Adriano Sela Aviles

[ adriano.selaviles@gmail.com ] [ 778 681 3106 ]

Motivated Senior Software and Security Engineer with a passion for learning. Experienced with ownership of globally distributed full stack services including the network, DNS, monitoring and logging, the platform, API & client code bases, documentation, and the infrastructure pieces that live in cloud providers.

Skills

Scripting: Bash (+ awk/sed/grep), Makefile, Python

Programming: Go, Java, C/C++, Python, Lua

Systems & Infrastructure: Docker/docker-compose, Kubernetes, Terraform, Vagrant, AWS EC2 and Google Compute Engine

Networking: TCP/IP, DNS, TLS, BGP, in-depth understanding of the OSI structure, Linux implementation of TCP/IP suite, Berkeley Packet Filter (BPF), and experience writing reliable data transport protocols (i.e. a self-written TCP)

Cloud Computing & Services: Experience with all of AWS, GCP, and Azure, microservice architecture design, serverless (i.e. AWS Lambda, GCP Cloud Functions)

Version Control & CI/CD: Git, Jenkins, Concourse, AWS CodeBuild + CodeDeploy, GitHub Actions

Identity & Access Management: IAM flows (i.e. OAuth2.0, SAML), experience writing custom identity providers

Security: Deep understanding of symmetric and asymmetric key encryption, block ciphers, hashing functions, key sharing (e.g. elliptic curve Diffie-Hellman), experience writing public key infrastructures (PKIs). Attended internal Cisco R00tcamp - an intensive 7-day bootcamp on Kali Linux tools (e.g. Metasploit framework)

Experience

Senior Software Engineer / Security, Border0 Inc. _{^{(December 2022 - present, Vancouver BC)}}

• Drove several security features from conception to completion including the introduction of robust credential stuffing mitigations and more secure authentication and authorization flows
• Directly responsible for triaging and addressing 1st and 3rd party software vulnerabilites
• Lead internal penetration testing and coordinated external penetration testing
• Wrote software to integrate with identity providers through protocols such as OAuth, OIDC, SAML, specific provider APIs (e.g. Okta, Google Workspace), and directory synchronization protocols e.g. SCIM, LDAP
• Full stack development including Go and Python back-end applications, JavaScript front-end applications, reverse proxies programmed in Lua, and the infrastructure pieces that live in various cloud providers (managed via infrastructure-as-code)

Technologies: Go, Bash, Lua, AWS, GCP, Azure, Terraform, CloudFormation, Linux

Senior Application Security Engineer, Thumbtack _{^{(May 2022 - November 2022, Vancouver BC)}}

• Lead security incident response efforts and coordinated external penetration testing
• Primary recipient and triager of company-wide “responsible disclosure” mailbox
• Lead the introduction of tools for static and dynamic analysis of software through a company-wide week-long event to instrument the relevant codebases with the appropriate tooling
• Performed on-demand security design and architecture reviews

Technologies: Go, Bash, Lua, AWS, Linux

Senior Application Security Engineer, Cisco Systems Inc. _{^{(August 2021 - May 2022, Vancouver BC)}}

• Driving the design, architecture, and development of large-scale, globally distributed security software applications and services
• Researching, designing, building, and operating “highly-available” security software services at scale, using Golang, Bash, and other languages/tools as fits the situation’s needs
• Participating in and driving threat-modelling and risk-management of Cisco’s infrastructure and products
• Supporting internal Cisco customers by extending existing services and creating new ones
• Developing solutions for computer networking and orchestration problems with availability, scale, security, and performance in mind

Technologies: Go, Bash, Python, AWS, Jenkins, Linux

Software Engineer, Amazon Web Services _{^{(July 2020 - July 2021, Vancouver BC)}}

• Built and maintained several threat detection microservices at AWS scale
• Continuously designed and implemented features for AWS GuardDuty
• Hardened systems against increasingly sophisticated security threats
• Took part in launching the GuardDuty service to multiple AWS regions
• Provided ²⁴⁄₇ on-call support

Technologies: Java, JavaScript, AWS, Linux, Networking primitives

Security Operations Intern, Mozilla _{^{(May 2019 - Sept. 2019, San Francisco CA)}}

• Apache Beam pipeline and cloud architecture design for processing AWS GuardDuty and GCP Event Threat Detection findings as part of the FoxSec pipeline, a collection of data processing Beam pipelines which alert on relevant threats to Firefox Infrastructure.

Technologies: Java 9, Apache Beam SDK, Terraform, AWS {GuardDuty, CloudWatch, Kinesis}, GCP {Event Threat Detection, StackDriver, Pub/Sub}, Google Cloud Dataflow.

• Client library and CLI for IPrepd, an Open-Source IP reputation daemon. Small additions to SOPS, a secrets management solution.

Technologies: Go

Cloud Infra. Engineering Intern, Cisco Systems Inc. _{^{(May 2017 - Sept. 2018, Vancouver BC)}}

• Collaboratively built Vinz, a PKI (and client libraries) for provisioning Cisco servers with SSL certificates via programmatic API calls. The API is capable of delivering certificates and metadata within seconds of a request.

Technologies: Go, DNS in depth, internal platforms and tooling

• Implemented an OpenID Connect identity provider in Golang and integrated it with AWS IAM as well as several other internal services which consumed our JSON web tokens (i.e. a compute platform, a metrics & logging service, …)

Technologies: Go, OpenID, AWS {IAM, DynamoDB, Lambda}, Terraform, Docker + Kubernetes, internal platforms and tooling

• Designed and implemented a high availability (HA) solution for multiplexing DNS among multiple redundant servers in accordance to frequent service healthchecks.

Technologies: Go, AWS {Route53, CloudWatch, Lambda}

• Migrated builds and deployments from a legacy Jenkins server to Concourse

Technologies: Jenkins, Councourse, AWS, internal platforms and tooling

Projects

• sslmgr - layer of abstraction the around acme/autocert certificate manager
• rdtp - cross OS transport layer service implemented as a daemon process
• padl - secrets management as-a-service API
• multikey - library for implementing complex encryption schemes leveraging Shamir’s Secret Sharing algorithm
• spoof - command line utility for injecting spoofed frames into a network
• certcache - a collection of useful implementations of the acme/certcache interface for common datastores (i.e. AWS DynamoDB, MongoDB, S3, and Google Firestore)
• auth - experimenting with RSA Keys, JWT Tokens, and OpenID Connect
• keystore - filesystem Keystore with a REST API
• cliprepd - command line client for Mozilla’s IPrepd API
• iprepd-firewall - seamless IP reputation based application-layer firewall for services written in Go using a (Mozilla) IPrepd server
• ecdh - elliptic curve diffie-hellman key exchange library in Go
• botnet - command line managed bot master with a websockets based Command and Control (C&C) server
• GoFaceTrainer - train a facial recognition model in Go using OpenCV and Machine Box
• GoAway - An OpenCV based motion detector and utilities in Go
• streamer - python3 video streaming client and server implementing RSTP and RTP
• traceroute - homemade implementation of a UDP traceroute program in python
• ping - homemade implementation of a an ICMP pinger program in python
• neuron - example predictive neural network in python
• mapp - events lookup mobile app written in Dart and Node JS back-end
• ovf - example stack overflow exploit in C

Education

BASc in Computer Engineering, University of British Columbia University (2015-2020, Vancouver BC)

• Dean’s Honour List all 4 academic years
• Coop Status: completed ⁴⁄₄ (mandatory) work terms + 1 (additional) work term