Experience
Apple Inc.
Senior Engineering Manager — Architecture & Strategic Initiatives, Crypto Services Mar 2026 – Present 1 mo
↗ Domain expertise grown to architectural scale — the technical foundation others build on.
—Own the architectural direction of Apple's cryptographic infrastructure — PKI, encryption, code signing, and secrets management — setting the standards and multi-year roadmap that downstream engineering teams execute against
Senior Engineering Manager — IT Governance & Planning, Office of the CIO Jul 2019 – Mar 2026 6 yrs 8 mos
↑ Built Apple's GRC Engineering function from scratch — grew two teams to 20 engineers over six years.
Infrastructure Data Platform
—Owned IS&T's GRC Engineering function — data platforms and access controls that security, compliance, and finance relied on for audit readiness, risk posture, and incident response
—Built Apple's compliance scoping engine — correlating OSQuery telemetry, artifact ownership, DAST/SAST, and SG/ACL network graphs across 1.7M servers and petabytes of infrastructure signal to dynamically bound PCI and SOX audit scope
—Shipped a PAM module as the change management gate on Apple's server fleet — blocking SSH access unless backed by an approved ServiceNow change ticket, layered with SELinux policies to enforce SOX access controls at the login boundary
—Built MCP servers and AI chatbots for each platform service — enabling semantic search and natural-language discovery across compliance, asset, and audit data
—Established Claude-powered code assist, PR review, and security checks as the team's default development workflow
Business Planning
—Scaled the budget planning platform to 200+ finance stakeholders — supporting Apple's annual capex/opex planning cycles and TCO tracking across the technology portfolio
Senior Software Engineer — IT Governance & Planning, Office of the CIO Apr 2018 – Jul 2019 1 yr 3 mos
—Designed and shipped Apple's PAM-based change management gate — requiring an approved ServiceNow change ticket at SSH login, enforced with SELinux policies, to close a critical SOX access control gap across the server fleet
Security Software Engineer — Video Engineering Mar 2017 – Apr 2018 1 yr 1 mo
—Built the secure data pipeline for FaceID model training — handling high-volume biometric data under strict privacy controls and end-to-end integrity requirements
—Provisioned training infrastructure with Terraform and Ansible, and built Jenkins CI/CD pipelines to validate model drops before promotion to production
Security Engineer — Apple Online Store Mar 2015 – Mar 2017 2 yrs
→ Shifted from offensive security to building cryptographic infrastructure from scratch.
—Payments: Built DUKPT-based cryptography libraries securing Point of Sale transactions across Apple Retail
—Payments: Designed and deployed HSM infrastructure for Apple's Payment Gateway, enabling hardware-backed end-to-end transaction security
—Ran goal-based penetration tests on Apple's Retail Engineering Red Team
eBay Inc.
1 yr 5 mos Information Security Engineer Oct 2013 – Mar 2015 1 yr 5 mos
—Ran bug bounty remediation and web application penetration testing for eBay Marketplaces
—Extended Raptor, eBay's internal security framework, to systematically close XSS and other high-frequency web vulnerabilities
McAfee Inc.
1 yr 9 mos Security Consultant Jan 2012 – Oct 2013 1 yr 9 mos
○ Where the foundation was laid — offensive security work that shaped every system built since.
—Delivered penetration testing and security code reviews for major financial institutions, surfacing critical vulnerabilities across web and application layers
Education
Johns Hopkins University
M.S. Security Informatics
2011 – 2012
Birla Institute of Technology and Science
B.E. Computer Science
2007 – 2011
Skills
Cryptography
PKI / X.509 HSM / PKCS#11 Key Management Code Signing
Security & Compliance
GRC Engineering PCI DSS SOX Compliance Vulnerability Management ServiceNow / CMDB PAM Zero Trust
Engineering Leadership
Engineering Management Technical Roadmap Org Design Cross-functional Leadership
Languages
Go Python
AI & Automation
Agentic Workflows MCP Servers LLM Integration
Infrastructure & Platform
Cloud Security (AWS / GCP / Azure) Data Pipelines Terraform / Ansible Enterprise Architecture