Jul 2025 – Present · 9 mos · SF / London / Singapore · Hybrid

• Your AI teammate for security. DMs open for feedback, I'll reply in <24 hours: https://app.hacktron.ai

Jul 2025 – Present · 9 mos

• I drink matcha.

Apr 2025 – Apr 2025 · 0 mo · French Riviera

• One of 16 undergraduates selected from around the world.

Dec 2024 – Jan 2025 · 1 mo · Houston, TX · On-site

• Developed Dart bindings for a C cryptographic library and integrated its cross-compilation and linkage into the Android/iOS build process
• Worked on new features in the Flutter-based mobile application
• Wrote comprehensive unit and widget tests

Nov 2024 – Jun 2025 · 7 mos · Amsterdam, North Holland, Netherlands

• Started Hacktron instead.

Oct 2024 – Oct 2024 · 0 mo · London Area, United Kingdom

• One of 15 selected students across the UK. 4th place in the individual low-latency challenge.

Jun 2024 – Apr 2025 · 10 mos · Cambridge

• Built an AI-powered, collaborative technical writing tool for STEM students and professionals. We had 1K+ users.
• Raised $16,000 in equity-free funding from pitch competitions.
• Built Turborepo with Next.js + Convex web application, PartyKit server with Yjs CRDT support, TipTap extensions for Cursor-like inline tab completions & inline chat, and a library for compiling LaTeX in WebAssembly.
• Integrated Clerk for authentication, Radix UI for frontend components, Posthog session replay + surveys, and Sentry for observability.
• Deployed services on Vercel and Cloudflare Workers, set up CI/CD for preview and production environments through GitHub actions.

Jun 2024 – Sep 2024 · 3 mos · Singapore · On-site

• 3rd security software engineer in a 200-person organization.
• Built & shipped a Next.js app used by HR and team leads to visualize and preview changes to access control policies on the organization’s GitOps access control solution, reducing human error.
• Used Pulumi infrastructure as code to build a Better Stack integration that reduces time-to-triage for vulnerability reports from several hours to < 1 minute.
• Initiated and led a project to build open-source secure-by-default components used by developers in production systems and our starter kit template, making application security easy and invisible. Remediated a Next.js 0-day in the process.
• Configured CI/CD pipelines including automated NPM package publishing, changelog generation, documentation generation from TSDoc comments (published to a documentation website), testing and deployment.
• Initiated and configured advanced static code analysis pipelines across the organization. Wrote and published custom CodeQL query packs and libraries for data flow analysis on common technologies used, including Next.js, React, and tRPC. Onboarded flagship products like FormSG, Isomer (serves >50% of government websites), and ActiveSG.
• Performed security code and architecture reviews for HealthHub SGID-bridge, DistributeSG, and PaySG.
• Screened applicants' CVs to assess their technical skills for our Build for Good Hackathon 2024.
• OGP is a modern tech team working on public sector problems, represented internationally at events like Figma Config, and the first Singapore government agency to be recognised as a Great Place To Work®.

Mar 2024 – Mar 2024 · 0 mo · London Area, United Kingdom · On-site

• • Implemented trading bot that performed ETF and ADR arbitrage strategies in a simulated financial exchange, trading against other participants & marketplace bots.

May 2023 – Jun 2025 · 2 yrs 1 mo · Berlin, Germany · Remote

• Performed 40+ code audits and penetration tests for global clients (including Fortune 20)
• Communicated findings to technical & non-technical audiences
• Targets included web applications, browser extensions, Electron-based desktop applications, and mobile applications

Apr 2023 – Sep 2023 · 5 mos · Singapore · On-site

• Discovered 50 security vulnerabilities ranging from remote code execution to account takeovers.
• Researched at scale: Protobuf over WebSockets, XSS filter bypasses, and rich text editor vulnerabilities.
• Developed Java extension on Burp Suite's new Montoya API for testing protobuf over both WebSockets and HTTP(s), a feature not supported by any open-source extension at the time of development.
• Wrote a deliberately vulnerable application in React.js used as part of an internal competition.
• Worked closely with product teams to identify security flaws in the early stages of SDLC.
• Discovered CVE-2023-3431 and CVE-2023-3432.

Apr 2023 – Sep 2023 · 5 mos · Singapore

• See above.

Mar 2023 – Sep 2023 · 6 mos · Singapore

• Singapore-based cybersecurity training & consultancy.
• Co-organized HackBash 2024, a cybersecurity workshop and competition for tertiary students, with the National University of Singapore.
• Conducted training sessions for the Singapore Cyber Olympians Programme, supported by the Cyber Security Agency of Singapore (CSA).
• Hosted SpiritCyber 2023, an IoT Capture the Flag competition at the Singapore International Cyber Week (SICW), in collaboration with Ensign InfoSecurity.
• Teams comprising entirely of our co-founders have been represented on the world stage:
• 2nd place in HackTM CTF 2023, held in Timișoara, Romania
• 1st place in the Cyber SEA Games 2023, held in Bangkok, Thailand

Jan 2022 – Sep 2023 · 1 yr 8 mos · Remote

• Reported >50 valid security issues to various global companies
• Achieved maximum lifetime signal-to-noise rating across multiple private & public programs, with zero invalid reports
• Top bug bounty hunter (14 medium & high severity vulnerabilities over 2 weeks) @ Ministry of Defense Bug Bounty Programme 2022
• Top bug bounty hunter (2 low, 5 medium & high severity vulnerabilities over 2 weeks) @ GovTech Government Bug Bounty Programme (GBBP) 8 in 2023
• Top local bug bounty hunter @ GBBP9 in 2023
• Ranked 6th in Singapore in 2022

Jan 2021 – Apr 2023 · 2 yrs 3 mos · Singapore · On-site

• 🪖 One of 25 recruits nationwide selected to serve in high-clearance cybersecurity units during state-mandated military service.
• Graduated training as the Distinguished Honour Graduate and Best in Knowledge.
• Performed white-box code audit and VAPT, patched and hardened web services in an international, live-fire cyber defense exercise.
• Developed web interface to automate and streamline the processing of Indicators of Compromise to assist blue team operations.
• Translated Cyber Threat Intelligence (CTI) reports and raw data into actionable intelligence.

Nov 2018 – Mar 2019 · 4 mos · Singapore · On-site

• Worked on using computational methods, such as the Finite-Difference Time-Domain (FDTD) method, to model nanoscale phenomena and study the formation of optical vortices.
• Won the Best Poster Science Communication Award at the Singapore Science and Engineering Fair (SSEF) 2019.
• Presented at the International Conference on Materials for Advanced Technologies (ICMAT) 2019.