Zero Trust Implementation - Deployed an OSQuery-based tool fleet-wide, designed posture checks for device health assessment during Single Sign-On (SSO) authentication, and enforced policy-based blocking for unhealthy devices accessing specific SaaS resources.

Security Tooling Enhancement - Led efforts to revamp existing security tools in monitoring and enforcement domains while managing multiple endpoint security tools. Collaboration with stakeholders led to optimized tooling for reduced performance overhead. Implemented and enforced Role-Based Access Control (RBAC) in cloud consoles and developed an API inventory to help manage token lifecycle.

Architecture Review - Conducted security implementation and architecture assessments for various internal and SaaS projects. Additionally, authored guidelines and Security Technical Implementation Guides (STIGs) for internal tech teams.

Leadership and Team Contribution - Played a key role in the team by regularly formulating team strategies and initiatives. Also provided mentorship to junior team members and delivered presentations and demos to the broader security organization.

Active Directory Hardening and Redesign - Identified and addressed hardening and patch deficiencies in the Active Directory system, collaborating with stakeholders. Additionally, I proposed design changes to align the network with best practices for enhanced security.

Endpoint Detection and Response - Served as the platform owner for the enterprise's EDR solution, protecting 50k hosts and designing and implementing numerous workflows to deploy security enhancements, track API key inventory, and address process failures.  Collaborated regularly with partner teams and subsidiaries to ensure through testing of new features and configuration changes, and programmatically implemented RBAC to enforce the principle of least privilege for all platform users. Additionally, I created a methodically for doing sensor regression testing to monitor performance issues caused by new sensor versions. I am also a routine bug submitter to our EDR vendor.

Data Loss Prevention - Derisked the environment by deploying security controls to specific cohorts with unique regulatory needs and during high risk events, divestitures, employee termination) to help mitigate the likelihood of data theft or leakage.  Also, developed a custom service that monitored  Google Drive sharing activity and automatically revoked inappropriate sharing, reducing the risk of data leakage and theft.

Merger/Acquisitions/Divestitures - Designed secure architecture, deployed security tools to meet compliance and stakeholder requirements, and engineered custom tooling to assist with transfer of sensitive data. Supported all major M&A activities end-to-end since 2020.

Operational Enhancements - Created and improved documentation, runbooks, and technical documentation for my products, and regularly enhanced monitoring capabilities, control policies, and exception management to improve efficiency and reduce the operational burden for the team.

Audits and Compliance - Participated as a key contributor in multiple audits, penetration tests, and business activities, identifying optimizations and guiding risk management decisions to ensure compliance and security in Uber's evolving technical landscape.

Custom Tooling - Improved the features, local testing, and overall efficiency of in-house malware scanning tooling, and created comprehensive documentation for Ops members to use and maintain the tooling.

• Engineered solutions in multiple languages to secure privileged accounts, published internal modules for secure credential retrieval, hardened systems, and automate routine system maintenance and upgrades

• Developed and implemented security baselines for the entire Windows workstation fleet and servers, based on risk profile and industry best practices

• Designed and maintained a testing and deployment framework for modern Windows 10 security controls such as Credential Guard and Exploit Guard, ensuring the security and compliance of the enterprise fleet.

• Conducted an audit of the enterprise PKI lifecycle and removed deprecated and weak authentication protocols to improve security and compliance

• Deployed a production-grade service that automates the enrollment and rotation of root passwords into the enterprise password manager, improving security and reducing the risk of password-related incidents

• Initiated and led multiple grass-roots projects focused on improving efficiency, automation, and security best practices across the organization

• Participated actively in the vulnerability management working group, contributing expertise and insights to improve the organization's vulnerability management processes and outcomes

• Performed penetration testing and vulnerability assessments for SMBs to identify security weaknesses and strengthen posture.

• Collaborates with clients to offer personalized and actionable recommendations for improving their security programs and procedures.

• Designs and develops custom tools and scripts to automate internal processes and improve field work efficiency.

• Manages and executes infrastructure upgrades and migrations for internal and customer systems, ensuring minimal downtime and maximum security.

• Provides hands-on training and guidance to junior staff on how to use tooling and procedures to efficiently and effectively perform security assessments.