Application Security Engineer – Facebook
I joined Facebook as an Application Security Engineer in early 2019. I was hired onto the Product Security team, a central team that handles the security of all of Facebook’s products.
Upon joining the team, I immediately focused on Pysa, our Open Source Python Static Analysis tool. I built out rules covering known vulnerabilities, ensuring that we could detect and prevent them from ever being introduced into Instagram or other Python codebases. As Pysa has matured and gained adoption, I’ve spent more time focusing on teaching new users and helping people apply it to new usecases.
To support the usage of Pysa in Open Source projects, expanded our documentation, and created a tutorial which I presented at DEF CON 28, and published a Facebook Engineering Blog post. I also applied Pysa to open source projects to catch vulnerabilities such as remote code execution and open redirects (CVE-2019-19775).
Beyond Pysa, I’ve expanded my role to focus on Python security more holistically. I’ve developed in depth training programs, written linters for common anti-patterns, designed libraries to provide safer alternatives to standard library functions, and completed security reviews of upcoming products written in Python.