Dave King — Security Engineer

I work to find places of leverage where my efforts will have large impacts on reducing the risk for the companies I work for. This includes doing things like focusing my efforts on areas of companies or products that are most risky, writing automation that scales my impact, and taking team lead roles in each company where I have the opportunity to help drive team initiatives and mentor newer people in their careers. In most of my roles I've split my time between designing and writing code and partnering with others in the company to reduce risk. For the first several years of my career I focused on finding vulnerabilities through penetration testing and writing automation. I did much of this work while working in banking where the stakes are high. This experience has been invaluable as I've moved to roles that have been focused on building software and services that are resilient to attacks. At VMware I contributed security improvements for nearly all of their core products that they ship to their hundreds of thousands of costumers. Additionally I started a widespread developer education program to help the engineers at VMware better understand security issues and see where they could improve. This included doing a lot of internal speaking on security for groups of hundreds of engineers and organizing and running a large internal security conference that included both internal and external speakers. At Netflix I've played a few roles including long term partnerships and consulting with teams on some of the highest security leverage areas at Netflix including payments, CI/CD infrastructure and OpenConnect (Netflix's internal CDN). I've also had the opportunity to do various shorter term consulting work with almost every part of Netflix including the studio and other parts of streaming, including helping to write software that protects our customers from fraud. Over the last few years I've been primarily focused on helping the security teams at Netflix better understand the assets we need to secure, know where problems exists, and better respond when issues arise. To do this I've had a primary role in helping to build a scalable new system to keep track of the massive amount assets Netflix uses. Additionally I've played a primary role is designing and building a highly scalable scanning infrastructure to help us understand the security properties of the Netflix's infrastructure better. This work has had broad impact on many security efforts at Netflix and has been a key reason the team has been able to scale as the company has grown.

Stackforce AI infers this person is a Security Engineer specializing in SaaS with a focus on risk management and automation.

Location: San Jose, California, United States

Experience: 27 yrs 1 mo

Skills

Security Engineering
Automation
Security Architecture
Information Security

Career Highlights

Led security initiatives at Netflix impacting thousands of assets.
Developed scalable systems for security posture assessment.
Organized internal security conferences to educate engineers.

Work Experience

Netflix

Staff Security Engineer Netflix (3 yrs 9 mos)

Security Engineer (6 yrs 9 mos)

VMware

Staff Security Engineer (4 yrs 7 mos)

Defcon

Speaker - Defcon 18 (2010) (0 mo)

Zions Bancorporation

Security Engineer (3 yrs 11 mos)

Syngress Publishing

Contributing Author (4 mos)

Remote Checkup, Inc.

Owner (2 yrs 5 mos)

DiscountCell

Security Engineer/Programmer/Director of IT (8 yrs 3 mos)

Education

Master's at Norwich University

BS at Brigham Young University

Dave King

Security Engineer

San Jose, California, United States27 yrs 1 mo experience

Most Likely To SwitchHighly Stable

Key Highlights

Led security initiatives at Netflix impacting thousands of assets.
Developed scalable systems for security posture assessment.
Organized internal security conferences to educate engineers.

Stackforce AI infers this person is a Security Engineer specializing in SaaS with a focus on risk management and automation.

Contact

Skills

Core Skills

Security EngineeringAutomationSecurity ArchitectureInformation Security

Other Skills

System DesignIncident ResponseSecurity ConsultingVulnerability ManagementScanning ToolsSecurity AssessmentSecurity Design ReviewCode ReviewMentoringPenetration TestingSecurity StandardsPCI ScanningDevelopmentMarketingSecurity Management

About

Experience

27 yrs 1 mo

Total Experience

4 yrs 11 mos

Average Tenure

10 yrs 3 mos

Current Experience

Netflix

2 roles

Staff Security Engineer Netflix

Aug 2022 – Present · 3 yrs 9 mos

Security Engineer

Feb 2016 – Nov 2022 · 6 yrs 9 mos

Squad lead for group focused on building automation to understand the risk associated Netflix's assets at scale. This includes helping to design systems, writing code, and providing feedback and mentoring to others. Focused on finding ways we could have a few engineers have a large impact on the security of Netflix.
Designed and helped build a highly scalable system to track Netflix massive number of assets it uses to run it's business. The system also tracks relationships between assets and was used as a platform that other things were built on top of, like incident response tooling, and self-service tooling used by engineers to improve the security of their products.
Designed and help build a scalable scanning tool that can quickly and efficiently scan all of Netflix's resources. We used this tool to understand application's security posture, and could be used to quickly understand how new security issues affected the fleet of systems at Netflix.
Long term partnerships and consulting with teams on some of the highest security leverage areas at Netflix including payments, CI/CD infrastructure and OpenConnect (Netflix's internal CDN)
Various shorter term consulting work with almost every part of Netflix including the studio and other parts of streaming, including helping to write software that protects our customers from fraud.
Helped develop our bug bounty program and worked with many external security researchers on issues they found.
Involved in incident response to help understand and mitigate issues that potentially impacted Netflix (reported externally or found internally). In some cases I lead the investigation or remediation efforts, and in other cases I contributed by writing code or consulted

AutomationSystem DesignIncident ResponseSecurity ConsultingVulnerability ManagementSecurity Engineering

Vmware

Staff Security Engineer

Jul 2011 – Feb 2016 · 4 yrs 7 mos · Palo Alto, CA

Member of the product security team leadership, helping to choose team priorities and make high level decisions
Performed security design review, testing and code review of many of VMware’s products
Senior engineer on the team, assigned to validate that proper security work was done and act as a mentor and resource to other engineers (team lead role)
Lead the engineering side of security response for externally reported issues, personally evaluation and reproducing half of the issues and distributing the other cases to the team
Initial security architecture and testing of vCloud Air (VMware’s Hybrid Cloud offering)
Investigated issues caused by vulnerabilities in 3rd party software used in our products
Ran a program to promote security knowledge among VMware’s R&D population
Presented internally and externally on security issues in VMware software
Organized four of VMware’s internal security conferences with about 350 participants each

Security Design ReviewCode ReviewSecurity ArchitectureMentoringSecurity Engineering

Defcon

Speaker - Defcon 18 (2010)

Aug 2010 – Aug 2010 · 0 mo

Spoke on “Hardware Hacking for Software Guys” using Arduinos to build security
related devices (RFID emulators, interacting with cell phones, etc).

Zions bancorporation

Security Engineer

Aug 2007 – Jul 2011 · 3 yrs 11 mos

Team lead of internal penetration testing team (tested and supervised testing of about 500
applications used by the bank) and reported the result to the appropriate business unit
Review third-party security documents (third-party testing results, SAS 70, etc) to
measure the risk of using a third-party
Wrote security standards for various systems and Operating Systems the bank owns.
Provided security guidance for new systems the bank implemented
Member of the Information Security Threat Council
Supervised and helped run vulnerability management program
Performed Java and .Net code reviews
Developed systems to track testing results and other risk attributes of systems
Voluntarily set up and taught more than 30 lunch time course on programming, hacking,
administration, etc.

Penetration TestingVulnerability ManagementSecurity StandardsInformation Security

Syngress publishing

Contributing Author

Jan 2007 – May 2007 · 4 mos

Wrote several chapters for PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance

Remote checkup, inc.

Owner

Mar 2005 – Aug 2007 · 2 yrs 5 mos

Developed a testing suite for PCI scanning. The company became an Approve Scanning Vendor (ASV). I did development, marketing, hiring, etc.

PCI ScanningDevelopmentMarketingSecurity Engineering

Discountcell

Security Engineer/Programmer/Director of IT

Apr 1999 – Jul 2007 · 8 yrs 3 mos

Managed Security including IDS system, firewalls, anti-virus, patching, security standards, Web Application Firewalls (WAFs), PCI compliance, etc.
Performed security evaluations using various tools including network vulnerability assessment tools, web application scanning tools, etc.
Managed servers (web, mail, Active Directory, SQL)
Managed internal network and workstations
Built sites using ASP.Net (C# and VB.Net)
Managed load balancers

Security ManagementNetwork ManagementWeb Application FirewallsInformation Security