer at Hyland, building and testing new features for metadata services in both web-based and thick-client applications. During this time, she worked extensively with static application security testing (SAST) tools to identify and remediate vulnerabilities early in the software development lifecycle.
Sofia has reported numerous vulnerabilities and bugs to open-source projects, including Binaryen, pfSense, LimeSurvey, and jq. She regularly leverages industry-standard tools and technologies such as Semgrep, OWASP Dependency-Check, and Burp Suite Professional, and is proficient in Python, Bash, and JavaScript.
Sofia holds a B.S. in computer science from Ohio University and maintains multiple industry certifications, including Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), and Offensive Security Web Expert (OSWE).