Security-minded Software Engineer • Product Security / AppSec / DevSecOps • Switzerland 🇨🇭
- 🔐 Software supply chain security & secure SDLC (CBOM / dependency & crypto usage transparency)
- 🧰 Practical security tooling: Linux, Docker, Nginx, OAuth2/JWT, pentest toolchain
- 🛰️ Interests: SOC/MDR workflows, virtualization security, OWASP web/API risks
- 🧱 Strong systems foundation: OS / compilers / networking — useful for building and securing real systems
- DynamicCBOM — runtime CBOM extraction via eBPF/bpftrace, generates CycloneDX 1.6 CBOMs + evaluation charts
→ https://github.com/SEG-UNIBE/DynamicCBOM - rl-elevator — event-driven Gymnasium environment + FIFO/LOOK baselines + RL agents + evaluation/visualization pipeline
→ https://github.com/william-dan/rl-elevator - LingoDB-CSE — undergraduate thesis prototype: multi-query optimization via common sub-join elimination + hash multi-map reuse
→ https://github.com/william-dan/LingoDB-CSE - SysY2022-ARMv7-Compiler — optimizing compiler targeting ARMv7, with SSA-style middle end + practical backend & reg allocation
→ https://github.com/william-dan/SysY2022-ARMv7-Compiler - thingy-api-Yellow — backend API for Smart Mobility/Bike Accident Detection (TypeScript, Koa, MQTT, MongoDB/InfluxDB, Jest, Docker)
→ https://github.com/ASE2024-Yellow/thingy-api-Yellow - e-collecting-hackathon-team9 — “Prosignum”: verifiable, privacy-preserving e-collecting proposal/workspace (Hackathon 2025)
→ https://github.com/swiss/e-collecting-hackathon-team9
- 📄 When Gradient Optimization Is Not Enough: Dispersive and Anchoring Geometric Regularizer for Multimodal Learning — arXiv:2601.21670
https://arxiv.org/abs/2601.21670 - 🏆 ICPC SWERC 2025 — selected to represent University of Bern (team contest)
- 🏆 Huawei BiSheng Cup (National Compiler Design Competition) — optimizing compiler in C++ targeting ARM
Security / Platform: AppSec • DevSecOps • OAuth2/JWT • Linux • Docker • Nginx • (runtime tracing) eBPF/bpftrace
Systems: C/C++ • compilers/tooling • networking • performance mindset
Backend / Data: TypeScript/Node.js • REST • MQTT • MongoDB • InfluxDB • testing (Jest)
ML (selective): PyTorch • RL (Gymnasium / PPO)
I’m currently looking for Product Security / Application Security / DevSecOps roles in Switzerland.
Languages: English (C1), German (B2), Chinese (native).
GitHub stats (optional)