A decade across AppSec, cloud security, DevSecOps, vulnerability management, and incident response at startups and public companies. I design and deliver security solutions and work directly with the teams building the product.
Experience
ASAPPJan 2025 — Present
Lead Security Engineer
Led supply chain attack remediation and response across all teams and services.
Defined LLM acceptable use policies and led security remediation for AI tooling including Claude Code.
Led architecture reviews on several complex systems across the organization.
Ran org-wide CTF competition to build AppSec awareness across the engineering team.
EltropyAug 2023 — Dec 2024
Sr. Security Engineer
Resolved a product security issue blocking an enterprise renewal; saved ~$200k ARR.
Joined the Enterprise Architecture group as security SME for product platform decisions.
SentiLinkMay 2022 — Aug 2023
Security Engineer
First security hire — owned AppSec, vuln management, and secure development practices from day one.
Automated vuln tracking and SLA enforcement in Python; eliminated manual overhead and reached 100% coverage across all services.
Q2Nov 2018 — May 2022
Security Engineer / DevSecOps
Ran WebApp pentests across 5 products; found OWASP Top 10 issues including XSS and CSRF across multiple codebases.
Integrated SAST, secrets scanning, and container scanning into all CI/CD pipelines org-wide — zero secrets post-rollout.
Automated repetitive security tasks with Python and F5 APIs; saved $27k/year.
eBayMay 2017 — Aug 2017
Software Engineer Intern — Security Operations
Built automated vuln reporting for 12,600 employees using Python (Django) and Qualys.