Oct 2020 – Aug 2022 · 1 yr 10 mos · New York, New York, United States

• ◦ Prevention Engineering: Established the foundation of the Application Security teams Prevention Engineering Strategy
• and Developed a strategy focusing on Secure by Default frameworks, enabling development teams to adhere to best practices
• seamlessly across the organization without being burdened by granular configuration details.
• ◦ Eradicated OWASP Top 10, PII Leakage: Designed, implemented, and led a team of engineers in redacting personally
• identifiable information (PII) from application logs using structured logging and AWS Macie.
• ◦ Container Security - Nsjail: Fine tune nsjail config, a cli tool that leverages Linux namespaces, to achieve isolation and
• securely convert PDF in the Hellosign Business Unit
• ◦ Tech Lead - Hellosign Business Unit: Worked together with external stakeholders to align on shared priorities and led
• the team planning, creation, and execution of the teams Quarterly OKRs and yearly roadmap.
• ◦ Automation through Intake form service: Developed a Python Flask service for gathering internal stakeholder requests
• which automated the creation of Jira tickets with correct labels and priorities, streamlining the on-call process.
• ◦ Threat Modeling / Consultation: Evaluated implementation designs for security weaknesses and provided alternatives
• with stronger security controls for both Dropbox and HelloSign development teams.
• ◦ Fraud and DDOS Prevention: Significantly improved HelloSigns security posture by integrating Arkose captcha with the
• user registration flow.
• ◦ Maintaining Compliance: Collaborated closely with the legal team to ensure new features and services released to
• production met compliance standards such as HIPAA, GDPR, and others.

Sep 2019 – Oct 2020 · 1 yr 1 mo · New York, New York, United States

• ◦ Bugbounty Program: Collaborated with Bugcrowd to define the bug bounty program’s scope, leading the confirmation of
• reports and the mitigation of vulnerabilities reported.
• ◦ Penetration Testing - Purple Team: Teamed up with a third-party vendor for black box testing against production
• infrastructure, ensuring the system’s resilience against users with malicious intent.
• ◦ Integrated with Signal Science WAF: Installed a Web Application Firewall (WAF) on all servers receiving external web
• traffic, enhancing security by preventing malicious traffic from compromising the servers.
• ◦ Mentoring: Provided mentorship by teaching security best practices to engineering sprint teams and sharing bug bounty
• reports to help teams avoid similar vulnerabilities in the future.

Jan 2018 – Aug 2019 · 1 yr 7 mos

• Completed wide range of software development and programming tasks.
• Took part in monthly grooming sessions to make estimations and prioritize the backlog.
• Analyze software usability and performance, recommended changes to improve functionality.
• Practice Agile methodologies through Gitlab CI/CD piplines
• Perform security reviews for our code changes to ensure secure production code.
• Migrated an AngularJS service to Angular 5.
• Created additional features/permissions in both monolith and microservice code base

Jan 2017 – Jan 2018 · 1 yr

• Introduced methods that enhanced the team’s workflow, release process and product quality.
• Help build and enhance highly available and scalable dashboards used by management.
• Contributed software engineering expertise in the development of products deployment cycle.
• Worked closely with DevSecOps team to test and maintain product quality.
• Analyzed complex data to help optimize the product’s user experience for customers.
• Scripted in python to automate part of the data mining that was used to generate reports.
• Analyzed run times and features before releasing deployment to production.

Aug 2016 – Jan 2017 · 5 mos

• Conducted FP/Valid software security research on Common Weakness Enumeration (CWE)
• Manually ran failed scans with latest branch of the static engine.
• Reviewed past C++ and JavaScript scans for better detection in automation (REC)
• Helped PMs’ and CSMs’ with their customer’s application through weekly meetings.
• Presented findings in a monthly meeting with upper management on patterns found.