Work Experience

Work:

• Tinder, San Francisco - Red Team Engineer

• REDACTED, Los Angeles - Red Team/Pentests

  • Performed physical and remote red team operations.

  • Automated exploit management and queues

  • Onboarding new targets and threat vectors

  • OSINT and project planning for planned and impromptu operations.

• Lyft, San Francisco - Application Security Engineer, Intern (June 2020 - July 2020)

  • Shadowed and assisted on-call person.

  • Automated testing of 100+ API endpoints by utilizing open source projects.

• Tinder, Inc., Los Angeles - Application Security Engineer, Intern (June 2018 - August 2018)

  • Worked with developers and the security team to make sure features went through security review before going public.

  • Built automated tools to help manage internal testing and triaging faster.

• HackerOne Inc., San Francisco - Security Analyst (September 2016-September 2018)

  • Worked on the triage team to triage and handled security reports sent to our customers. This included making sure the report met the Service Level Agreement (SLA) and the reports were valid.

Projects:

• LeakFinder - Find leaked internal pictures and presentations faster and efficiently.

• Pyrate - Vulnerable python website.

• GitSecure - GitHub actions to detect token leakages on pull requests and merges.

• Bug Bounty Site - GitHub org with internal exploits and blogs

Articles and References

• Quoted on Fortune.com for external incident response on Snapchat hack (Read the article)

• Article by PortSwigger for finding critical security issue on Google (Read the article)

• Referenced multiple times in Real World Bug Hunting (Pete Yaworski, No Starch Press 2019) and Web Hacking 101 books for unique and impactful security findings.

Event Awards

• Best Civilian Award - Hack the Air Force Los Angeles (H1-213)

• Most Valid Reports award at GitHub’s international hacking event in 2019

• MVP award by Bugcrowd in 2018

Personal Link:

• HackerOne

• YouTube