• Led the security program to achieve compliance with NYDFS Part 500 and SOC 2 while implementing

improvements across applications and infrastructure.

• Developed and executed the security roadmap, optimizing vendor relationships and aligning security

initiatives with business objectives.

• Designed and deployed request signing (JWT authentication) for external APIs, ensuring integrity of

customer requests.

• Built and executed disaster recovery tabletop exercises, authored manual playbooks, and deployed

Incident.io to strengthen incident response.

• Implemented a SIEM solution (RunReveal), integrating native log sources to establish foundational

monitoring and detection capabilities.

• Integrated SAST and DAST tools into the CI/CD pipeline, enabling earlier detection of vulnerabilities in

development.

• Engineered and executed the company's comprehensive security strategy, aligning it with business goals and achieving SOC II Type 2 compliance.

• Engineered and implemented foundational security programs, including cloud, application, and corporate security, enhancing overall security posture.

• Developed and deploy Single Sign-On using OAuth2/OpenID Connect, rolled out to enterprise customers, and owned ongoing feature support.

• Conducted risk assessments and vulnerability assessments, implementing mitigation strategies and managing external security vendors.

• Designed and executed a robust incident response plan, including Disaster Recovery and Incident Response Tabletop Exercises, reducing detection and response times.

• Championed DevSecOps practices, integrating security into the software development lifecycle and overseeing the secure migration of core infrastructure components.

• Built and led a cross-functional security engineering team, establishing scalable security policies and promoting a security-first culture.

• Directly responsible for Static Application Security Testing (SAST) strategy, design, and engineering. Integrated systems for vulnerable dependency scanning and secret scanning of code repositories and Slack.

• Performed security reviews of system design documents, code changes, and new vendors.

Partnered with developers to remediate vulnerabilities in applications and systems.

• Managed public bug bounty program by communicating with external researchers, validating findings, working with internal teams to remediate vulnerabilities, and paying out bounties.

• Oversaw company’s developer security education covering common secure coding practices and common security issues.