Rapid7

Rapid7 is a global leader in cybersecurity, providing visibility, analytics, and automation. I worked in the Threat Intelligence group, building systems that ingest and analyze vast amounts of security telemetry.

Cyber Threat Intelligence Platform

I was responsible for the full-stack development of the Threat Intelligence SaaS platform. This involved optimizing Angular 14 frontends for data-heavy dashboards and maintaining a mesh of Node.js and Python microservices. I architected distributed data pipelines that ingested threat signals from multiple sources into Elasticsearch, implementing custom text analyzers, n-gram tokenization, and relevance scoring to enable security analysts to perform high-precision full-text searches across correlated threat intelligence data.

Machine Learning for Phishing Detection

I developed a real-time Phishing Detection System utilizing decision tree classifiers and ensemble methods to score incoming signals. The system incorporated image recognition to detect spoofed brand logos in phishing emails and sentiment analysis to identify social engineering patterns in email content. This multi-signal approach processed thousands of threats daily, identifying malicious campaigns before they could impact customers.

Database Scaling (MongoDB)

Handling terabytes of log data required deep optimization of our storage layer. I analyzed query performance across our sharded MongoDB clusters, implementing new indexing strategies that reduced dashboard load times from 12 seconds to 3.4 seconds. This latency reduction was critical for security analysts who rely on near-real-time data to respond to active threats.

The performance chart shows the combined impact of dashboard optimization (3.5x faster load times) and the phishing detection improvements (40% reduction in false positives).