Application Security Engineer – Facebook
I joined Facebook as an Application Security Engineer in early 2019. I was hired onto the Product Security team, a central team that handles the security of all of Facebook’s products.
Upon joining the team, I immediately focused on Pysa, our Open Source Python Static Analysis tool. I built out rules covering known vulnerabilities, ensuring that we could detect and prevent them from ever being introduced into Instagram or other Python codebases. As Pysa has matured and gained adoption, I’ve spent more time focusing on teaching new users and helping people apply it to new usecases.
To support the usage of Pysa in Open Source projects, expanded our documentation, and created a tutorial which I presented at DEF CON 28. I also applied Pysa to open source projects to catch vulnerabilities such as remote code execution and open redirects (CVE-2019-19775)