James Chai
Verified Expert in Engineering
Senior Security Developer
San Francisco, CA, United States
Toptal member since April 4, 2024
James is a senior security engineer specializing in security infrastructure systems. His expertise encompasses intrusion detection systems (IDS) and intrusion prevention systems (IPS), CyberArk, access control, vulnerability management, and Jamf. A Cisco Certified Network Associate (CCNA) and Certified Ethical Hacker (CEH), he is known for his quick learning and project management skills. James is proficient in Python and Bash coding and has experience running proof of concepts.
Portfolio
Experience
- Snort - 10 years
- Windows - 10 years
- Security Orchestration, Automation, and Response (SOAR) - 8 years
- MacOS - 8 years
- Compliance - 8 years
- Splunk - 8 years
- Tines - 3 years
- Demisto - 3 years
Availability
Preferred Environment
Windows, MacOS
The most amazing...
...thing I've done is lead a company IPO from $2 billion to $8 billion by establishing an IR team and moving from an 8x5 schedule to a 24/7/365 operational model.
Work Experience
Senior Security Engineer
Databricks
- Wrote detection rules on security systems such as intrusion detection system (IDS), SSO, Google Cloud Platform (GCP), and internal tooling.
- Collaborated, proposed, and tuned detection and automation rules on endpoint detection and response (EDR) and SOAR, continuously refining our security runbook lifecycle to ensure rapid, effective responses to incidents.
- Cut manual incident response triage through SOAR automation, reducing the time to address critical alerts from two hours to 15 minutes.
- Implemented and managed security controls and policies in a multi-cloud environment, including IAM roles, security groups, and network access control lists (ACLs) to protect against unauthorized access and data breaches.
- Utilized Databricks, Splunk, Tines.io, XSOAR, CrowdStrike, Wireshark, osquery, and Google Rapid Response (GRR) tech stacks.
Senior Security Engineer
YC Cloud and Tech Corporation
- Served as a Splunk subject matter expert (SME) and automated the transfer of vulnerable pipelines from vulnerability scanners into Splunk dashboards.
- Implemented and administrated CyberArk, including Password Vault Web Access (PVWA) and privileged session management (PSM).
- Collaborated with infrastructure end users to migrate over 200 privileged service accounts to privileged access management (PAM) in a company with a size of 20 billion.
- Deployed identity and access management (IAM) solutions, including single sign-on (SSO) and multi-factor authentication (MFA), to enhance authentication processes. Transitioned from basic authentication (BA) to SSO across more than 60 integrations.
- Implemented Center for Internet Security (CIS) benchmarks and container security deployment within a large enterprise for a startup valued at 4 billion dollars.
- Automated the incident response with extended detection and response (XDR) and security orchestration, automation, and response (SOAR) for a large enterprise spanning over 5,000 employees worth over 30 billion dollars.
Senior Security Engineer
Brex
- Automated the cloud network, security configuration, and controls with Terraform and CloudFormation through CI/CD.
- Recognized, adopted, and instilled best practices in security engineering fields throughout the organization, including development, network security, security operations, incident response, and security intelligence.
- Implemented and supported 3rd-party AWS ecosystem tools, including Twistlock and StackRox, container security, vulnerability management, and Prowler, a Center for Internet Security (CIS) benchmark auditing tool.
- Enhanced existing CI/CD security by introducing mandatory security reviews, library vulnerability scanning, self-hosted artifactory and CIS benchmark controls, and DevSecOps.
Security Engineer
Credit Karma
- Worked in the infrastructure security team. Built vulnerability management and the information retrieval (IR) program from the ground up.
- Helped the company's initial public offering (IPO) scale from two billion to eight billion and eventually buy out from Intuit.
- Built infra security from the ground up, expanded from 500 to over 2,000 employees, and deployed endpoint coverage on every network and host.
- Introduced AppSpyder, code review, and artifactory scanning. Dissolved about 20 criticals, 100+ high severity vulns in our codebase within the 1st three months, eventually adopted by the engineering team at the organization level within two years.
Experience
Automation of Incident Response Process with One Click
Education
Bachelor's Degree in Computer Science
University at Buffalo - Buffalo, NY, USA
Certifications
Certified Ethical Hacker (CEH)
EC-Council
CISSP Certification
ISC2
Skills
Tools
Splunk, Snort, AWS IAM, Twistlock, Intuit TurboTax
Paradigms
Security Orchestration, Automation, and Response (SOAR), Continuous Delivery (CD), Penetration Testing
Platforms
Tines, Windows, MacOS, Rapid7, Databricks, Azure, Digital Guardian, Demisto
Industry Expertise
Cybersecurity
Languages
Python, Bash Script, C++, C
Storage
Data Lakes
Other
Vulnerability Management, Infrastructure Security, Vulnerability Assessment, SIEM, Endpoint Detection and Response (EDR), IDS/IPS, Security, FireEye, Cloud Security, Threat Modeling, Azure Databricks, Unity Catalog, FedRAMP, CIS Benchmarks, CyberArk, Access Control, Data Loss Prevention (DLP), Email Security, Cloud, Container Security, StackRox, Palo Alto Networks, Incident Response, Incident Management, Certified Ethical Hacker (CEH), Compliance, Security Compliance, Software, Computer Science, APIs
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring