James Chai, Developer in San Francisco, CA, United States
James is available for hire
Hire James

James Chai

Verified Expert  in Engineering

Bio

James is a senior security engineer specializing in security infrastructure systems. His expertise encompasses intrusion detection systems (IDS) and intrusion prevention systems (IPS), CyberArk, access control, vulnerability management, and Jamf. A Cisco Certified Network Associate (CCNA) and Certified Ethical Hacker (CEH), he is known for his quick learning and project management skills. James is proficient in Python and Bash coding and has experience running proof of concepts.

Portfolio

Databricks
Databricks, Azure Databricks, Data Lakes, Unity Catalog, FedRAMP, Windows...
YC Cloud and Tech Corporation
Splunk, CIS Benchmarks, Security Orchestration, Automation, and Response (SOAR)...
Brex
Cloud, Container Security, StackRox, Twistlock, Palo Alto Networks...

Experience

  • Snort - 10 years
  • Windows - 10 years
  • Security Orchestration, Automation, and Response (SOAR) - 8 years
  • MacOS - 8 years
  • Compliance - 8 years
  • Splunk - 8 years
  • Tines - 3 years
  • Demisto - 3 years

Availability

Part-time

Preferred Environment

Windows, MacOS

The most amazing...

...thing I've done is lead a company IPO from $2 billion to $8 billion by establishing an IR team and moving from an 8x5 schedule to a 24/7/365 operational model.

Work Experience

Senior Security Engineer

2021 - 2023
Databricks
  • Wrote detection rules on security systems such as intrusion detection system (IDS), SSO, Google Cloud Platform (GCP), and internal tooling.
  • Collaborated, proposed, and tuned detection and automation rules on endpoint detection and response (EDR) and SOAR, continuously refining our security runbook lifecycle to ensure rapid, effective responses to incidents.
  • Cut manual incident response triage through SOAR automation, reducing the time to address critical alerts from two hours to 15 minutes.
  • Implemented and managed security controls and policies in a multi-cloud environment, including IAM roles, security groups, and network access control lists (ACLs) to protect against unauthorized access and data breaches.
  • Utilized Databricks, Splunk, Tines.io, XSOAR, CrowdStrike, Wireshark, osquery, and Google Rapid Response (GRR) tech stacks.
Technologies: Databricks, Azure Databricks, Data Lakes, Unity Catalog, FedRAMP, Windows, MacOS, Snort, Splunk, IDS/IPS, Security Orchestration, Automation, and Response (SOAR), Compliance, Vulnerability Management, Tines, Vulnerability Assessment, Cloud Security, Security, SIEM, Endpoint Detection and Response (EDR), Cybersecurity, Intuit TurboTax

Senior Security Engineer

2020 - 2023
YC Cloud and Tech Corporation
  • Served as a Splunk subject matter expert (SME) and automated the transfer of vulnerable pipelines from vulnerability scanners into Splunk dashboards.
  • Implemented and administrated CyberArk, including Password Vault Web Access (PVWA) and privileged session management (PSM).
  • Collaborated with infrastructure end users to migrate over 200 privileged service accounts to privileged access management (PAM) in a company with a size of 20 billion.
  • Deployed identity and access management (IAM) solutions, including single sign-on (SSO) and multi-factor authentication (MFA), to enhance authentication processes. Transitioned from basic authentication (BA) to SSO across more than 60 integrations.
  • Implemented Center for Internet Security (CIS) benchmarks and container security deployment within a large enterprise for a startup valued at 4 billion dollars.
  • Automated the incident response with extended detection and response (XDR) and security orchestration, automation, and response (SOAR) for a large enterprise spanning over 5,000 employees worth over 30 billion dollars.
Technologies: Splunk, CIS Benchmarks, Security Orchestration, Automation, and Response (SOAR), CyberArk, Access Control, AWS IAM, Azure, Data Loss Prevention (DLP), Digital Guardian, IDS/IPS, Email Security, Continuous Delivery (CD), Windows, MacOS, Snort, FireEye, Compliance, Vulnerability Management, Demisto, Vulnerability Assessment, Cloud Security, Security, SIEM, Endpoint Detection and Response (EDR), Cybersecurity

Senior Security Engineer

2019 - 2020
Brex
  • Automated the cloud network, security configuration, and controls with Terraform and CloudFormation through CI/CD.
  • Recognized, adopted, and instilled best practices in security engineering fields throughout the organization, including development, network security, security operations, incident response, and security intelligence.
  • Implemented and supported 3rd-party AWS ecosystem tools, including Twistlock and StackRox, container security, vulnerability management, and Prowler, a Center for Internet Security (CIS) benchmark auditing tool.
  • Enhanced existing CI/CD security by introducing mandatory security reviews, library vulnerability scanning, self-hosted artifactory and CIS benchmark controls, and DevSecOps.
Technologies: Cloud, Container Security, StackRox, Twistlock, Palo Alto Networks, Continuous Delivery (CD), Security, MacOS, Snort, Splunk, IDS/IPS, FireEye, Security Orchestration, Automation, and Response (SOAR), Compliance, Vulnerability Management, Vulnerability Assessment, Cloud Security, SIEM, Endpoint Detection and Response (EDR), Cybersecurity

Security Engineer

2017 - 2019
Credit Karma
  • Worked in the infrastructure security team. Built vulnerability management and the information retrieval (IR) program from the ground up.
  • Helped the company's initial public offering (IPO) scale from two billion to eight billion and eventually buy out from Intuit.
  • Built infra security from the ground up, expanded from 500 to over 2,000 employees, and deployed endpoint coverage on every network and host.
  • Introduced AppSpyder, code review, and artifactory scanning. Dissolved about 20 criticals, 100+ high severity vulns in our codebase within the 1st three months, eventually adopted by the engineering team at the organization level within two years.
Technologies: Incident Response, Incident Management, Infrastructure Security, Splunk, FireEye, IDS/IPS, Windows, MacOS, Snort, Security Orchestration, Automation, and Response (SOAR), Compliance, Vulnerability Management, Demisto, Vulnerability Assessment, Threat Modeling, Security, SIEM, Penetration Testing, Endpoint Detection and Response (EDR), Cybersecurity

Automation of Incident Response Process with One Click

At Credit Karma, we typically devoted an average of two hours to each incident. Leveraging my expertise in automation, I dedicated three months to scripting automation for all incident response procedures. As a result, most incidents were automated and resolved, allowing the team to initiate "manual intervention" with just one click directly from the Slack channel.
2012 - 2014

Bachelor's Degree in Computer Science

University at Buffalo - Buffalo, NY, USA

MARCH 2016 - MARCH 2018

Certified Ethical Hacker (CEH)

EC-Council

JANUARY 2009 - JANUARY 2013

CISSP Certification

ISC2

Tools

Splunk, Snort, AWS IAM, Twistlock, Intuit TurboTax

Paradigms

Security Orchestration, Automation, and Response (SOAR), Continuous Delivery (CD), Penetration Testing

Platforms

Tines, Windows, MacOS, Rapid7, Databricks, Azure, Digital Guardian, Demisto

Industry Expertise

Cybersecurity

Languages

Python, Bash Script, C++, C

Storage

Data Lakes

Other

Vulnerability Management, Infrastructure Security, Vulnerability Assessment, SIEM, Endpoint Detection and Response (EDR), IDS/IPS, Security, FireEye, Cloud Security, Threat Modeling, Azure Databricks, Unity Catalog, FedRAMP, CIS Benchmarks, CyberArk, Access Control, Data Loss Prevention (DLP), Email Security, Cloud, Container Security, StackRox, Palo Alto Networks, Incident Response, Incident Management, Certified Ethical Hacker (CEH), Compliance, Security Compliance, Software, Computer Science, APIs

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring