Information Security Engineer Ii
Resume:
.
.
Rana
San Francisco, California, United States ********@***.*** 602-***-**** in/rpourmohamad
EXPERIENCE
Security Engineer II
Ripple May 2023 - Present, San Francisco, CA
Led the Development and Scaling of Security tools for Detection & Response: Built, matured, and scaled Product Security and Security Detection & Response programs (event management (SIEM)) for a leading enterprise blockchain startup specializing in cross-border payments solutions, including engaging with, and presenting to, technical stakeholders and executive leaders.
•
Enhanced Security for Financial Applications: Decreased the risk of compromise to customer-facing financial applications by conducting threat modeling, threat analytics, security incident, thread hunting, intelligence gathering, secure-by-default design, and integrating complex third-party SaaS solutions with extensive data in/out pipelines, achieving a 40% reduction in vulnerability exploitation.
•
Optimized Information Security Operations and Response Process Automation : Streamlined the Information Security team's ability to secure core services by authoring a service interaction catalog detailing interactions between critical internal services. Enhanced this process by implementing third-party SaaS and defensive Tactics, Techniques and Procedures (TTPs) tools for better incident response and system management.
•
Improved User Authentication Systems: Simplified Authentication, Authorization, Accountability (AAA) protocols and integrated leading SaaS solutions such as Auth0 and Okta, boosting security frameworks and user experience. This included configuring SSO capabilities and tight integration features that support secure data exchanges.
•
Reduced Impact of Fraudulent Activities: Significantly decreased the impact of fraudulent cryptocurrency activities on the company’s brand by leveraging sophisticated SaaS tooling such as ZeroFox, XSOAR, and Google Safe Browsing, along with custom-written Python & Java scripts. This integration resulted in a 90% increase in fraud detection accuracy and response times.
•
Accelerated Vulnerability Response: Enhanced detection to remediation timelines of security vulnerabilities by 50% through the strategic implementation and configuration of advanced security tools, including third-party SaaS solutions like SumoLogic, Databricks, and Google Chronical for risk analysis and automation.
•
Enhanced Cloud Platform Security: Materially improved AWS and GCP cloud platform security and efficiency by utilizing and integrating cloud forensics and third-party SaaS tools. Collaborated with InfraSec and Infrastructure teams to drive best practices in cloud security across multiple platforms.
•
Security Researcher
Security Engineering for Future Computing (SEFCOM) at Arizona State University March 2019 - Present, Tempe, AZ
• Enhanced web browser anti-phishing capabilities by evaluating AI algorithms and classifiers, identifying key security vulnerabilities.
• Ensured cross-platform functionality by successfully integrating and compiling open-source browser source code. Advanced anti-phishing research through dynamic and static reverse engineering on Chromium's Google Safe Browsing with C++, identifying vulnerabilities and reducing false positives through client-side machine learning.
•
• Led innovative experiments on Google Safe Browsing, uncovering critical flaws and driving major detection scoring improvements in 2021. Published a significant three-year research study at ASIACCS, advancing anti-phishing technology and aiding financial and crypto sectors in scam detection.
•
Enhanced server-side detection evaluation and collaboration by utilizing Burp Suite and PHP, and fostering a productive partnership with Google's security team.
•
Information Security Researcher Intern
Ripple( Fraud/Scam detection) May 2022 - May 2023, San Francisco, CA Enhanced security for customer-facing financial applications by performing threat modeling and driving timely remediation of identified risks, reducing potential compromises.
•
• Increased scam-phishing detection coverage by 30% implementing a machine learning-based crawler and web scraper. Accelerated the blocking of scam-phishing domains by implementing more efficient fraud detection, thread hunting and reporting methods collaborating with Zerofox and Google Safe Browsing team.
•
Security Product Manager/Software Engineer
Shoniz Industrial Group Co. Jan 2017 - May 2018, Tabriz, Iran Enhanced Trust and Safety using Java, Python, and SQL, driving key system upgrades, and reduce support tickets by incident response and detecting, fixing, and maintaining SQL databases and web servers
•
• Decreased company costs by researching and implementing new methods to update branch software and servers, minimizing expenses. Senior Security analysis Haghaniat Group Co. January 2016 - Dec 2016, Remote
• Improved enterprise wide security by developing security in design, and implemented security detection baselines Cyber Security Researcher
.
.
University of Tabriz May 2012 - March 2013, Tabriz Conducted in-depth security research on Trust based Access Control on Cloud computing networks resulting on publishing a paper Conducted in-depth security research on Vehicular ad hoc networks (VANET) within Mobile Ad Hoc Networks (MANETs), resulting in a comprehensive threat analysis of current trends and technologies.
•
PUBLICATIONS
• Scam pandemic: How attackers exploit public fear through phishing (2020 APWG Symposium on Electronic Crime Research (eCrime)) Deep Dive into Client-Side Anti-Phishing: A Longitudinal Study Bridging Academia and Industry ( AsiaCSS 2024)
•
EDUCATION
PhD Candidate in Computer Science
Arizona State University • Tempe, AZ • May 2023
MS in Information Technology - Secure Telecommunications University of Tabriz • Tabriz • September 2016
BS in Computer Science
University of Tabriz • Tabriz • September 2012
ENGAGEMENT
Founder and Host :Youtube Podcast • Radio Bitaarof • Present Volunteer: Bay Area • Women of MENA in Technology Arizona chapter • Present President:Arizona • Iranian Students association at Arizona State University • 2022 TECHNICAL SKILLS
Detection & Response, Threat analysis, Web Security, Privacy, Reverse Engineering, Automation, Data Structures and Algorithms, Databases, Computer Security,AWS, Application Security, Threat Modeling & Research, Security Strategy, Executive Level Communication, Cross- Functional Collaboration
Python, SQL, Datadog, Caspian, C/C++, PHP, Java, HTML/CSS, Javascript SQLServer, Tines, Chronicle, SQLite, SumoLogic, Grafana, BurpSuite, MITMProxy, Wireshark, tcdump, netcat, Google Analytics, Amazon MTurk
Linux, Web, Windows, VirtualBox, VMware
Visual Studio, IntelliJ IDEA, Eclipse, Pycharm, Analytical Thinking, Event Management, Teamwork, Public Speaking, Marketing Strategy, English, Persian, Turkish, Azerbaijani
Contact this candidate