Endpoint Security,Cryptography,Pki,Eda,Ate,C/C++,Stl,C#/.NET
Resume:
Hayk Hovsepyan
Redmond, WA 503-***-**** *************@*****.***
Principal/Staff Software Engineer
Seasoned software engineer with 25 years of experience specializing in security, kernel development, multithreading, and large-scale system architecture. Recognized for leading enterprise security initiatives and optimizing low-level performance. Co-author of a Microsoft security patent and expert in endpoint protection platforms. Adept at delivering robust, scalable, and secure frameworks under stringent enterprise requirements. Skills & Tools
Domains: Endpoint Security (AV engines, anti-tampering), Cryptography, PKI, EDA, SoC testing Languages: C/C++, STL, C#/.NET, Python, PowerShell, Bash/Shell, TCL, JavaScript, PHP Platforms: Windows (kernel/user mode), Linux, VxWorks, Embedded Systems Tooling: WinDbg/KD, MS Threat Modeling, Git, ClearCase, SVN, CVS, OpenAccess, Qt, YACC/ANTLR/SNACC
Databases: MySQL, MSSQL, T-SQL, CellView
Professional Experience
Microsoft Corporation — Redmond, WA
Senior Software Engineer / Full Stack Developer (Sept 2015 – Feb 2025) Led design and delivery of core security features in Windows Defender AV, used by millions of endpoints worldwide:
Secure Controlled Configuration – Initiated and led a project to secure the import, verification, and persistence of signed configuration payloads. Owned major client-side changes. Collaborated with Microsoft Intune, Configuration Manager, and MDE-Attach teams to support an extensible format for signed/trusted configuration flows. Worked closely with security architects on the feature on threat modeling and mitigation of known attack vectors.
Tamper Protection – Architected and implemented a cross-layer platform feature that enforces Defender AV presence and protecting critical configurations at both user mode and kernel levels. Co-authored US Patent #11368361 for secure configuration control. Drove threat modeling, cross-team integration, rollout strategy, and feature monitoring. Now enabled by default for all Windows systems.
Troubleshooting Mode – Designed and implemented a secure, expirable debug mode enabling seamless switch from managed to unmanaged state for troubleshooting of Defender’s configurations. Reduced enterprise IT support overhead and improved diagnostic workflows.
Smart App Control Integration – Owned the API, antivirus state management, and collaborated with the partner OS team to integrate real-time reputation checks by routing file execution requests to the cloud, effectively blocking untrusted files.
Threat Policy Enforcement – Implemented platform-side support for PUA and TVM threat categories with block/warn user experience. Optimized performance by leveraging driver- level caching to reduce redundant file scans.
Feature Control Framework – Designed and delivered Defender AV’s signature-driven control mechanism to enable gradual feature rollouts and killbit enforcement.
State Management and WSC Integration – Owned the logic for Defender’s running active and passive modes, integration with Windows Security Center, and state transitions based on third-party AV presence. Led deprecation of DisableAntiSpyware/Virus configurations, which were actively exploited by the attackers to easily disable Defender AV.
Kernel & User-mode Messaging – Developed and optimized various driver- and user-mode enhancements for file scanning, process execution, configuration hardening, and inter- component communication.
Defender Platform Extensions – Extended public and internal APIs to support integration with the Defender AV Engine component. Supported ELAM driver enhancements and implemented “developer mode” changes to improve unit and functional testing.
Crash & API Tooling – Developed and integrated CrashDumpAnalyzer and ApiVerifyAnalyzer tools into pipelines for automated triage and enforcement of publicly documented API usage.
Siemens (Mentor Graphics)— Wilsonville, OR / Armenia Senior Software Developer / Team Lead / Module Architect (Nov 2010 – Sept 2015)
Directed cross-regional teams in building constraint management and EDA tools.
Modernized integration mechanisms and improved dependency handling for critical modules.
Led GUI redesigns, automation frameworks, and testing strategies.
Key developer for Pyxis IC Station and Constraint Manager (~3M+ LOC). Other Roles & Companies : LTX-Credence, APG Enterprise, Hylink JSC Developed security products, SoC test infrastructure, simulation flows, and custom debugging tools:
Sevan WSA: network PKI system with SSL/TLS termination/bridging, user authentication, RSA keys and X.509 certificate generation/signing.
Security Management Center: PKI infrastructure with SNMP, FTP/TFTP, Java/SSL stack.
X-Series: Debugging suite for HSIO/RF modules on Linux (C/C++).
D10 Tester: Tools for IntelHex parsing, STIL extensions, and register emulation. Education
Master of Computer Science - 2001–2004
Bachelor of Computer Science -1994–1998
State Engineering University of Armenia
Languages & Interests
Languages: Fluent in Armenian and Russian
Interests: Tennis, skiing.
Contact this candidate