Viren R. Shah

Washington, DC • [email protected] • 703-338-2886 • viren.org • linkedin.com/in/shahvirenr

Engineering leader with experience spanning SaaS platform development, cloud infrastructure, and applied software security research. Currently leading R&D, security/compliance, and infrastructure for a production AI-driven SaaS platform, including ownership of SOC 2 Type II compliance and Data Protection Officer (DPO) responsibilities. Background includes Government-funded research and a track record of translating advanced research into production-ready systems.

Interested in senior leadership roles that leverage diverse expertise across security/compliance, infrastructure, product development, and applied research.

Role Mix Across Jobs

How time has been spent by role

A high-level view of roles across jobs.

Developer Researcher Technical Leadership Management

Domain Mix Across Jobs

How time has been spent by domain

A high-level view of subject-matter emphasis across jobs.

Security Program Analysis Cloud / Infrastructure / DevOps Distributed Simulation LegalTech/NLP/ML Compliance / Privacy / Governance

Core Expertise

SaaS Platform Development

Applied R&D

Cloud Infrastructure (AWS, Google Cloud)

Security & Compliance

Privacy / DPO

DevSecOps

Software Security

Static & Dynamic Analysis

Distributed Systems

Kubernetes

Career Timeline

BlackBoiler — Director of Engineering, Security and Infrastructure

Arlington, VA • 2019–Present

Partnered with CTO to define and execute the technical and product roadmap.
Current role spans product R&D, SOC 2 / DPO responsibilities, and AWS / Kubernetes platform ownership.

Leidos (formerly SAIC) — Senior Cyber Scientist

Arlington, VA • 2011–2019

Led applied research in software security, binary analysis, and large-scale program analysis.
Principal Investigator for DARPA MUSE Evaluation & Infrastructure and lead engineer on DARPA CASE.

Raytheon (formerly VTC Inc.) — Senior Technical Advisor / Principal Software Engineer

Alexandria, VA • 2005–2011

Corporate technology strategy, infrastructure modernization, and integration leadership.

Cigital, Inc. — Senior Research Associate / Program Manager

Dulles, VA • 1997–2005

Government-funded software security research, security analysis tools, and consulting.

Visix Software, Inc. — Software Engineer

Reston, VA • 1997

Cross-platform Java development tools, UI components, and networking libraries.

Key Accomplishments by Role

Developer

Built internal platforms and utilities to support experimentation, data processing, and rapid prototyping of new product capabilities.
Developed cloud-native tools and services for BlackBoiler's SaaS platform
Designed and implemented applications to help manage cloud infrastructure and allow fast deployment of client instances
Developed a tool to automatically generate large sets of test cases of vulnerable code to verify and validate research prototypes
Designed and developed mobile Android apps to display real-time data using the TENA (distributed simulation) protocol
Architected and implemented distributed infrastructure to store, analyze and automatically build ~22TB of "big software" code and features
Helped port TENA middleware to Android
Led development of a security vulnerability scanner for program executables by reusing source-based pattern-detection engines
Designed and developed an Aspect-Oriented Programming (AOP) framework for security vulnerabilities in C
Researched and developed one of the first static and dynamic analysis tools suites for Java Bytecode

Researcher

Principal Investigator on multiple government-funded (DARPA, IARPA, etc) research projects
Developed techniques combining static analysis, dynamic analysis, and concolic execution for vulnerability discovery in large-scale systems.
Designed and built systems for automated analysis of binaries and source code across large corpora.
Created infrastructure and tooling to generate and validate large datasets of vulnerable software for research evaluation.
Authored publications and contributed to patented technologies in software vulnerability detection and analysis.
Researched and developed software for automatic blind building of unknown software applications (C, C++, Android, Java)
Researched and developed a new constraint-optimization technique for whole path-based software analysis of C programs
Researched a new Aspect-Oriented Programming language and aspects for C security vulnerability prevention
Developed new static analysis techniques to extract behavior profiles from Android apps for use in malware analysis tool
Led efforts looking into language-based security issues with resource-constrained wireless devices resulting in a suite of tools to help expose security vulnerabilities with the J2ME reference implementation

Management

Led engineering across R&D, infrastructure, and security/compliance functions as Director of Engineering.
Defined and executed engineering roadmap in partnership with CTO and executive team.
Built operational practices that maintained >99.95% uptime over five years.
Successfully led several research, development and infrastructure teams
Managed and mentored junior developers and researchers as well as co-managed a small research division
Led infrastructure IT team in improving reliability of servers (> 99.9%), rearchitecting backup and restore solutions for corporate data and establishing a solid security posture during acquisition of company
Led multi-company and multi-division collaboration efforts to ratify processes, plans and roadmaps for technical efforts

Technical Leadership

Defined system architecture and technical strategy for a production SaaS platform infrastructure, balancing scalability, security, and cost.
Led SOC 2 Type II certification and ongoing compliance efforts; served as Data Protection Officer (DPO).
Designed and operated Kubernetes-based infrastructure across multiple AWS regions.
Drove adoption of DevSecOps practices including automated security scanning, container security, and compliance automation.
Acted as senior technical advisor, guiding architecture, infrastructure, and security decisions across teams and initiatives.
Advocated for and moved sales team to customized Salesforce platform from disparate Excel spreadsheets
Designed and implemented a corporate-wide developer infrastructure including issue tracker, wiki, continuous integration and version control
Developed product roadmap for commercial products with feedback from management, product team and clients

Selected Publications and Patents

Using Aspect-Oriented Programming to Address Security Concerns — International Symposium on Software Reliability Engineering
The Holy Grail of Software Quality — International Conference on Dependable Systems and Networks
Detecting Software Security Vulnerabilities Using Constraint Optimization — IEEE Workshop on Source Code Analysis and Manipulation
US Patent 7,284,274 — System and method for identifying and eliminating vulnerabilities in computer software applications
US Patent 7,302,707 — Systems and methods for detecting software buffer security vulnerabilities

Education

Ph.D. Program, Educational Technology — Georgia Institute of Technology
M.S., Computer Science — University of Mississippi
B.S., Computer Science — University of Mississippi