rjamet

Raphaël Jamet
Software security engineer

Work experience

Software engineer at Google Zürich (May 2015 - Feb 2020)

I used to work in the Information Security Engineering team (a generalist product security team) at Google. My role was to design, develop and maintain systems that prevent entire classes of security bugs from being written in the first place, by influencing all the steps in the software lifecycle: initial design reviews, tooling recommendations, static analysis, code reviews, consulting, all the way through analysis of bug bounty reports.

More specifically, I focused on client-side XSS prevention: through a combination of processes that involve static analysis early in the developer experience, building libraries such as the Closure goog.html types, and security engineer consultations on-demand, we managed to get mostly rid of DOM-based XSSes in our TypeScript stacks. I worked closely with the Angular web framework and with TSLint, but also spent some time applying those principles to other types of bugs and doing more general security consulting work, and I took care of my share of the team's consulting load.

I also participated in other efforts from the broader team: my background in cryptography and networking let me take on security reviews revolving around those concerns, I wrote two challenges for the Google CTF, I hosted interns, helped interview candidates, ...

Before:

Education

PhD thesis: Protocols and Models for the Security of Wireless Ad-Hoc Networks (2011-2014)

[link to theses.fr]

Supervised by Dr. Pascal Lafourcade (with the help of Stephane Devismes and Karine Altisen), in Verimag, Université de Grenoble, and defended on 3/10/14.

The goal of my PhD was to build and analyze secure protocols for wireless ad-hoc networks. Because of the material constraints (energy, computing power, memory, reliability) and the cooperative nature of these networks, the protocols must guarantee continued operation in presence of faults or deliberate attacks. We developed several models and protocols:

Other

Skills

I speak and write French and English fluently, and have some notions of high German. I'm mostly using TypeScript, JavaScript and Java nowadays. I used to write Perl and C commonly, and have some notions of SQL, C++, Python and Golang.