Application Security Engineer · PKI, Auth & Anti-Fraud

Sole architect and lead engineer of a high-scale authentication and identity platform at a top-10 global PKI vendor. Designed and scaled the backend infrastructure enabling 10× growth in TLS, code signing, and identity certificate issuance.

• ▸ Sole architect of the company-wide authentication and identity platform supporting tens of thousands of daily users.
• ▸ Designed OAuth2, OIDC, SAML, and session-based flows including secure cross-domain authentication and external IdP integrations.
• ▸ Built a fully automated certificate issuance pipeline and complex API endpoints for certificate lifecycle management.
• ▸ Designed fraud detection combining third-party services with custom analytics on behavioral patterns, IP intelligence, and device fingerprinting; cut SMS pumping fraud loss to zero.
• ▸ Implemented protections against account takeover, replay attacks, session hijacking, and internal threats (credential leaks, privileged misuse).
• ▸ Defended against advanced and state-level threat actors; led the redesign of the auth engine for high-volume load and long-term scalability.

• Ruby on Rails
• PostgreSQL
• Redis
• OAuth2
• OIDC
• SAML
• PKI
• Sidekiq
• AWS

Early engineer on a 5-person team building a consumer product with ~1k DAU. Owned end-to-end features across the Rails stack and led incident response. Final 5 months were a contract wind-down with gradual transition of responsibilities to the rest of the team while ramping up at SSL.com.

• ▸ Reduced backend latency by up to 5× through query optimization, indexing, and caching.
• ▸ Improved user retention by 15% through targeted performance and product improvements.
• ▸ Shipped 4 major product features in 12 months, supporting multiple product pivots.
• ▸ Identified and mitigated critical security vulnerabilities; led incident response against advanced attackers.

• Ruby on Rails
• PostgreSQL
• Redis
• JavaScript
• Stimulus
• AWS

Built and managed automated hedging strategies across multiple brokers, markets, and financial instruments. Background in quantitative finance taught me to think in risk, edge cases, and systemic failure modes — a mindset I now apply directly to security engineering.

• ▸ Reduced hedging costs by up to 35% through strategy optimization and execution improvements.
• ▸ Managed a large leveraged portfolio with rigorous risk control and capital efficiency.
• ▸ Self-taught Ruby in parallel during this role, transitioning to engineering by mid-2022.

• Python
• C++
• SQL