jp3g.sh

Kevin Romero

Security Engineer

New York, NY kevin.103.romero@gmail.com · updated 2026-05-14

About

Security engineer with experience across web and API exploitation, embedded and firmware reversing, malware reverse engineering, and cloud and CI/CD security. My current focus is AI-assisted offensive automation — building agents and tooling that let a small team find and exploit vulnerabilities at scale.

I’m looking for vulnerability research, capability development, and offensive tooling roles with real technical depth and high autonomy.

Experience

TikTok U.S. Data Security (USDS JV) · Offensive Security Engineer

New York, NY · October 2024 – Present

About TikTok USDS: TikTok U.S. Data Security is a standalone joint venture created to safeguard U.S. user data and the systems that shape what U.S. users see on TikTok. It operates under federally negotiated oversight protocols designed to prevent foreign interference with U.S. user data and content. Practically, that means USDS runs a security program with a threat model most consumer-app teams never have to think about — one where the integrity of the recommendation system itself is treated as a national security concern.

My focus is Content Assurance — hardening the security of TikTok’s recommendation system and the internal tools and platforms that boost, filter, and rank content in U.S. user feeds. The threat model here is unusual: the adversary isn’t always external, and the impact of a vulnerability often isn’t data loss — it’s manipulation of what tens of millions of people see.

Prosper · Infrastructure Software Engineer

Remote · March 2024 – September 2024

About Prosper: A San Francisco–based fintech and one of the earliest peer-to-peer lending platforms in the U.S., founded in 2005. The company has originated more than $28B in personal loans, credit, and home equity products and is regulated under PCI and SOC frameworks, which makes infrastructure security a first-class concern.

As the second hire on the security team, I owned a big surface area — vuln management, detection engineering, IaC policy, and the tooling that ties them together.

Nuro · Offensive Security Engineer

Mountain View, CA · July 2022 – May 2023

About Nuro: An AI-first autonomy company founded in 2016 by veterans of Google’s self-driving car project. Nuro builds the Nuro Driver, an L4 self-driving system with over 1.7M autonomous miles and zero at-fault incidents, now licensed to automakers and mobility providers. Security at Nuro spans web infra, cloud, CI/CD, and the embedded systems running on physical vehicles — a rare combination.

My work spanned embedded devices, internal infrastructure, CI/CD, and the cloud surface tying them together.

Education

University of Connecticut · B.S. Computer Science, Concentration in Cybersecurity

Storrs, CT · 2018 – 2022