The MinCaml compiler project is one of my strongest general engineering signals. It includes parsing, type checking, K-normalization, alpha conversion, beta reduction, let reduction, constant folding, closure conversion, ASML generation, and ARM-oriented backend work.
Compilers force a kind of rigor that transfers well to cybersecurity. You cannot hand-wave an intermediate representation. You need to know what the program means before and after each transformation, and tests become the only sane way to keep that confidence.
The project also gave me practice reading a larger Java codebase with many interacting passes. That matters in security work because audits often start the same way: understand the system well enough to say where the assumptions break.
I would bring this up for roles that need strong software engineering, static analysis, secure development, or code review.