Your product should work as intended
18+ years in QA. I've spent the last 6 building automation from scratch at several companies — no manual regression, just frameworks, pentests, and load testing. When something breaks, you find out in hours.
Services
Test Automation
Frameworks from scratch, Kotlin/Kotest, CI/CD integration
Penetration Testing
OWASP Top 10, API security, web applications
Load Testing
k6, profiling, bottleneck analysis
Big Data QA
Kafka, Parquet, Avro, Schema Registry, ETL
AI + Automation
AI code review, test generation, ML pipeline QA
Experience by Domain
5 banks (top-20 Russia). Big Data QA, ETL frameworks, Kafka, high-load pipelines.
VC-backed startup (Boston, $46M+). Integration testing, framework migration to Kotlin. CI/CD.
Cloud-based medical IS. QA team management, lab system integrations.
NDA projects. Marketplaces, China → RU platforms. Pentesting + functional QA.
SAP, CRM, billing systems. Functional and integration testing.
Web application and API pentesting. SQL injection, IDOR, shadow API. Full cycle: audit → report → retest.
Case Studies
Test automation from scratch for AI-powered gifting platform
🎯 Goal
Automate integration testing and migrate the legacy UI test framework from Groovy to Kotlin.
⚙️ What we did
Built an integration testing project from scratch in Kotlin, integrated into Docker and CI/CD, deployed to production. Migrated the UI test framework from Groovy + Selenide to Kotlin. Code review of the migration.
🔍 Findings
The Groovy framework was slow and painful to maintain. Both problems went away after the migration.
✅ Result
All tests automated, running in CI/CD, shipped to production. Nobody runs regression manually anymore.
Comprehensive security and QA audit before Russian market launch
🎯 Goal
Full audit of a web platform and mobile application (iOS, Android) before launch on the Russian market.
⚙️ What we did
Functional testing of website and mobile apps. Design mockup verification. Two rounds of penetration testing. Regression audit with formal retest cycle. Manual testing of mobile apps on iOS and Android.
🔍 Findings
84 defects total, 12 critical — including SQL injection, IDOR vulnerabilities, shadow API endpoints, hardcoded secrets, insecure file uploads.
✅ Result
Remediation roadmap delivered. Retest confirmed everything was fixed. Launched with a clear picture of what risks remained.
Load testing and security audit before New Year rush
🎯 Goal
The client needed to know: will this hold during the New Year rush, and are there any holes that could be exploited before traffic spikes?
⚙️ What we did
Load testing simulating peak holiday traffic. Penetration testing of the web application. Functional testing against design mockups. Manual testing on iOS and Android.
🔍 Findings
Performance bottlenecks that would have caused failures under peak load. Security vulnerabilities in the web application.
✅ Result
Fixed the bottlenecks in time. No downtime during peak season. The client kept their revenue.
Security audit and QA for a user-facing content generation platform
🎯 Goal
The service had user uploads, a custom editor, activation codes, and marketplace integrations. Each of those is a potential attack surface.
⚙️ What we did
Penetration testing of the web application and API. Functional testing against design mockups. Testing of the activation code system and user editor. Manual testing on iOS and Android.
🔍 Findings
Security vulnerabilities in user content handling and the activation flow.
✅ Result
Fixed before launch. The service shipped without the security issues it had going in.
About
Stanislav Romanov
QA Consultant · SDET · Big Data · Security · AI
18+ years in IT, 6+ without manual testing. I build automation from scratch, find security holes, test systems under load. Worked with banks, a Boston startup, medtech, and e-commerce.
Tell me about your project
Response within 24 hours
Message sent
I will respond within 24 hours.