open to interesting problems

Senior engineer shipping LLM systems in production — grounded in backend architecture and cybersecurity.

I build the engineering substrate real AI products need: agent and RAG pipelines, fine-tuned and accelerated model serving, and the distributed backends that hold it all together. Deepest scar tissue at the intersection of LLMs and security operations.

~10yrs · backend & systems
~3yrs · applied LLM & agents
~7yrs · cybersecurity R&D
01 / strengths

What I focus on

Four capability areas I operate in daily — chosen because real LLM products need all of them simultaneously, not just the modeling layer.

LLM Application Delivery

End-to-end LLM agent and RAG construction. Day-to-day with LangChain, LlamaIndex, and MCP — strong prompt engineering, function calling, and orchestration of multi-step AI workflows.

Model Fine-tuning & Serving

Solid Transformer internals. Hands-on SFT and RLHF on open models like Qwen and Llama. Production inference with vLLM — KV cache and PagedAttention for high-throughput, low-latency serving.

Backend & Distributed Systems

~10 years building backends in Python and Go. Independent architecture of high-concurrency systems with Django, FastAPI, Celery, Kafka, Redis, and Milvus — the substrate AI products run on.

AI × Security

Years operating where AI meets cybersecurity: risk analysis, automated vulnerability discovery, malicious-traffic intent classification with BERT and LLMs, and AI-driven security operations.

02 / skills

Technical surface

Tools I reach for without thinking. Grouped by layer — modeling, application, infrastructure, and the security domain context that informs all of them.

Operating Systems
Linux · 10+ yrs Docker / Kubernetes · 5+ yrs
Languages
Python · expert Go C++ Rust
AI Frameworks
PyTorch HuggingFace LangChain LlamaIndex vLLM PEFT MCP / Skills
Models & Algorithms
Qwen Llama 2 / 3 BERT RAG Intent Classification RLHF Knowledge Graphs
Backend & Architecture
Django FastAPI Celery RPC RESTful APIs
Data Stores
Milvus / Faiss Elasticsearch Kafka Redis MySQL ClickHouse
Security Domains
AI red / blue teaming Automated risk control Malicious-traffic detection Vulnerability research
03 / career

Career highlights

Roles described by domain and scope rather than by employer. The arc moves from data-driven security operations into AI-native security and applied LLM systems.

AI Application Engineer · Cloud WAF Intelligent Operations
Major Cloud Platform ~1 yr · most recent
  • Built an LLM-driven automated security-ops system: Qwen-class open models classify malicious-traffic intent; an agent workflow auto-filters false positives and surfaces missed detections.
  • Closed-loop automated rule generation: an LLM-backed rule reasoning engine ingests WAF logs and proposes detection regex and threshold suggestions for the response pipeline.
  • Productionized model serving with vLLM for inference acceleration and GPU memory optimization, supporting real-time analysis over large-scale traffic.
Customer Success / Business Operations Lift
Major Cloud Platform ~2 yrs
  • Led an enterprise RAG knowledge assistant integrating dozens of product wikis, FAQs, and official docs — high-accuracy automated Q&A with LangChain on a domestic foundation model.
  • Built a vertical security knowledge graph (UIE + graph DB) and tuned embeddings + reranking; complex-intent product answer accuracy reached 85%+.
  • Wired LLM capability into the ticket pipeline: automated extraction of key fields, churn-risk scoring, best-practice report generation; resolved 300+ high-difficulty tickets.
AI & Security Research Manager
Cybersecurity R&D Vendor ~3 yrs · team lead
  • Led NLP for security: BERT-based semantic classification unified inconsistent alert taxonomies across multiple product lines and delivered DPI attack-class auto-decisioning.
  • Built the foundational knowledge graph: vulnerability databases, threat intel, and security events turned into graph structures consumed across product lines.
  • Core R&D on a next-gen SOAR alert orchestration engine grounded in ATT&CK; co-authored / led 7 granted invention patents in AI-assisted security operations.
Security Researcher
Network Technology Firm ~6 mo
  • Owned a large-scale log ingestion and enrichment pipeline; classical ML for traffic-probe feature extraction; cleansing and management of high-volume alert data.
  • Mapped low-level log behavior to high-level adversary intent via ATT&CK, materially improving log readability and detection precision.
Senior Python Engineer · WAF Product Team
Web Security Vendor ~1.5 yrs
  • Productized a high-performance WAF engine end-to-end: deep customization of Modsecurity / Tengine, request-parameter filtering, ACL scheduling.
  • Designed the enterprise HA deployment story — software/hardware appliance forms, transparent proxy, active-passive failover, streaming log shipping and alerting.
Senior Backend Engineer
Security SaaS ~1 yr
  • Built site backend APIs and an incident-response platform on Django + Redis; designed an async high-concurrency push pipeline (Tornado + Redis).
  • Independently built a cross-endpoint log collection and audit platform with optimized complex-query retrieval.
Data Operations & Security Analyst
E-commerce ~1 yr · earliest role
  • Built business-log baselines: Python pipelines pulling from data warehouses and third-party platforms to model normal access and API health.
  • Mined anomalous behavior with clustering on access frequency, depth, temporal, and path features — surfacing scrapers, coupon-abuse rings, and order-padding patterns.
  • Closed the loop: anomalous IPs and behavioral signatures became security rules, driving rate limiting and malicious-traffic cleansing in production.
04 / projects

Selected projects

Pieces of work I'm proud of — picked because each one stitched modeling, retrieval, and production engineering together rather than living in a notebook.

LLM · Security

LLM-Powered Intelligent Traffic Cleansing Engine

  • Two-stage funnel: BERT for high-throughput pre-filtering (IP aggregation, /24 reputation scoring) handles low/medium-risk traffic.
  • Qwen 2.5 SFT-tuned on accumulated adjudication data — the teacher model reasons over URL payload semantics where regex breaks down.
  • False positives are deduplicated, stored, and fed back as training signal — seamless handoff between rule matching and LLM adjudication.
RAG · Agents

Enterprise RAG Knowledge Assistant

  • Technical support bot grounded in massive internal documentation, on a domestic foundation LLM.
  • Stack: UIE + Faiss + LangChain + foundation LLM, end-to-end.
  • SBERT-based domain fine-tuning of the embedding model — large recall gains on industry-specific jargon.
  • Agent layer for extraction, intent classification, and multi-step reasoning; reward-aligned answer generation backed by the knowledge graph.
NLP · Security

NLP-Driven Security Event Semantic Classifier

  • Solved fragmented naming and isolated semantics across heterogeneous security-vendor alerts.
  • BERT encoder for supervised text classification + CRF for intent recognition and NER.
  • Classifier output hooked into the internal knowledge graph and shipped as a detection-tooling engine consumed across product lines.
Systems · WAF

High-Concurrency Productionized WAF Engine

  • Solo build, ~8 months end-to-end: research, rule optimization, backend, packaging.
  • Deep extension of Modsecurity + Tengine; complex policy distribution covering rate limiting, header limiting, and auth patches.
  • Full automation for Docker / binary deploys, service heartbeat, active-passive HA — the architecture muscle reused in later roles.