Security professional focused on developing applications to assist individuals and companies protect their data through information security. Brings a diverse background of education and practical experience to the job, and strives to further knowledge and personal growth through on-the-job experience.
| NerdWallet |
Remote
|
| Senior Security Engineer |
Sept. 2020 to Current
|
- Led the bug bounty practice and reformed criteria to meet researchers' needs
- Advised on engineering architecture assessments from an application security perspective
- Performed reviews on various aspects of frontend security as well as supply chain issues
- Mentored junior colleagues on more advanced topics
|
Remote
|
| Security Engineer (Penetration Tester, Contract) |
Dec. 2019 to Aug. 2020
|
- Performed penetration testing on web and mobile applications on internal & external features
- Responded to bug bounty reports and re-tested reported issues after fixes were applied
- Set guidelines internally for pentesting, that included links to resources
- Followed up with developers on how to best remediate issues, or avoid pitfalls in the future
| Wealthfront |
Redwood City, CA
|
| Security Engineer |
June 2018 to Apr. 2019
|
- Performing penetration tests and security reviews
- Running the vulnerability management program and responding to bug bounty reports
- Assisting with identifying security weaknesses, misconfigurations and insecure code
- Provided help with automating security tests to avoid accidental vulnerabilities, including deploying security static analysis tools in a CI/CD context
| NCC Group |
Sunnyvale, CA / New York City, NY / Remote
|
| Security Consultant |
Aug. 2015 to May 2018
|
- Performed web application, web service, and mobile application penetration testing
- Handled communication with clients and remediation of vulnerabilities
- Trained fellow co-workers on testing applications involving binary protocols used by client-side JavaScript applications
- Developed several internal tools to aid in penetration testing and one public tool, WSSiP
| WSSiP (WebSocket/Socket.io Proxy) |
Jan. 2017 to Current
|
Developed an application in Node.js using Electron, React and Material-UI framework to view and manipulate WebSocket messages between client & server and vice versa. Presented at Black Hat Arsenal US 2017.
| Meetup to Telegram Bot |
Sept. 2018 to Current
|
Developed an automatic application hosted on AWS Lambda and called by CloudWatch to fetch events happening in a particular social group on Meetup.com, and then automatically post the day's events at 9am every day on the chat application Telegram.