# Jun Z.

> PhD, Staff Software Engineer at PayPal

Location: San Francisco Bay Area, United States
Profile: https://flows.cv/junz1

Platform engineer with 10 years of experience architecting and scaling low-latency ML-, GenAI-, and rules-driven decision systems supporting ~1B low-latency, real-time decision requests daily across compliance, risk, payments, security, and customer-facing domains. Ph.D. in Computer Science with 7 peer-reviewed publications in software security and privacy-preserving data mining; holder of 2 issued U.S. patents and discoverer of multiple zero-day vulnerabilities assigned CVEs in widely used open-source projects.

## Work Experience
### Staff Software Engineer @ PayPal
Jan 2019 – Present | San Francisco Bay Area
• Founded and evolved a cross-domain ML-, GenAI-, and rules-driven decision infrastructure platform enabling real-time model inference and rule evaluation across compliance, payments, security, merchant, and consumer domains in large-scale, latency-sensitive production systems with audit and traceability requirements
• Architected and implemented extensible framework components—including workflow orchestration, rule engine, model integration layer, data connectors, and structured audit logging—powering ~1B daily real-time, low-latency decision requests
• Defined standardized integration contracts and lifecycle governance for rules and models; led cross-domain architectural reviews, mentored junior and senior engineers, and guided partner teams to align with platform constraints, performance targets, and reliability standards
• Led end-to-end integration and productionization of multiple ML-, GenAI-, and rules-driven decision use cases across compliance, payments, security, and consumer domains, partnering with ML modeling, analytics, and domain engineering teams to deploy high-throughput real-time scoring and decision systems
• Led cross-regional Run-The-Business reliability efforts across U.S. and APAC engineering teams, establishing monitoring and alerting standards, incident response processes, structured postmortem practices, and shared dashboards, achieving one of the highest availability metrics across engineering teams in the organization
• Drove platform evolution by enabling first-time GKE deployment of a decision service previously deployable only in on-prem environments for cross-cloud traffic; partnered with infra teams on a GCP POC to reduce latency for Braintree payment traffic originating from AWS East, migrated services to GKE Kubernetes, deployed and configured the first Kong API Gateway, integrated Google Vertex Feature Store for feature loading, and collaborated closely with Google engineers during pre-release API development

### Senior Software Engineer @ PayPal
Jan 2017 – Jan 2018 | San Francisco Bay Area
• Maintained and evolved the shared risk decision framework supporting ~20 risk domain engineering teams, contributing enhancements to rule execution, workflow orchestration, and dispatch components in real-time evaluation pipelines
• Reviewed and integrated pull requests from ~20 domain teams across ~7 shared framework repositories, enforcing architectural consistency, backward compatibility, and production readiness standards
• Owned framework build and release processes, publishing versioned components consumed by downstream decision services and coordinating upgrade adoption across domain teams
• Led consolidation of diverged shared framework components across Decision and Compute Service codebases, reconciling active development streams to restore a unified execution foundation prior to ownership transition to APAC engineering
• Lead contributor and co-inventor of two issued U.S. patents related to decision platform and risk evaluation framework innovations

### Risk Analyst, SHARP (Strategic High Achievers Rotation Program) @ PayPal
Jan 2017 – Jan 2017 | San Francisco Bay Area
• Selected for PayPal’s competitive cross-functional rotation program
• Analyzed seller behavioral and transactional data to support merchant onboarding risk strategy design
• Gained exposure to fraud metrics, compliance considerations, and investigator adjudication workflows in a regulated environment

### Software Engineer 3 @ PayPal
Jan 2015 – Jan 2017 | San Francisco Bay Area
• Following staff engineer departure, assumed sole production ownership of the rules platform and independently supported all escalations and urgent fraud/compliance rule releases for two consecutive months until team reorganization, maintaining uninterrupted system stability and business continuity
• Optimized and stabilized a fragile rule release pipeline, reducing deployment delays from 1–2 days to ~2 hours through code refactoring, validation hardening, failure isolation improvements, and pre-release cache warmup mechanisms to ensure predictable and safe production rollout
• Maintained and supported the enterprise rule authoring, validation, and release platform used by global fraud and compliance teams to manage production rule sets
• Led rule authoring platform version upgrade and associated database migration in collaboration with external vendor engineers, ensuring compatibility, data integrity, and minimal production disruption
• Mentored junior engineers and contributed to onboarding and knowledge transfer within the rules infrastructure team

### Research Assistant (Software/Application Security) @ UNC Charlotte
Jan 2010 – Jan 2015 | Charlotte, North Carolina
Discovering Software Vulnerabilities through Interactive Static Analysis (NSF project)
• Designed a novel developer-oriented framework, interactive static analysis, to help developers more easily detect and fix security flaws in code early in the software development life cycle as well as to drive customized static analysis without writing custom rules by security experts
• Implemented an interactive static analysis prototype ASIDE CodeAnnotate as plugins in Eclipse for Java and Eclipse for PHP
• Detected multiple zero-day vulnerabilities in large open source projects with the prototype

Interactive Support for Secure Programming Education (NSF project)
• Implemented a plugin in Eclipse for Java providing secure programming code refactoring and education support to students, which demonstrated effectiveness in user evaluations by helping students write more secure code

### Technical PHD intern @ PayPal
Jan 2014 – Jan 2014 | San Jose
• Project: PayPal Risk APIs performance monitoring, analytics and diagnosis
• Implemented data fetching and transformation of API trace logs (10G per hour) from CAL (Central Application Logging system of PayPal) to MongoDB with Java code and Pig scripts, running on Hadoop
• Designed and implemented multidimensional interactive visual analytics with cross-filtered views for quick data exploration, analytics and drill-down diagnosis using AngularJS, NodeJS, ExpressJS, CrossfilterJS and D3

### Vulnerability Discoverer @ Open Source Community
Jan 2014 – Jan 2014
Discovered a broken access control vulnerability (CVE-2014-0122) in chat module of Moodle 2.4.9, 2.5.4, 2.6.1. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0122

### Vulnerability Discoverer @ Open Source Community
Jan 2013 – Jan 2013
Discovered multiple zero-day vulnerabilities in Moodle.
CSRF (CVE-2014-0010): http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0010

### Vulnerability Discoverer @ Open Source Community
Jan 2012 – Jan 2012
Discovered multiple zero-day vulnerabilities in Apache Roller. 
CSRF (CVE-2012-2380): http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2380 
XSS (CVE-2012-2381): http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2381


## Education
### Doctor of Philosophy (Ph.D.) in Computing and Information Systems - Software Security
University of North Carolina at Charlotte

### Bachelor's degree in Computer Software Engineering
Harbin Institute of Technology


## Contact & Social
- LinkedIn: https://linkedin.com/in/junzhu1
- Portfolio: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2380
- Portfolio: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2381
- Portfolio: https://www.owasp.org/index.php/User:Jun_Zhu

---
Source: https://flows.cv/junz1
JSON Resume: https://flows.cv/junz1/resume.json
Last updated: 2026-04-12