Security professional focused on developing applications to assist individuals and companies protect their data through information security. Brings a diverse background of education and practical experience to the job, and strives to further knowledge and personal growth through on-the-job experience.
| IBM |
Remote
|
| X-Force Red Hacker |
Jan. 2022 to Apr. 2024
|
- Performed all-around application security penetration testing
- Walked clients through vulnerabilities with expansive technical details
- Taught colleagues and interns mobile application security testing
- Helped with project management in areas that necessitated it
| NerdWallet |
Remote
|
| Senior Security Engineer |
Sept. 2020 to Oct. 2021
|
- Led the bug bounty practice and reformed criteria to meet researchers' needs
- Advised on engineering architecture assessments from an application security perspective
- Performed reviews on various aspects of frontend security as well as supply chain issues
- Mentored junior colleagues on more advanced topics
|
Remote
|
| Security Engineer (Penetration Tester, Contract) |
Dec. 2019 to Aug. 2020
|
- Performed penetration testing on web and mobile applications on internal & external features
- Responded to bug bounty reports and re-tested reported issues after fixes were applied
- Set guidelines internally for pentesting, that included links to resources
- Followed up with developers on how to best remediate issues, or avoid pitfalls in the future
| Wealthfront |
Redwood City, CA
|
| Security Engineer |
June 2018 to Apr. 2019
|
- Performing penetration tests and security reviews
- Running the vulnerability management program and responding to bug bounty reports
- Assisting with identifying security weaknesses, misconfigurations and insecure code
- Provided help with automating security tests to avoid accidental vulnerabilities, including deploying security static analysis tools in a CI/CD context
| NCC Group |
Sunnyvale, CA / New York City, NY / Remote
|
| Security Consultant |
Aug. 2015 to May 2018
|
- Performed web application, web service, and mobile application penetration testing
- Handled communication with clients and remediation of vulnerabilities
- Trained fellow co-workers on testing applications involving binary protocols used by client-side JavaScript applications
- Developed several internal tools to aid in penetration testing and one public tool, WSSiP
| WSSiP (WebSocket/Socket.io Proxy) |
Jan. 2017 to Current
|
Developed an application in Node.js using Electron, React and Material-UI framework to view and manipulate WebSocket messages between client & server and vice versa. Presented at Black Hat Arsenal US 2017. Currently undergoing a full rewrite as of 2023 and will include communication with other HTML5 communication protocols such as monitoring WebRTC.
| TournamentStreamHelper |
Sept. 2018 to Current
|
Contributor to TournamentStreamHelper, an application made in a mix of Python 3 & Qt, with JavaScript for specific functionalities. Used for scoreboards and relevant information to be presented on a video game tournament livestream.