Oct 2025 – Present · 8 mos

• Authentication, Authorization & SSH Security
• Architected TACACS+-based Remote SSH Public Key Authentication for IOS-XR, enabling centralized AAA policy enforcement and eliminating local-only public-key authentication limitations.
• Extended IOS-XR SSH to support FIDO/U2F hardware security keys alongside X.509 certificates and OpenSSH keys, enabling modern passwordless authentication workflows aligned with zero-trust security models.
• Implemented local-to-remote authentication failover mechanisms, improving authentication resilience across large-scale distributed network deployments.
• Enhanced authorization workflows across SSH, NETCONF, SCP, and SFTP services by resolving authentication and policy-enforcement defects impacting production environments.
• OpenSSL / CiscoSSL Engineering & Security Compliance
• Led CiscoSSL/OpenSSL upgrade initiatives to remediate security vulnerabilities and integrate modern cryptographic capabilities across IOS-XR platforms.
• Resolved OpenSSL FIPS provider compatibility issues, preserving compliance requirements while maintaining backward compatibility for non-FIPS applications.
• Worked extensively with OpenSSL internals including providers, EVP APIs, TLS state machines, and cryptographic configuration management.
• Maintained and validated CiscoSSL/OpenSSL builds across multiple architectures and toolchains, including LLVM/Clang-based cross-compilation environments.
• Production Debugging & Root Cause Analysis
• Investigated and resolved complex production issues involving authentication failures, authorization defects, protocol interoperability problems, OpenSSL regressions, and memory safety issues.
• Performed root-cause analysis using GDB, core dump analysis, protocol tracing, stack inspection, and multithreaded systems debugging.
• Resolved critical security vulnerabilities including authorization bypasses, privilege-escalation paths, host-key verification issues, and memory corruption defects.

Sep 2021 – Oct 2025 · 4 yrs 1 mo

• PKI & Certificate Lifecycle Automation
• Designed and implemented automated X.509 certificate lifecycle management infrastructure for IOS-XR.
• Developed certificate auto-renewal mechanisms that reduced manual operational effort and improved certificate management scalability.
• Enhanced PKI architecture to support increasing certificate inventories and shorter certificate validity periods.
• Test Automation & Validation
• Developed automated validation frameworks using CMocka and PyATS covering SSH, PKI, AAA, authentication, and authorization workflows.
• Executed platform-wide compatibility and regression testing across multiple IOS-XR software releases and hardware architectures.
• Collaborated with development, QA, and security teams to ensure reliable delivery of security-critical infrastructure updates.