# Aaron Loo > Staff Security Software Engineer at Aurora Location: San Francisco, California, United States Profile: https://flows.cv/aaronloo Engineer. Technologist. Professionally Paranoid. I have a decade of experience crafting custom security solutions, tailored to each company’s specific product and culture. From big tech to bleeding edge startups, from web technologies to hardware security (and everything in between), I quickly adapt to new environments and tackle big problems head on with scrappiness and panache. My background blends computer science, business acumen, and a keen product sense — a fusion that gives me a unique perspective to make thoughtful engineering choices that both reduce risk and unlock revenue. I’ve seen firsthand how security done wrong can become a bottleneck; I fix that by working across the organization to optimize away workflow inefficiencies, and design secure-by-default systems that users love. I’ve built a Zero Trust infrastructure from scratch. Open-sourced tools that promote better key management practices. I’ve productionized foundational solutions that make whole classes of problems disappear — increasing product velocity in the pursuit of measurably increased system trust. My best work happens in environments where engineers are trusted to own outcomes — not just deliver code. Environments where iteration speed, quality and skill are rewarded. Where ambition is shared, and problems interesting enough to deserve great solutions. If you’re building something meaningful, and want an engineer who sees both the forest and the trees — who codes like an artisan, thinks like a strategist, and ships like a founder — let’s talk. Technical Skills: - Backend: Golang, Python, C++, Java (Android), Flask, SQL, PHP, Ruby - Frontend: HTML5, CSS, Javascript, React, UI/UX - Infrastructure: Docker, Ansible, Kubernetes, AWS, GCP - Other: Bash, Git, Visual Basic, Jupyter Links: - GitHub: https://github.com/domanchi ## Work Experience ### Staff Security Software Engineer @ Aurora Jan 2022 – Present | San Francisco Bay Area I am working with some of the best minds in the industry, to secure the next generation of Autonomous Vehicles, and protect lives by helping develop the security landscape of the future. We're building ZTA into the very fabric of our devices, device attestation through hardware-backed identities, and managing complicated PKI hierarchies that assign identity down to a process-specific level. It's wild. ### Staff Security Engineer @ Airbnb Jan 2021 – Jan 2022 The Security Engineering team at Airbnb focuses on evaluating and measuring risk, for all facets of the business. Though I have previously juggled many roles, responsibilities and focus areas in my past jobs, I now turn my attention to zero-in and reimagine how Airbnb can programmatically measure risk across the business. Measuring security is difficult, and often fluffy with its elementary impact v likelihood matrixes. However, during my short stint at Airbnb, I developed a quantitative risk model that leveraged a variety of industry yardsticks (with their innate pros/cons), and distilled a data-driven risk engine to identity high risk areas in the company. This was the infrastructure in which other security teams at Airbnb utilized to measure adherences to security best practice, and inform developers how to improve their situation. ### Engineering Manager, Application Security @ Yelp Jan 2018 – Jan 2021 | San Francisco Bay Area As a manager, I get the privilege to work with the most challenging (but rewarding!) part of the scalability question: people. After gaining a good understanding of our technical capabilities as a team and company, I turn my attention to how we can scale our processes so that we can effectively cover such a large surface area with a relatively small team. In this role, I found myself wearing many hats: whatever that was needed to maximize the effectiveness of my team. For example: - When I was pulled in to advise on compliance related issues, I worked with legal, auditors and other non-technical teams to draft up a year-long product roadmap. Then, I convinced management to give me resources to build out a team to meet these needs, so that the Application Security team would be able to focus on their charter. - When I had a junior frontend engineer that needed guidance (and no designers to support us), I rolled my sleeves up and built out a wireframe that detailed designs for the next nine months. - When I was recruiting to build out my second team, I designed the standardized interview track (and strategy) for the entire security organization to recruit more specialized candidates. This allowed us to be more efficient when hiring, and hire an additional eight people across the organization. I believe the only true success metric for engineering management / technical leadership is the accomplishments you see your team achieve, and the processes that persist and continue to improve the company when you leave. While being a manager during 2020 certainly had its challenges, I trust that I was able to positively impact my team and company within the constraints imposed on me. ### Security Software Engineer @ Yelp Jan 2017 – Jan 2018 | San Francisco Bay Area Objective: How do we bolster our defense-in-depth measures, and scale it to support a larger organization? As an organization gets larger, it's natural that complexity follows suit. And with complexity, there is an increasing amount of use cases to consider, as well as systems and teams that integrate together. Building off the experience gained in a smaller ecosystem, this opportunity allowed me start thinking at scale: how do we build systems to shore up our defenses against a variety of use cases (i.e. mobile, web, business owners, internal users, other acquisitions), and can also be easily adopted by other teams? The challenge in this role was the constant trade-off between investing in preventative measures to avoid vulnerabilities from surfacing, or improving reactionary measures to better equip ourselves to handle eventual incidents. Through this role, I learned to often question assumptions, and think creatively for both attack AND defense scenarios, as both are required for a solid security posture. I also learned to understand new systems quickly, as our team often has to deep dive into various different systems to perform threat modelling, or even patch security vulnerabilities. ### Security Software Engineer @ Yelp Jan 2016 – Jan 2017 | San Francisco Bay Area Objective: How do we secure a legacy system, in a fast-paced growth environment? Application Security defends the products of Yelp, including all user-facing interfaces. While many modern web frameworks provide basic safeguards out of the box, complexities arise when developing custom solutions to protect against OWASP vulnerabilities, yet still preserve legacy behavior. Through this role, I became proficient in scanning complicated, hairy code for vulnerabilities, as well as learned how to employ creative methods to architect secure-by-design systems to support other less security-savvy feature developers. As the de-facto head of security for Eat24, it was always a challenge balancing the effort needed to migrate existing anti-patterns, or investing that time to design a solution that made those anti-patterns safer to use instead. ### Private Tutor @ Self-Employed Jan 2013 – Jan 2016 | Ann Arbor, MI My experience working as a private tutor in the University of Michigan has certainly been an enriching journey. These are my top three skills I've developed over this period, that I'm most proud of: 1. Geek Speak Translator I teach introductory C++ and Python classes in a clear, concise manner by minimizing technical jargon. Although many Computer Science (CS) professors are incredibly smart, they have difficulty dumbing down concepts for students to understand. That’s where I come in. I reduce confusion for students by simplifying topics, and add value through time-efficient revision. Students are often surprised when I blaze through a month’s worth of material in two hours, and they emerge having a much more solid understanding than before. 2. Android Mobile Development: CRM System, Cloud Data Management To better manage my growing student base, I designed a custom CRM system on the Android platform, based off a SQLite database. This allowed me to make data-driven business decisions, based off real-time status updates from my phone. I maintain an agile development method to quickly add features to my app as the need arises, motivated through business growth. Recent updates: Google calendars integration, data migration to Parse. 3. Business Analysis I absolutely love opportunities where I’m able to combine my technical expertise with my business acumen. Through my app, I conducted several research efforts that helped me identify my target segment, determine an optimal pricing strategy, and facilitate long-term student retention through analysis of multi-semester trends. Although knowing technology is beneficial, using it effectively to grow the business is definitely more important. Overall through this experience, I’ve developed skills in conversing in both business and tech, both at a high conceptual level and down to detailed binaries. I adapt to the market, and take the initiative to combine all my skills to increase revenues and customer satisfaction. ### Advisory, Performance Improvement, Intern @ EY Jan 2015 – Jan 2015 | Chicago, IL Though my internship was short, it was educational. I was tasked with process optimization: pushing the boundaries of Microsoft Excel's Visual Basic to automate report generation for internal use and analysis. These are my top three takeaways from my experience: 1. Adaptability: learning to work with what you have. A lot of people ask me, "Why Visual Basic? Wasn't there a better tool to use?" While this is true, often we find ourselves in situations where we can't use the latest and greatest, due to legacy support constrains, time for reimplementation, or existing resource constraints. This was one of these situations: I had to work with several raw data dumps from different systems, and churn them into Excel's graphical constructs (Pivot Tables, charts, cellular logic) for higher management. Visual Basic was just the best medium for it, and I was successful in learning, and immediately applying it effectively. 2. Major Code Overhaul: paving the way for the future. Foreword: generally, this is a bad decision. "Don't fix it, unless it's broken." is a very strong motto for engineers. That being said, the codebase was so grimy and convoluted that I found myself needing to read through most of it to trace and debug program flow. So I took the initiative to refactor most of the existing code base, optimizing run times by 50% and improving code manageability such that future contributors would have a much easier time when adding/modifying functionality. 3. Tangible Business Intelligence It was empowering to watch the direct result of my work serve as a conduit for making executive business decisions. To ensure I did not merely get lost in the details of code integrity and optimization, I worked closely with some of our end users to model raw data for insightful observations, and ensured all tools were designed to meet concrete business needs. ### Battalion Signal Officer @ Singapore Armed Forces Jan 2010 – Jan 2012 | Singapore It's impossible to capture all the diverse experiences I underwent during my military service in three or four short paragraphs. However, my transformative journey from a mere recruit to the youngest lieutenant in my battalion has helped me develop soft, transferable skills that can be applied to any environment. 1. Effective Teamwork, Leadership and Team Management Managing, training and leading a platoon of 27 men isn't easy, especially when you're younger than half the men you lead. You must deal with people from different backgrounds and educational levels, assessing their capabilities to employ them in their most qualified tasks. I also collaborated with my peers to achieve success through challenging missions while leading my men through it, demonstrating the power of a highly-functional, well-trained team. 2. Analyzing / Troubleshooting Situations to determine the Best Solution As a signal officer, unforeseen equipment errors occur during missions, and fixing it quickly is essential for mission success. This has taught me valuable crisis management skills, as well as maintaining mental resilience despite stressful events. Likewise, in a customer-driven, solutions-orientated business world, it's important to quickly resolve the client's concern in a calm and concise manner. 3. Initiative and Creativity in Solutions Coming from Australia, I was able to harness an international perspective to implement innovative solutions. For example, I redesigned our battalion's means of encoded communication to make it easier to learn, harder to understand and added an element of morale-boosting fun during missions. 4. Communicating ideas to different stakeholders Effectively convincing superiors, collaborating with peers, rallying your team and enticing the public is vital for executing plans. It doesn't matter whether these plans are regarding national security, or increasing profitability for a business: if I have a good idea, I will work hard to see it succeed. ## Education ### Bachelor of Business Administration (BBA) in Business Administration and Management, General University of Michigan - Stephen M. Ross School of Business ### Bachelor of Engineering (BE) in Computer Science University of Michigan ## Contact & Social - LinkedIn: https://linkedin.com/in/aaronloo --- Source: https://flows.cv/aaronloo JSON Resume: https://flows.cv/aaronloo/resume.json Last updated: 2026-03-22