Summary
Staff Security Engineer operating at the intersection of security engineering, AI, and data—using AI to do security work, and securing AI workflows org-wide. I build developer-first guardrails across GitHub/CI and the PDLC: secure-by-default workflows, supply chain hygiene, and scalable code review patterns that raise security coverage without slowing delivery. I partner with infrastructure and data teams to unify telemetry in Snowflake/dbt and ship decision-grade security metrics and dashboards that help engineering and leadership act on real signals instead of noise.
Work Experience
Upside
Staff Security Engineer
Lead security engineering across Upside's product and platform orgs (100+ engineers) with a focus on secure-by-default developer experience, security telemetry, and secure AI enablement. Build GitHub/CI guardrails and supply chain controls that reduce friction and raise code quality. Partner with infra/data teams to unify telemetry and ship decision-grade risk signals. Lead Copilot governance, MCP/agent guardrails, and AI provenance standards across engineering and business stakeholders (IT/GRC/legal).
Upside
Senior Application Security Engineer
Established Upside's AppSec function and initial PDLC guardrails. Launched secure code review standards, GitHub Advanced Security adoption, and early CI/supply chain controls. Supported product teams with secure design guidance across web, mobile, and cloud services while helping define the scope of the Product Security team.
Booz Allen Hamilton
Lead Engineer
Application Security
Helped build and run the U.S. Department of Veterans Affairs' first agency-wide AppSec program, supporting thousands of applications. Led SAST/SCA reviews across major stacks and worked directly with teams to triage findings, improve SDLC practices, and prioritize risk-reducing fixes across hybrid and cloud environments (AWS/Azure).