John Pitzer
Software & Security Engineer
Identity, authentication, and API systems — from secure design to production services in Go, Python, and TypeScript.
What I work on
Development
APIs and services in Go, Python, and TypeScript — gateways, integrations, and platform features that scale.
Security
Secure design, SAST, vulnerability triage, and practical hardening aligned with OWASP and API security best practices.
IT & Identity
OAuth2/OIDC, SSO, MFA, SCIM, RBAC — connecting people, applications, and policy with Auth0-class identity patterns.
Overview
Software & Security Engineer specializing in secure authentication, identity, and API systems (OAuth2, OIDC, SSO, MFA, SCIM, RBAC). Cross-functional background across application security, backend engineering, and cloud infrastructure. Proven track record building scalable Go/Python/TypeScript services and integrating identity platforms to reduce risk and streamline user access.
Skills & tools
Identity & Access
- OAuth2
- OIDC
- SSO
- MFA
- SCIM
- RBAC
- JWT
Security
- SAST (Snyk)
- Secure design & code review
- Vulnerability triage
- OWASP
- API Security
Back-end & APIs
- Go
- Python
- Node.js / TypeScript
- REST
- OpenAPI
Cloud & DevOps
- AWS (Lambda, EventBridge)
- Docker
- GitHub Actions
- Helm
Databases
- PostgreSQL
- MySQL
Tools
- Auth0
- Okta
- Keeper
- Jira
- Confluence
Recent roles
Application Security Engineer
RxBenefits · Birmingham, AL
July 2025 – Present
Led application security efforts across internally developed services and APIs, partnering directly with engineering teams to identify and remediate vulnerabilities early in the SDLC.
Software Engineer II
RxBenefits · Birmingham, AL
January 2024 – July 2025
Led backend development of a custom API Gateway microservice in Go to mediate traffic between distributed systems.
Software Engineer
RxBenefits · Birmingham, AL
January 2023 – January 2024
Built custom REST APIs with validation, routing, OpenAPI docs, database migrations, and Helm configuration.
Education
CompTIA Security+ certification