Feb 2023 – Nov 2023 · 9 mos · Morrisville, North Carolina, United States · Hybrid

Jan 2018 – Feb 2023 · 5 yrs 1 mo

• Hiring, onboarding, and mentoring of remote engineers.
• Leading a team that exemplifies ownership, craftsmanship, and technical innovation.
• Collaborating with product management and stakeholders on product roadmap to consistently deliver value to customers and quickly respond to change within an Agile/Scrum development process.
• Managing the software development process to improve product quality and increase test quality, including a long-term project to modernize the codebase and test suite, resulting in dramatically improved maintainability, engineering quality-of-life, and development velocity.
• Working closely with engineers to deliver a high-quality product supporting both older (ASP.NET frameworks) and more modern technologies (ASP.NET Core, GraphQL, Azure Functions) supporting tooling such as product telemetry, diagnostic CLI, agent configuration editor, and a K8S Operator.

Jan 2016 – Jan 2018 · 2 yrs

• Developed novel techniques for instrumentation and security analysis of ASP.NET applications while leading implementation of the .NET agent.
• Worked closely with internal staff to support deployment and troubleshooting of the product.
• Created build and release pipelines with a variety of automated tests to ensure product quality.

Jul 2014 – Jan 2016 · 1 yr 6 mos

• Implementation of the .NET Contrast agent that continuously analyzes ASP.NET web applications to detect vulnerabilities and prevent attacks.

Jan 2012 – Jul 2014 · 2 yrs 6 mos

• Lead web application security testing and code reviews to identify vulnerabilities.
• Advised customers on application security risks and remediation.

Dec 2007 – Dec 2011 · 4 yrs

• Lead efforts to integrate security activities into the software development lifecycle of multiple development teams. Provided development teams with libraries for more thorough input validation and output encoding, and developing anti-automation defenses. Produced and presented custom security guidance and training on security activities as well as common vulnerabilities and their mitigations. Worked with multiple departments and teams to help achieve PCI compliance.
• Developed a security token service for a federated authentication solution using ASP.NET MVC3 and Windows Identity Foundation hosted on Windows Azure.
• Implemented several security features for an enterprise product including role-based access control, input validation at multiple layers, client SSL behavior, and encryption key management.
• Handled communication with security researchers and customers via security@techsmith.com; wrote security advisories alerting customers about issues and fixes for TechSmith products.