I evolved Godfrey, Plaid’s vulnerability management platform, from vulnerability intake into a remediation-first system with actionable fixes.

I built security controls for Plaid's internal MCP server. This involved shipping a CLI-based auth flow with strong device guarantees (via DPoP), adding user-level audit logging for tool calls, and automatically identifying and rate limiting sensitive endpoints.

I also developed a new system for employees to access Kubernetes at Plaid. By integrating Kubernetes RBAC with Plaid's central permissioning service and introducing a proxy for live permission checks, I enabled user-based, just-in-time access to Kubernetes clusters.

In addition, I worked on cryptographic isolation of Plaid and Plaid CRA traffic for compliance. This involved attaching a signed claim (Plaid vs Plaid CRA) to every external-origin request and verifying that signature at every network hop in middleware.

I served as a TA for CS 186 (Database Systems) for 2 semesters. Each week, I taught discussion section, organized office hours, and answered student questions (I was the 2nd-highest answerer!) on Ed. In addition, I co-hosted exam review sessions and helped write and grade exams.

I built PlaidIAM, a self-service tool for AWS permissions. PlaidIAM enables employees to request fine-grained, just-in-time access to AWS resources without having to write a single line of Terraform. It reduced end-to-end IAM policy turnaround from 2+ weeks to under a day by automating policy generation and streamlining approvals.

I also piloted dynamic policy templates to cut IAM policy bloat (by an estimated ~90%) and exposed audit logs to identify unused permissions for removal in line with least privilege.