Experience
Consulting & Freelance Work
Independent Security Researcher
Self-directed
Hunting for critical vulnerabilities across large SaaS and cloud platforms with a focus on high-signal findings that translate into business risk.
- Reported a chained OAuth misconfiguration that enabled cross-tenant account takeover; delivered replay scripts and remediation guidance adopted org-wide.
- Maintains a modular recon pipeline that monitors 50K+ assets, prioritizing attack paths with ML-assisted signal scoring.
- Delivered post-remediation verification tooling to ensure fixes remain effective during future releases.
Burp Suite ProNucleiZigPythonGraphQLCloud IAM
Offensive Security Consultant
Fortune 100 SaaS Platform (NDA)
Embedded with the product security team to stress-test global authentication flows prior to a major launch.
- Discovered pre-auth logic flaws that allowed privilege escalation and lateral movement across tenant boundaries.
- Produced structured threat models aligned to MITRE ATT&CK to brief executive stakeholders.
- Built guardrail policies and automation hooks that blocked regression deployments within CI/CD.
OAuthOIDCKubernetesTerraformGoMitM Tooling
Full-time Experience
Red Team Operator
Global Fintech (NDA)
Led adversary simulation exercises targeting payment routing and data exfiltration scenarios.
- Built custom tradecraft to bypass behavioral detections, resulting in high-fidelity alerts that improved SOC efficiency.
- Collaborated with defenders to translate findings into resilient detection engineering backlogs.
- Co-authored crisis playbooks covering escalation, containment, and cross-team communications.
C2 FrameworksPostgreSQLEventBridgeAWSCloudTrailDetection Engineering
Security Automation Engineer
Media & Entertainment (NDA)
Designed pipelines that merged offensive findings with remediation automation for a hybrid cloud environment.
- Implemented exploit replay harnesses to catch regressions across 20+ microservices.
- Standardized vulnerability disclosure reports and reduced patch timelines by 40%.
- Partnered with engineering squads to introduce security guardrails without slowing delivery velocity.
PythonNode.jsKubernetesAWSServerlessSIEM Integrations