Cameron Ruatta

Contact

Email

[email protected]

LinkedIn

https://www.linkedin.com/in/cruatta/

GitHub

https://github.com/cruatta

Narrative

I'm a builder, a breaker, and a leader. Most of my career as an engineer has centered around architecting and implementing applications used by millions of users, serving thousands or millions of requests per second. Early in my career, I discovered a passion for application security and built a skill set around it. I leverage those skills to find, fix, and prevent security vulnerabilities in software. I seek out work that is creative, focused, and business-critical. As a technical leader, my goals are to be kind and fair to my peers, be pragmatic yet oriented toward the ideal, and to improve every team and organization that I join.

Professional Experience

Dave

Dave is a mobile banking and financial services app that helps Americans avoid overdraft fees and manage money. Dave became a publicly traded company in January 2022

Lead Security Engineer (2024-Present)

As a Lead Security Engineer, I'm driving end-to-end security strategy from secure application design to hardened cloud infrastructure by championing robust processes and measurable outcomes.

Notable Achievements

• I led a 6-week initiative to pin 100% of GitHub Actions to commit hashes, mitigating supply chain attack risk.
• I partnered across the engineering organization to increase WAF coverage for internet-facing applications from ~40% to ~100%.
• I migrated complex CI/CD workflows from CircleCI to GitHub Actions in 4 weeks using AI-driven conversion, eliminating legacy costs and enhancing security with workload identity federation, succeeding where prior attempts failed.

Core Competencies

• Security Architecture, Python, SAST, SCA, Cloud Security, GCP

Lead Software Engineer (2020-2024)

As a Lead Engineer on the Account Management Team, I architected new identity and access management systems to secure member accounts. I worked closely with the product organization and other engineering teams to build user account management and authentication systems, spanning multiple microservices, that support all Dave members.

In this role, I routinely partnered with the Security Team. I regularly engaged in threat modeling and Security Review meetings to give design critique and feedback to other teams.

Notable Achievements

• I led an engineering-wide initiative to replace our monolithic authentication system with a modern microservice-based system using JWT-based authentication. This significantly improved the scalability of the Dave application and enabled the decommissioning of two legacy systems.
• I initiated and led a cross-team project that cut monolith database-related incidents by over 90%. The project also enabled downsizing the database instances for the monolith application, saving the company thousands of dollars a month.
• I performed offensive code reviews and penetration testing, which resulted in critical findings, including discovering and remediating full authentication bypasses in the legacy authentication system and in the legacy account recovery system.

Core Competencies

• Software Engineering, TypeScript, Node.js, Express, MySQL, GCP

Credit Karma

Credit Karma is a free personal-finance platform that provides consumers with credit scores and reports, personalized recommendations for credit cards, loans, insurance, and tax services. Credit Karma was acquired by Intuit for $8.1B in February 2020

Senior Security Software Engineer (2015-2020)

On the Platform Security Team at Credit Karma, I architected and delivered our core IAM platforms - designing OAuth 2.0, SAML, and SSO solutions that support millions of users. I built scalable services to encrypt and anonymize PII at scale and managed a centralized HashiCorp Vault deployment to secure every production secret across the engineering organization.

Notable Achievements

• I led a 4-day, cross-team project to scale our OAuth 2.0 service that more than doubled its capacity and prevented an imminent site-wide outage.
• I designed and piloted a first-of-its-kind internal security training for Software Engineers, focusing on OAuth 2.0 internals and best practices.
• I spearheaded internal penetration testing exercises resulting in multiple critical findings.

Core Competencies

• Software Engineering, Security Architecture, Scala, OAuth 2.0, SSO, MySQL, HashiCorp Vault, GCP

Site Reliability Engineer (2013-2015)

I joined Credit Karma when we were under 100 employees and owned the end-to-end application platform - automating server provisioning, infrastructure management, and deployments - while embedding security and performance best practices to ensure resilient, high-performing services.

Notable Achievements

• I designed an OS patch management system and process for production infrastructure, balancing security and reliability.
• I rearchitected the in-house metrics collection system to collect billions of data points, dramatically increased its stability and reliability, and reduced associated infrastructure costs.

Core Competencies

• Systems Engineering, Python, SaltStack, Linux

Education

University of California, Irvine

Bachelor of Science (B.S.), Informatics (Software Engineering)

Donald Bren School of Computer Science

PDF