Skip to content

Senior Cyber Security Engineer @ Aave Labs

Current Focus: Web3 Security Architecture, Threat Intel & Defensive Operations

At Aave Labs, I own the full security perimeter: from smart contract invariant monitoring to infrastructure hardening, bridging offensive tradecraft with high-fidelity defensive operations in an environment where a single exploited vulnerability can result in nine-figure losses. My role bridges the gap between traditional infrastructure security and the cutting-edge requirements of Web3.

Key Responsibilities & Achievements

  • Security Architecture: Designing and hardening infrastructure for Web3/Web4 environments, ensuring resilience against both classic and protocol-specific attack vectors.
  • Offensive Security: Conducting deep-dive audits and penetration tests on web3 applications and smart contracts to identify vulnerabilities before they can be exploited.
  • On-Chain Threat Detection & SOC Operations: Designed and operate a multi-layer on-chain monitoring stack combining:
    • Tenderly — custom invariant monitors covering Aave V3's core solvency guarantees: health factor violations, liquidity index monotonicity, cash-vs-availability divergence, oracle staleness, supply/borrow cap breaches, and post-liquidation state correctness. And also V4 with the new Hub-Spoke architecture.
    • Hypernative — behavioural anomaly detection for protocol-level threats: price manipulation patterns, flash loan abuse, unusual borrow spikes, and cross-protocol correlation attacks.
    • CrowdStrike, AWS GuardDuty, CloudTrail — host EDR and cloud-layer coverage completing the detection surface.
    • Sumo Logic — centralised telemetry aggregation (SIEM) with structured Field Extraction Rules per source, unified severity normalisation, and correlation dashboards that surface simultaneous Tenderly + Hypernative signals — a strong indicator of real exploit activity vs. false positives.
  • Nation-State Threat Research: Reverse engineer malware campaigns, focusing on behavioural analysis rather than static indicators. Translated findings into SIEM detection logic (Sumo Logic) and Custom IOAs in CrowdStrike that kill the threat chain at execution time.
  • Infrastructure & Compliance: Building robust, Zero-Trust security architectures across AWS and GCP, while ensuring compliance using tools like Vanta.

Technical Stack

  • Security: CrowdStrike, Sumo Logic, Groundcover, Falco, Hypernative.
  • Web3: Solidity, Rust, Smart Contract Auditing, Cryptographic Protocols.
  • Cloud & Ops: AWS, GCP, K8s, Docker, ArgoCD.
  • Languages: Python, Solidity, Rust.