Contact

jon@barbersec.com
(206) 414-9918
Seattle, WA
barbersec.com
LinkedIn
GitHub

Education

B.S. Computing Security

Rochester Institute of Technology

2012-2014

B.F.A. Film and Animation

Rochester Institute of Technology

2009-2013

Skills

Languages & Development

Python TypeScript Go Bash React

Security Engineering

Security Automation Secrets Detection DAST/SAST Vulnerability Management API Security

Infrastructure & Tools

AWS GCP Docker Kubernetes CI/CD

Security Tooling

Semgrep CodeQL Nuclei Gitleaks Custom Security Tools

Architecture & Design

Security Architecture System Design Security Program Development Threat Modeling

Modern Development

LLM Integration Developer Experience Security Automation Frameworks Modern Web Security

Jon Barber

Security Engineer

I'm an engineer who combines software architecture expertise with deep offensive security knowledge to build scalable security platforms and tools. I specialize in creating developer-friendly automation that tackles complex security challenges, with particular focus on secrets detection and secure development workflows. I thrive on understanding how systems can be exploited, then turning those insights into elegant, automated solutions.

Experience

Senior Security Engineer - Cruise

2020-Present

Architected and implemented company-wide security automation platform that unified asset inventory, vulnerability scanning, and remediation workflows across hundreds of services and thousands of assets
Built and maintained comprehensive scanning infrastructure covering DAST, SAST, secrets detection, and TLS compliance, working closely with engineering teams to achieve full coverage while minimizing friction
Led successful implementation of shift-left security controls including automated pre-commit checks and PR-time scanning, significantly reducing exposure of sensitive data
Performed detailed security assessments of critical services, helping teams identify and remediate complex vulnerabilities while maintaining engineering velocity

Security Engineer - Facebook

2017-2019

Identified, fixed, and prevented security and privacy flaws in Facebook's family of products through code review, security assessments, and improved static analysis tooling
Led Seattle bug bounty program including managing program health, payouts, and live events while serving as Facebook panel member for Internet Bug Bounty
Drove creation of Private Bounty Program and security documentation while collaborating cross-functionally with development teams, legal, and communications

Senior Security Consultant - NCC Group

2015-2017

Led web application security assessments for Fortune 100 tech companies, managing teams of 2-4 consultants
Performed penetration tests and code reviews across web applications, mobile apps, and network infrastructure
Conducted independent security research resulting in an internal tool, Blackhat Arsenal presentation, and ToorCon talk

Download PDF