About

I'm a software engineer in Belgrade, working professionally since 2021. Right now I'm at Engineering Software Lab Serbia, building enterprise software: Spring Boot services, Angular and React frontends, and the delivery infrastructure around them.

Over the last couple of years, I've gotten increasingly interested in application security. Not as a specialty I switched to, but as a lens I started applying to the work I was already doing. I think about trust boundaries, safe defaults, input validation, the stuff that determines whether your software just works or is actually hard to misuse.

Security reviews are fine, but what I care about more is getting the defaults right on day one. If the safe path isn't the obvious path, most teams will take the other one without realizing it.

Day to day

  • Backend services and APIs, mostly Java and Spring Boot, sometimes Node.js, where validation, auth, and error handling have to be explicit
  • Frontend work in React and Angular, usually connected to the same services I'm building or maintaining
  • Containers, CI/CD pipelines, and the release workflows that actually get used when it's time to ship

Currently digging into

OWASP Top 10 and API Security Top 10

Not just memorizing the lists, but mapping each item back to real code decisions I've seen or made. The goal is to recognize these patterns in pull requests, not just on slides.

Threat modeling and security testing

Spending time on abuse cases, attack surface review, and figuring out how to fit security checks into CI pipelines instead of running them as a separate, easy-to-skip step.

Experience

Software Engineer

Engineering Software Lab Serbia · 2022 – Present

  • Building and maintaining Spring Boot services and REST APIs where bad inputs, missing auth checks, and edge cases have to be handled explicitly
  • Event-driven flows with RabbitMQ and Redis, keeping services coordinated without making debugging impossible
  • Owning delivery end-to-end: containers, deployment config, dependency management, and the decisions that usually only get attention at release time
  • Shipping full-stack features across Angular and React frontends, connected to Java and Node.js backends
JavaSpring BootReactAngularTypeScriptRabbitMQRedisDocker

Full Stack Developer

Freelance · May 2023 – September 2023

  • Built the customer-facing storefront and internal dashboard for a Swedish video-commerce startup
  • Node.js APIs with Prisma and MongoDB handling content, commerce, and account operations
  • Auth and subscription flows for both admins and end users, plus reusable UI patterns with Tailwind and shadcn/ui
Next.jsReactNode.jsMongoDBPrismaTailwindCSS

Software Developer

docloop · 2021 – 2022

  • Worked on a production e-invoicing platform in .NET and Vue.js, used by real client organizations
  • Delivered invoicing workflows where data integrity and correctness weren't optional
  • Cleaned up frontend and backend structure to make the codebase easier to work in over time
.NETVue.js

Education

BSc Software Engineering

Metropolitan University Belgrade · 2024 – 2027 · Year 3 of 4

Gave me the theory behind things I was already doing at work: systems design, distributed systems, testing, formal security concepts. It also gave me a better vocabulary for understanding why software fails, not just how to make it work.

Security electives

CryptographyWeb System SecurityEthical HackingBlockchain for Data ProtectionComputer System Security

Get in touch

Best way to reach me is email. I'm also on GitHub, LinkedIn.