Itamar David headshot
Chicago, IL/Available for roles

Itamar David

Security engineer and full-stack developer.

I work on production systems across web, mobile, backend, and cloud, and I poke at them from the security side. Past projects include OmniEdu, a proxy and games platform that hit around two million daily users at its peak, and FlipDex, an AI inventory app for video game resellers. I've also filed responsible disclosures with Scrimba and Roblox.

EmailGitHubView work
01/ About

I’m a self-taught engineer based in Chicago. Most of my experience comes from running things in production: building features, fixing the authentication edge cases, watching the logs, and rotating the domains when the obvious ones get blocked.

On the security side I look for the same kinds of issues I've had to fix in my own systems: access control gaps, feature gating that trusts the client, anti-tamper assumptions that don't hold up. When I find something, it goes to the affected company first.

Based
Chicago, IL
Focus
Security · Full-stack · Infra
Status
Open to roles
Approach
Self-taught · Shipping since 2020
02/ Selected work
2025Active

FlipDex

AI Pricing & Inventory App for Video Game Resellers  ·  Founder · Full-Stack Developer

An Expo React Native app that scans a stack of video games from a single photo, identifies titles and platforms with AI vision, and returns live pricing and inventory data tuned for resellers.

  • Designed Node/Express backend flows using the OpenAI Responses API with structured JSON outputs, title normalization, and platform mapping.
  • Built cost-aware AI usage planning, SSE streaming concepts, and tiered caching for pricing, eBay, cover art, and AI insights.
  • Integrated PriceCharting API and CSV workflows, optimized local lookups, and shipped subscription logic for scan limits, inventory caps, CSV export, and downgrade handling.
  • Resolved production Expo/Metro/Babel issues, module aliases, package migrations, and authentication friction end-to-end.
React Native·Expo·TypeScript·Node.js·Express·OpenAI API·MongoDB·NativeWind
2023 to PresentLive

OmniEdu

High-Traffic Proxy & Games Platform  ·  Founder · Full-Stack Developer

Grew omniedu.cc to roughly two million daily users at peak through community growth, rotating domains, and resilient proxy infrastructure. Rebuilt and redesigned the platform after downtime with an emphasis on uptime, monetization, and a clean dark-themed UI.

  • Operated Ultraviolet / Scramjet-style proxy systems and navigated real-world friction: blocked domains, Google sign-in challenges, YouTube/proxy edge cases, and ad deployment.
  • Designed domain-rotation strategies, school-friendly access patterns, and multi-domain routing to keep the platform reachable.
  • Shipped referral incentives, monetization experiments, and Discord-driven community growth loops.
  • Maintained a focused dark UI and game/app catalog with dynamic browsing and search across thousands of titles.
Node.js·Ultraviolet·Scramjet·Proxies·DNS·SSL·Discord·Linux
omniedu.cc
2022 to 2024Shipped

Minecraft Server Automation

Cloud Tooling · SSH Control Plane · Plugin Systems  ·  Developer

Ran Minecraft servers on AWS EC2 with hardened SystemD services, then built a browser-based control plane to send commands, stream live output, manage files, and ferry data between EC2 and local machines.

  • Configured Linux/SystemD services for automatic startup, crash recovery, and process reliability.
  • Built Express + Pug + Socket.IO tooling backed by ssh2 to send commands, tail logs, manage files, and automate EC2-to-local transfers.
  • Authored Spigot/Bukkit plugins: Bedwars-style minigames, player/game state, event-driven mechanics, bow aim detection, and ground checks.
  • Debugged multiplayer edge cases and built operator dashboards for live administration.
AWS EC2·Linux·SystemD·SSH·Express·Socket.IO·Java·Spigot/Bukkit
Also
  • Spigot / Bukkit MinigamesBedwars-style systems with player/game state, event-driven mechanics, bow aiming detection, ground checks, and multiplayer edge-case debugging.
  • Web InterfacesDashboards, tabbed UIs, modals, file editors, animated elements, and dynamic content browsers across React, Next.js, Tailwind, Bootstrap, and Pug.
  • Automation / BotsTypeScript automation for live account monitoring, browser automation, alerts, rule-based decisions, Discord bots, transcript search, and scraping.
  • Roblox / Lua SystemsPlinko-style physics boards, grid-based peg layouts, controlled spawning, remote/event-driven systems, and script protection/whitelisting concepts.
  • AI / Data PipelinesVision prompts, structured outputs, OpenAI flows, normalized lookup keys, CSV data, local search performance, pricing logic, and insight caching.
  • Production DebuggingResolved real issues across Expo, Metro, Babel, Tailwind, module aliases, package migrations, browser automation reliability, and auth friction.
03/ Research
I report findings to the affected company first. Reports cover how to reproduce the issue, the business impact, and what to fix. No weaponized details, no live exploitation.
Access Control · Paywall BypassResponsibly disclosed

Scrimba

Legally identified an access-control issue that allowed restricted course content to be reached without the intended paid entitlement checks, then prepared the finding for responsible disclosure.

  • Framed the report around business impact and affected authorization boundaries.
  • Documented reproduction with clarity, scope, and remediation direction.
  • Didn't share the exploit anywhere. Just the report.
Client Integrity · Anti-CheatResponsibly disclosed

Roblox

Researched an external-method bypass against Roblox client integrity and anti-cheat protections, documented the issue at a high level, and reported the findings to Roblox for review.

  • Hands-on reverse-engineering against application behavior and anti-tamper assumptions.
  • Worked through memory/offset analysis concepts and client-side trust boundaries.
  • Practiced safe reporting of sensitive findings without leaking weaponized details.
04/ Toolkit
What I work with day to day.
Languages
JavaScript, TypeScript, Node.js, Java, Lua, Python, C++, SQL, Bash, PowerShell
Frontend & Mobile
React, React Native, Expo, Next.js, Tailwind CSS, NativeWind, Bootstrap, Pug
Backend & APIs
Express, REST APIs, Server-Sent Events, Socket.IO, MongoDB, Auth / AuthZ, Caching
Cloud & Infra
AWS EC2, Linux, SystemD, SSH, Docker concepts, DNS, SSL / Domain Setup, Process Automation
Security
Access Control Testing, Responsible Disclosure, API Security Concepts, Proxying, Whitelisting, Anti-Tamper Thinking, Kali / Wireshark / Nmap
AI & Data
OpenAI Responses API, Vision Prompts, Structured Outputs, Data Normalization, CSV Pipelines, Scraping & Caching Strategies
05/ Contact
Open to security engineer, full-stack, and product engineer roles. Full-time, contract, or interesting one-offs.
Email
[email protected]
GitHub
@itamar1238
Phone
773-680-9417
Location
Chicago, IL