2021 — Now
Built experiences allowing Security teams to quickly identify, delegate, and remediate leaked secrets, security vulnerabilities, and third party alerts. This included work to create dashboards for tracking security posture over time, identification of high risk code bases, quickly enabling security features across entire organizations, and building a query language that unifies these experiences and allows for a user to quickly find alerts and vulnerabilities of interest.
Implemented fine-grained access control for security products, allowing teams to create roles specifically designed to have access to view, manage, and configure security alerting for their repositories.
Built settings enforcing alert scanning policies across an entire GitHub enterprise, allowing security teams to ensure uniform compliance to security standards, while still providing flexibility for organization owners to make modifications if needed.
Delivered robust alerting around GitHub Code Scanning alerts, as well as third party static analysis tooling. This work allowed teams to quickly enable static analysis on their code base through a one-click setup process, gate PRs introducing vulnerabilities or violations, as well as providing remediation recommendations and CWE documentation directly in PRs or alerts to more easily shift left and empower devs to resolve security issues while freeing up security teams to focus on more challenging items.
Worked to scale Secret Scanning to GitHub enterprises, allowing organizations to identify leaked secrets in their code base from a variety of common services, as well as the ability to define custom tokens, worked to provide Push Protection across all code bases in an enterprise, ensuring that tokens are blocked before they could be pushed to GitHub, preventing secret leakage
Development followed a microservice architecture written in Go, Ruby, and TypeScript (React), with robust monitoring, linting, and testing across all three languages
2020 — 2021
Worked as part of a team to design and build an efficient system of micro-services that allowed us to map out the Attack Surface of FAANG sized organizations.
Built and maintained a single page application built using React that provided customers with both a high-level view of their companies Attack Surface as well as detailed views that clearly identified, the Attack Surface itself, as well as any vulnerabilities that had been detected in a clear and intuitive way.
Built a robust set of APIs that allowed both internal operators and external customers to leverage our data for more intensive analysis.
Worked to improve the performance of read and write operations against the Database for large datasets by optimizing both the queries used and the schema design itself.
Used RabbitMQ to provide efficient communication between micro-services.
Designed and ran a twice weekly bug triage meeting that quickly identified and escalated critical bugs
while maintaining visibility on lower criticality issue, ensuring they were still worked on and resolved.
Established and led a Standards guild that identified, discussed, and published guidance for the
engineering team to better deliver consistent, maintainable, well tested, and efficient software.
2019 — 2020
Atlanta, Georgia
Helped design and standup a micro-service driven architecture in AWS
Used Terraform to manage infrastructure across multiple projects
Collected metrics data across all services using Cloudwatch and Sumologic
Designed and maintained a set of dashboards in Sumologic aimed at helping engineers quickly find and diagnose issues in the system. Alerting was also provided to help notify on-call staff of critical issues.
Designed and maintained CI/CD pipelines in CricleCI that allowed the team to quickly test, publish, and deploy services to testing and production environments. Pipelines also provided quality of life features such as making sure the service version had been updated, linting, and warnings for deprecated libraries
Assisted in Development work as needed, mainly working in Go and Python projects.
Alpharetta, GA
Architect automation tests to be more uniform across the floor, allow for more code reuse, and be more consistent.
Designed and wrote internal tools and libraries to allow automation test engineers to spend less time writing their own test beds and instead focus on writing high quality tests.
Maintained testing infrastructure to allow teams to get feedback on their work more quickly and ensuring that bugs and missed requirements were caught early.
Communicated with developers to help improve quality of unit tests.
Trained teams on proper use of Gherkin, Cucumber, RSpec, and Ruby.
Alpharetta, GA
Designed and executed testing around Security Compliance (mainly FIPS and Common Criteria) for an enterprise grade product.
Wrote internal tools to assist in more easily allowing teams to validate their work maintains compliance.
Developed automation testing to efficiently check for and maintain compliance.
Work involved heavy emphasis around proper use, storage, and exchange of X509 Certificates.
Validation of system permissions and file rights.
Validation of proper password storage.
Trained teams on proper security practices.
Education
Georgia State University