Jan 2023 – Mar 2025 · 2 yrs 2 mos · Seattle, Washington, United States · Hybrid

• Led multiple security reviews and an internal pentest for a new product. Worked closely with engineering to mitigate risks.
• Collaborated with senior engineers as a lead contact for performing security assessments of Generative AI features.
• Built a tool powered by Large Language Models (LLMs) to aid security engineers in threat modeling.
• Served as the security liaison for incident response, conducting thorough vulnerability risk assessments, and partnering with engineering teams to implement mitigations, while also providing support to field engineers for effective customer communications.
• Performed security reviews for infrastructure migration effort and reported findings to the engineering team.

May 2022 – Aug 2022 · 3 mos · On-site

• Designed and developed a Go tool to enable effective review of large-scale changes to Google’s network ACLs management system. Performed security assessments of large ACL changes.
• Incorporated concurrency techniques and achieved 77% faster run time than previous scripts used for ACL changes review.
• Reported various bugs in the network ACL management system and Capirca, an open-source ACL generation system.

Aug 2021 – Dec 2021 · 4 mos

• Built security tools and tests in the API Security Squad to enable Postman users to secure their APIs.
• Designed and deployed an automated service on AWS in NodeJS to archive old and outdated API security scan reports and conserve upto 75% of highly available storage.
• Built an extension on an IDE to enable security scans of OpenAPI schemas and notify security lapses to users.
• Developed integration tests using Mocha and Sinon to improve end-to-end test coverage for an API security scanner.

Nov 2020 – Jul 2021 · 8 mos

• Led R&D of Android app security scanning tool in BeVigil, a security search engine, to generate security reports of more than 10,000 Android applications.
• Built various security tests to identify malware and third-party libraries, leak of credentials and sensitive information, etc, in the application.
• Reported critical vulnerabilities in major global technology companies.
• Enabled a security score per app to enable users to understand the app's security posture.

Nov 2020 – Jan 2021 · 2 mos

• Built a predictive model to compute tie strength and identify strong and weak ties amongst Facebook
• friendships, which plays a key role in psychological well-being. Used Empath, VADER, and IBM
• Watson Tone Analyser tools for sentiment analysis of messages and posts.
• Worked with Ethi, a personal data startup to help people understand and control the personal data companies collect about them.
• https://www.menonlabs.com/ethi-mental-health

May 2019 – Oct 2019 · 5 mos · Singapore

• Designed a side-channel attack on physical security systems and a paper I co-authored was accepted at the USENIX Security Symposium 2021 and the 21st International Workshop on Mobile Computing Systems and Applications (ACM HotMobile 2020).
• Research Intern at SENSG (Sensing, Embedded, and Network Security Group) led by Prof Jun Han at the School of Computing, NUS

May 2018 – Jul 2018 · 2 mos

• Designed and built an Android mobile wallet application that enables the user to add cards and pay using Qryptal's encryption and validation technologies. The app is protected with the credentials setup by the user.
• Used Adobe XD for design, Kotlin and SQLite database for the app implementation.

Dec 2017 – Feb 2018 · 2 mos

• Implemented the back-end of an Android mobile application using routing and API integrations. The app uses Google Maps API to display the route between the user entered source and destination.
• Used NodeJS Express framework.

May 2015 – May 2015 · 0 mo

• Built a schematic model of the visual cortex and generated orientation maps in the astrocytes levelusing the unsupervised learning SOM features available in Topographica.