shouldBe
EN / RU
01 Automation · Security · Load Testing · Big Data · AI

Your product should work as intended

Software breaks in predictable ways. Security holes, broken flows, servers collapsing under load. I find them before your users do. 18+ years of this, the last 6 fully automated.

Discuss your project LinkedIn
18+ years in QA
5 banks
6+ years, no manual
results in hours, not weeks
02

Services

Test Automation

Frameworks from scratch, Kotlin/Kotest, CI/CD integration

Penetration Testing

OWASP Top 10, API security, web applications

Load Testing

k6, profiling, bottleneck analysis

Big Data Testing

Kafka, Parquet, Avro, Schema Registry, ETL

AI + Automation

AI code review, test generation, ML pipeline testing

03

Experience by Domain

Banking & Fintech

5 banks (top-20 Russia). Big Data testing, ETL frameworks, Kafka, high-load pipelines.

B2B SaaS (US)

VC-backed startup (Boston, $46M+). Integration testing, framework migration to Kotlin. CI/CD.

MedTech

Cloud-based medical IS. Testing team management, lab system integrations.

E-commerce

NDA projects. Marketplaces, China → RU platforms. Pentesting + functional testing.

Telecom / Enterprise

SAP, CRM, billing systems. Functional and integration testing.

Security Testing

Web application and API pentesting. SQL injection, IDOR, shadow API. Full cycle: audit → report → retest.

Full experience on LinkedIn
04

Case Studies

B2B SaaS Alyce · Boston, US · $46M+ raised (General Catalyst)

Test automation from scratch for AI-powered gifting platform

🎯 Goal

Automate integration testing and migrate the legacy UI test framework from Groovy to Kotlin.

⚙️ What we did

Built an integration testing project from scratch in Kotlin, integrated into Docker and CI/CD, deployed to production. Migrated the UI test framework from Groovy + Selenide to Kotlin. Code review of the migration.

🔍 Findings

The Groovy framework was slow and painful to maintain. Both problems went away after the migration.

✅ Result

All tests automated, running in CI/CD, shipped to production. Nobody runs regression manually anymore.

100% automation
CI/CD integrated
Groovy→Kotlin migration
Production deployed
Security + Testing E-commerce platform · China → RU · Web + Mobile app

Security audit and functional testing before Russian market launch

🎯 Goal

Full audit of a web platform and mobile application (iOS, Android) before launch on the Russian market.

⚙️ What we did

Functional testing of website and mobile apps. Design mockup verification. Two rounds of penetration testing. Regression audit with formal retest cycle. Manual testing of mobile apps on iOS and Android.

🔍 Findings

84 defects total, 12 critical — including SQL injection, IDOR vulnerabilities, shadow API endpoints, hardcoded secrets, insecure file uploads.

✅ Result

Remediation roadmap delivered. Retest confirmed everything was fixed. Launched with a clear picture of what risks remained.

84 defects
12 critical
Web+Mobile scope
2 pentest rounds
Load + Security NDA · E-commerce · Peak season preparation

Load testing and security audit before New Year rush

🎯 Goal

The client needed to know: will this hold during the New Year rush, and are there any holes that could be exploited before traffic spikes?

⚙️ What we did

Load testing simulating peak holiday traffic. Penetration testing of the web application. Functional testing against design mockups. Manual testing on iOS and Android.

🔍 Findings

Performance bottlenecks that would have caused failures under peak load. Security vulnerabilities in the web application.

✅ Result

Fixed the bottlenecks in time. No downtime during peak season. The client kept their revenue.

0 downtime in peak
100% revenue preserved
Next.js stack
NDA client
Testing + Security NDA · SaaS · Photo-based content service

Security audit and functional testing for a content generation platform

🎯 Goal

The service had user uploads, a custom editor, activation codes, and marketplace integrations. Each of those is a potential attack surface.

⚙️ What we did

Penetration testing of the web application and API. Functional testing against design mockups. Testing of the activation code system and user editor. Manual testing on iOS and Android.

🔍 Findings

Security vulnerabilities in user content handling and the activation flow.

✅ Result

Fixed before launch. The service shipped without the security issues it had going in.

Pentest security audit
iOS+Android mobile tested
Next.js stack
NDA client
05

About

SR

Stanislav Romanov

Software Test Engineer · Security · Big Data · AI

Kotlin/Kotest k6 Kafka DuckDB Go Python AI/ML OWASP Parquet gRPC Docker

18+ years in IT, 6+ without manual testing. I build automation from scratch, find security holes, test systems under load. Worked with banks, a Boston startup, medtech, and e-commerce.

06

Tell me about your project

Takes 2 minutes. I'll respond within 24 hours.

1 / 5