Team: Offerwall Ads, Security

Security team lead

• Increased the secure development process adoption by 90% on business critical features by working cross-functionally with product/legal/engineering managers to identify security requirements early and defining documentation requirements for design docs.

• Cultivated a shift-left security culture by leading a Security Champions program, organizing monthly meetings with 8 engineers to educate about common vulnerabilities, the security triage process, and secure development practices

• Improved the application and infrastructure security posture by reviewing ~95% of all external facing and business critical features across the organization including mobile applications, server-to-server integrations, and infrastructure migrations.

Cloud Infrastructure Management

• Resolved all critical infrastructure vulnerabilities by utilizing CNAPP tooling, hardening policies and configurations in Terraform/Kubernetes manifests, and working with engineering managers to prioritize security improvements on team roadmaps.

• Reduced risk of lateral movement by moving 100% of business critical secrets into AWS Secrets Manager/Hashicorp Vault. Established organization-wide patterns for secrets management by documenting standard operating procedures and helping engineers onboard their first secrets.

Application Security Improvement

• Remediated 95% of critical and high severity application vulnerabilities by building integrations with SCA and SAST tooling, triaging vulnerabilities across different applications and frameworks, and managing dashboards to monitor new vulnerabilities

• Decreased fraudulent account enrollment on a cash reward mobile app by 85% by defining the security requirements for root detection and duplicate account detection features.

• Device OS Application Framework

• Designed APIs, implemented app privilege features, and created interface libraries for the security component of the Application Framework. (Rust/C++/Typescript/Yocto Project)

• Drove efforts to publish APIs to internal and external customers, working with the SDK teams.

• FireOS Factory Reset

• Designed and implemented an OS factory reset feature that fixed a security vulnerability in eMMC firmware across all supported FireOS versions and 10+ devices. (C/C++/AOSP)

• Lead discussions with eMMC vendors to triage the issue and worked with the performance team to ensure that the added latency was within the KPI thresholds.

• FairPlay Streaming (FPS) DRM

• Migrated all devices released post 2021 to an updated version of FPS Content Decryption Module (CDM) and OPTEE Trusted Application (TA) (C/C++/OPTEE)

• Worked proactively with Apple to triage issues with the new binaries and memory-constrained devices, communicated timelines and progress to ensure timely device certifications.

• Upleveled the BSP Diagnostics Service and the factory reset file persistence feature from FireOS 7 to FireOS 8. Redesigned the factory reset file persistence feature due to the underlying AOSP feature being on a deprecation path. (C/C++/Java)

• Mitigated a crystal oscillator supply chain shortage from affecting ~8 million devices by quickly implementing a pragmatic solution that allowed other suppliers to be integrated. (C, C++)

• Created a test suite to automate performance benchmark testing on new SoC candidates. (Python)

• Created a database for hardware benchmarking results with a serverless web frontend powered by an AWS-based backend. (React/AWS Lambda/AWS CloudFormation)

• Triaged and solved issues with Over-the-Air (OTA) updates of FireOS, an Amazon proprietary OS that is extended from Android Open Source Project (AOSP). (C/C++/Java)

• Created Amazon Astro-specific functionality to Alexa Routines by designing and implementing a RESTful cloud service in Java.

• Onboarded the new functionality to the Alexa Framework Service team.