During my time at Endgame, I worked on the research and development team for the endpoint detection and response (EDR) product. Although I was involved with a wide range of projects, my primary impact centered around the Event Query Language (EQL), a stateful rule engine for both live and historical processing, which became a core offering in the product.
Roles
Senior Security Researcher
Feb 2018 – Oct 2019
- Endgame Reflex: Coordinated with multiple teams across Endgame’s stack to deliver Reflex, which spanned backend, rule engine, and endpoint integration.
- Detection engineering technical lead: Provided expertise for event-driven detection, which included the ecosystem around detection engineering, spanning from development to production.
- Detection ecosystem: Matured the detection ecosystem by creating pipelines for CI/CD for new detections, to ensure quality of new detections, while mitigating degradations of logic.
Security Researcher
Jan 2017 – Feb 2018
- Event Query Language (EQL): Created EQL and the accompanying rule engine for stateful and temporal matching of suspicious activity on an endpoint, with live or historical processing.
- Detection Engineering: Contributed to initial detections for Endgame’s rule engine, improving the effectiveness of its EDR solution.
- Backend Engineering: Developed Endgame Resolver, which constructed process trees of event activity when triaging alerts and significantly improved the triage workflow.
Skills
- Technical leadership
- Domain specific language design
- Backend engineering
- Detection engineering
- Python
- Lua
- CLIPS
- Go