Jan 2024 – Feb 2026 · 2 yrs 1 mo · Menlo Park, California, United States · On-site

• Risk reduction in LLM and Agentic software at scale:
• Remote Code Execution via AI Agents,
• Integrity bypassing human reviews to post offensive AI content,
• Data exfiltration via prompt injection,
• Unauthorized access to AI generated content and AI chat attachments,
• Sensitive user data logged as AI output,
• Accountability issues when AI agent acts on behalf of user
• Unauthorized access to internal, and experimental LLM models
• Conducted 40+ security consults for Agentic software, identifying at least 3 top risks and providing mitigation recommendations in each engagement
• Improved static and dynamic analysis tools to reduce False positives, specifically in data exfiltration and authorization rules in web surfaces.
• Built tooling for Agents, MCP tools and agentic tools to tag based on https://ai.meta.com/blog/practical-ai-agent-security/

May 2023 – Aug 2023 · 3 mos · Sunnyvale, California, United States · On-site

• Developed a web application that communicates with build tools, and CVE
• databases to monitor CVEs of OSS packages in Juniper software intended to reduce/prevent supply chain attacks
• Developed CTF challenges around web, systems and cryptography. The CTF
• saw 97% registration and the top 5 teams scores were at stddev of 0.8%
• Contributed to threat modeling, designing test cases and performing VA/PT for Juniper products to find 3 medium or higher vulnerabilities

Aug 2022 – Dec 2023 · 1 yr 4 mos · Atlanta, Georgia, United States · On-site

• Contributed to building a dynamic taint tracking system for modern Chrome extensions to identify privacy leak through browser extensions.
• 100K+ Chrome extensions were analyzed across the following websites: Amazon, Facebook, Gmail, Instagram, LinkedIn, Outlook, and PayPal. The research outcome was submitted at USENIX '24 Security conference.

Aug 2021 – Aug 2022 · 1 yr · Bangalore Urban, Karnataka, India · Hybrid

• Identified and mitigated authorization, resource consumption and injection risks at scale for Postman web.
• Designed threat modelling strategy for cloud and web applications thereby creating a framework to evaluate attack surface and track threats and vulnerabilities.
• Built custom security controls for Postman's cloud infrastructure and automated security regression test thereby improving visibility by 20%.
• Evaluated CNAPP/CWPP solutions for Vulnerability Management, and Monitoring and detection to improve visibility by 200% (based on number of actionable alerts) and reduce maintenance efforts and cost by about 250%.
• 100+ hours of Incident Response and triaged bug bounty reports.

Jul 2018 – Aug 2021 · 3 yrs 1 mo · Bangalore Urban, Karnataka, India · On-site

• Lead a team of 3 engineers to consistently deliver at least 70% of sprint task points. Guided and advised network engineers a DevOps mindset that enabled team to automate at least 10% of their routine work.
• Designed and developed a scalable and reliable data pipeline for enterprise infrastructure health data to a monitoring and alerting tool that reduced Mean Time to Detect (MTTD) issues by 50%.
• Developed a data pipeline that uses heterogeneous inventory sources to build a single source of truth for enterprise assets.
• Designed and implemented a system that correlates and aggregates different network alerts to interpret and report the symptoms, cause and effects of an incident, thereby reducing MTTD by 20% further.
• These home grown solutions saved the business an aggregate of $2M/yr liability on third party tools.
• Experimented FIDO2 based multi-factor authentication on enterprise endpoint systems where beta users rated an NPS score of 10/10.
• Enforced standardization and removed human errors by automating pre-checks and post-checks of enterprise infrastructure changes.
• Enforced standardization and removed human errors by automating FMEA tests on product's network infrastructure.
• Designed and developed a chatbot that provides a conversational interface to access and run network automation scripts, thereby reducing the learning curve of using network automation tools significantly.

Jan 2018 – Jun 2018 · 5 mos · Bangalore Urban, Karnataka, India · On-site

• Developed a web application that presents the hop-by-hop network health of each participant in a Video conference call that reduced MTTD issues by about 300%.

May 2017 – Jul 2017 · 2 mos · Bangalore Urban, Karnataka, India · On-site

• Developed a command-line utility deployed on enterprise client machines to identify performance issues with VPN clients, thereby reducing the MTTD by more than 1000% (10 mins to <1 min)