Jun 2025 – Present · 1 yr

• Lead

Jan 2024 – Mar 2026 · 2 yrs 2 mos

Sep 2022 – Jan 2024 · 1 yr 4 mos

• Led comprehensive security reviews, ensuring the robustness of the source code, architecture, and design of the cryptocurrency exchange microservice resulting in a 40% reduction in high-critical vulnerabilities.
• Enhanced cloud security protocols, fortifying critical infrastructure against emerging threats.
• Investigated and responded to security incidents with an average response time of under 30 minutes, minimizing potential damages by 40%.
• Pioneered the development of security education and awareness programs, fostering a culture of vigilance and responsibility across the organization.
• Analyzed and monitored system and network security threats and vulnerabilities, implementing proactive measures to preemptively address potential risks.
• Developed and maintained security tools and applications, contributing to a proactive and resilient security posture.

Sep 2021 – Sep 2022 · 1 yr · Singapore

• Spearheaded the development of IoT detection service, resulting in a 60% increase in detection and mitigation of IoT cyber threats.
• Engineered a Secure Supply Chain Management system, ensuring firmware update integrity at scale and reducing supply chain risks by 30%.
• Developed a Secure Firmware Over The Air Update solution, enabling secure firmware updates at scale, improving update success rate by 30%.
• Created a Vulnerability Analyzer Service, proactively identifying vulnerabilities and reducing potential exploits by 40%.
• Developed a Malware Analyzer Service for performing comprehensive malware scanning on IoT network traffic, enhancing the overall cybersecurity posture.

Feb 2021 – Jul 2022 · 1 yr 5 mos · Jakarta, Indonesia

• Led efforts to test web application vulnerabilities, utilizing OWASP as a guide for comprehensive review and testing processes.
• Successfully managed and supported the end-to-end implementation of AWS Cloud infrastructure, including design, deployment, maintenance, and troubleshooting.
• Assessed and reviewed AWS cloud network configurations from a security perspective, ensuring robust defenses and addressing any identified issues.
• Collaborated with Internal Audit to ensure security controls met ISO 27001 compliance standards.
• Engineered a cloud-based security platform that monitored and analyzed data from multiple sources, enhancing threat detection capabilities.
• Conducted both manual and automated secure code reviews during the SDLC stage, identifying and addressing existing security flaws.

Aug 2020 – Feb 2021 · 6 mos · Singapore

• Engineered an interactive Secure Code Exercise Platform, improving students understanding of secure coding practices by 40%.
• Created a Vulnerable Microservice Travel Agent, offering practical insights into identifying and mitigating security vulnerabilities.
• Developed engaging DevSecOps exercises for online labs, enabling learners to apply security principles in real-world scenarios.
• Designed and implemented Vulnerable Apps for Training Purposes, enhancing practical understanding and skills development.

May 2020 – Jan 2022 · 1 yr 8 mos · Jakarta, Indonesia

• Conducted comprehensive penetration testing on diverse web and mobile applications, demonstrating proficiency in identifying and mitigating security vulnerabilities.
• Uncovered and addressed a multitude of security flaws within client applications, contributing to the overall improvement of their cybersecurity posture.

Mar 2017 – Feb 2018 · 11 mos · Jakarta, Indonesia

• Conducted comprehensive security assessments of web applications, networks, and systems, identifying and mitigating security vulnerabilities.
• Vigilantly monitored organizational networks for security breaches, promptly investigating and addressing any violations.
• Provided impactful training sessions to internal staff on topics such as secure coding practices and cybersecurity awareness, fostering a culture of security consciousness.
• Conducted both manual and automated secure code reviews during the SDLC stage, identifying and addressing existing security flaws proactively.