Services

Threat models and audit hygiene apply to every deliverable, not just engagements with “security” in the title.

No offshore hand-offs. You work directly with the principal engineer writing the code and owning the outcome.

SB-Micro #2052003. Pursuing IT-MSA pool admission across Development, Security, and Strategy categories.

S/02 — Development

Production engineering for security-sensitive applications and SDKs — design, build, ship, harden
Web applications and SaaS platforms — front-end, back-end, API design, multi-tenant architecture
Native mobile and desktop applications — iOS, Android, macOS — and SDKs that ship to other engineering teams
Database design and performance — schema, migrations, query tuning, data modeling
Cross-stack systems code and tooling — cryptographic libraries, FFI bridges, internal CLI utilities, integration libraries

Past performance

Lead engineer on a Fortune 500 payments platform — mobile POS security SDK, point-to-point encryption, EMV.

Source-code audits, threat modeling, and attack-surface analysis across application and systems codebases
Mobile security depth — anti-tamper, runtime integrity, reverse-engineering protection, secure enclave integration, certificate pinning, NDK/JNI hardening, WhiteBox cryptography
Standards-aligned security assessments — OWASP MASVS / MASTG, NIST baselines, DoD and DHS evaluation criteria
Binary analysis, decompilation, and obfuscation-bypass research across ARM64 and x86-64 targets
Secure-by-design advisory for engineering teams — review gates, hardening checklists, auditor-ready documentation

Past performance

Senior engineer on a global payments network — tokenization service SDK, NFC/HCE, JNI bridge, WhiteBox crypto.

Technical due diligence and architecture review for state IT modernization and federal technology programs
Procurement, vendor-risk, and build-vs-buy advisory for engineering and security programs
Roadmap and capability planning — security strategy, modernization, cross-platform initiatives
Engagement structuring — California SB Option direct-buy, prime subcontract (T&M), direct contract (FFP)

Past performance

Principal engineer on a national-security tech platform — cross-platform security architecture, anti-tamper, process integrity.

Cloud architecture and delivery across AWS, Azure, and GCP — landing zones, infrastructure-as-code, CI/CD, containerized and serverless workloads
Cloud security engineering — IAM design, network segmentation, secrets management, posture hardening to NIST 800-53 and FedRAMP-aligned baselines
Migration and modernization — lift-and-shift through re-architecture, with security and cost review at each gate

Independent verification and validation (IV&V) for state IT and federal programs
Test engineering at scale — automated functional, regression, API, and end-to-end suites in CI
Performance, load, and resilience testing of cloud workloads against defined scenarios
Accessibility and Section 508 / WCAG conformance testing
Security test integration — threat-model and audit discipline applied as a test gate

LLM integration and retrieval pipelines for document-heavy government workflows
Agentic systems — task orchestration, tool use, human-in-the-loop review
AI assurance — evaluation harnesses, red-teaming, and security review of model-backed features