Hello! I'm a Security leader with a developer-centric approach to securing modern cloud platforms. Proven expertise in security architecture, SDLC governance, vulnerability remediation, and leading high-impact security teams. Passionate about bridging the gap between engineering and security to drive proactive, scalable security solutions.
Tech Lead (L6 SWE), Google Threat Intelligence June 2024 – February 2025
- Managed the technical leadership of a 10-person SWE scrum team building Google Threat Intelligence’s global scan capabilites
- Contributed fully-tested Golang code to our microservice backend, as a ½ SWE member
- Served as system design SME and authored / coauthored 50+ design proposals, design documents & infrastructure diagrams
- Created quarterly product roadmaps and delivered their features on time
- Represented team in weekly execution reviews with leadership
Principal Security Architect November 2022 – June 2024
- Served as security SME on a Platform-as-a-Service team that built and managed a Google acquisition-friendly GKE environment
- Created pattern for authoring, deploying and maintaining Kubernetes admission controls & security policies
- Oversaw vulnerability remediation and supply chain security initiatives in Mandiant products
- Coordinated with teams to integrate pre-acquisition SDLC tools into the Google ecosystem
Senior Security Architect May 2022 – November 2022
- Led the SDLC compliance assessment that factored into Mandiant’s acquisition by Google
- Aided in the compliance and management of a FedRAMP-High environment
- Managed vulnerability remediation across 15+ product units, including Log4J triage
Product Security Engineer March 2021 – May 2022
- Managed the security and compliance of Mandiant’s platform, Mandiant Advantage
- Organized and executed annual 3rd party security assessments of the teams’ platforms for compliance certification
- Managed the Mandiant/FireEye bug bounty program on BugCrowd, including payout & remediation
- Translated abstract security assessment findings into tangible vulnerability remediation work, and ensured their resolution
- Assisted in the security separation of a product division’s divestiture (EDR offering) to Trellix
Information Security Analyst October 2019 – March 2021
- Served as an analyst in FireEye’s Security Operations Center doing realtime Incident Response
- Executed Threat Hunting exercises against both enterprise and cloud environments
- Performed Digital Forensics on malware samples collected in Threat Hunting and IR
- Created SOAR runbooks in Jupyter Notebook to handle repeated tasks quickly & accurately
- Served shields-up (overtime) for 2 months following the infamous Solar Winds incident
Software Developer & Open Source Fellow September 2017 – January 2019
- Contributed JavaScript/TypeScript code to the Enki App, a React-native platform used on web and mobile, and Enki Bot, a daily mentor chatbot for Slack
- Produced Intro to Security Course on OWASP Top 10 and OSI Model
- Refactored our backend to Dockerized microservices, and automated release via CI/CD