CAREER SUMMARY

Principal Software Engineer & Security Researcher with 10+ years of experience building secure, scalable web, mobile, and backend systems. Certified in OSCP+, GPEN, GCIH, GSEC, and GFACT with a deep technical foundation in offensive security, original vulnerability research resulting in 6 recent disclosures to Debian package maintainers, and a portfolio focused on re-engineering functional PoCs for known, critical-rated vulnerabilities.

CYBERSECURITY CERTIFICATIONS

VULNERABILITY RESEARCH & DISCLOSURE

• sohps (Shared Object Hijack Path Scanner): Developed a security auditing tool to identify shared object hijack vulnerabilities in Linux ELF binaries and AppImage containers. Used it to scan ~70,000 Debian packages, resulting in 6 disclosed vulnerabilities: Debian Bugs #1138498 (python3-torch), #1138589 (libarrow500), #1138592 (gpu-basis-universal), #1138596 (python3-ifcopenshell), #1138597 (python3-ledger), and #1138072 (clang-tools-21)

EXPLOIT REPRODUCTION

• CVE-2026-21858 (ni8mare): Developed a functional PoC for an unauthenticated RCE in n8n automation platforms (< 1.121.0), demonstrating full system compromise via logic flaws.
• CVE-2025-55182 (React2Shell): Reproduced a critical RCE via vulnerable React Server Components (RSC) behavior, bridging the gap between front-end architecture and server-side exploitation.
• CVE-2026-33017 (Langflow): Engineered a reproducible RCE exploit targeting Langflow AI orchestration layers, highlighting vulnerabilities in emerging LLM infrastructure.
• CVE-2026-1357 (WPVivid): Demonstrated RCE within the WPVivid Backup & Migration WordPress plugin, targeting widespread deployment surfaces.

TECHNICAL SKILLS

PROFESSIONAL EXPERIENCE

• Directed the native platform migration to Flutter, architecting authentication and payment flows to ensure PCI data security and transaction integrity.
• Engineered a secure mobile architecture using Riverpod, implementing state-management patterns to prevent PII leakage across modular, decoupled feature sets.
• Established a secure SDLC and mentored team members to accelerate the delivery of high-impact features while ensuring architectural integrity and scalability.

• Led development of an Android listing module and supporting ASP.NET Core API, ensuring secure data handling and endpoint protection for high-traffic commercial services.
• Engineered scalable web applications with React and Node.js and built an enterprise AWS push notification system for secure, real-time cross-platform communication.
• Partnered cross-functionally to implement secure design principles and code review standards, ensuring resilient and consistent feature releases across mobile and web.

• Developed cross-platform mobile applications for logistics and agriculture, ensuring secure client-side data handling and architectural consistency.
• Modernized legacy ASP.NET architectures by migrating monolithic APIs to modular services, improving service isolation and system auditability.
• Engineered real-time synchronization for distributed inventory systems, implementing secure data flows and validation logic across mobile devices and APIs.

• Led implementation of claims-based authentication and IAM for a U.S. Air Force recruiting portal, ensuring strict access control and federal compliance.
• Developed regulatory and monitoring modules for Virginia state agencies, focusing on data integrity and workflow efficiency within ASP.NET environments.
• Modernized legacy web architectures to improve performance and maintainability, ensuring architectural consistency across client projects.

SIDE PROJECTS

• Built a full-stack Flutter frontend and Ktor backend as a boilerplate project to accelerate rapid application bootstrapping, supporting user registration, profile updates, and SMS-based two-factor authentication (2FA).
• Implemented JWT-based authentication and authorization, with MySQL for persistent user data, Redis for transient 2FA token storage, and GitHub Actions for automated backend deployment.
• Architected the Ktor backend using a modular, feature-based structure grounded in Clean Architecture principles and Domain-Driven Design (DDD), organizing core business logic into clearly defined use cases to enhance separation of concerns, scalability, and testability.

• Built a native Android application that facilitates the sequential streaming of torrent media for playback on the local device or Chromecast devices.
• Powered media playback using a custom VLC/libVLC wrapper.
• Integrated in-app torrent search capabilities, enabling users to find and stream content without leaving the application.

• Built a native Android application that integrates with the Jackett torrent indexer aggregation engine.
• Implemented a custom Foreign Function Interface (FFI) to enable direct interop between Kotlin and a Jackett .NET Core library, offloading indexer management to the Jackett project.
• Leveraged cross-runtime communication to reduce maintenance overhead and align with upstream improvements.

• Developed a comprehensive Android media player library leveraging the core libVLC library and Open Subtitles API, facilitating seamless media playback on Android and Chromecast devices

EDUCATION

TECHNICAL FIELD RESCUE & EMERGENCY MEDICINE

(Download resume as PDF; private GitHub repositories available for review upon request)