Sam Christian

Backend engineer with 14 years of security problems and a habit of solving them at scale. Currently deep in agentic AI — turning analyst workflows into production cloud deployments.

Languages: Python, Golang

Cloud & Infrastructure: AWS, Docker, Kubernetes, Terraform, Ansible, Serverless

Frameworks & Tools: Flask, FastAPI, Elasticsearch, GitLab, CI/CD

Practices: Test-Driven Development, REST APIs, Microservices

Emerging: Agentic AI, Claude Code, Cursor

Salesforce | Lead Threat Intelligence Software Engineer | March 2022 - Present

• Led development of the intelligence ecosystem, providing the security organization access to third-party and internal intel services.
• Provided multiple avenues of access across a variety of use cases: Slack bot, CLI tools, Python libraries, SOAR integrations, and agentic skills.
• Leveraged AI to deliver contextual analysis of cumulative and disparate intelligence data, giving analysts initial assessments.
• Scaled application usage from hundreds to tens of millions of invocations per month.
• Drove Vertex Synapse adoption: built framework for developing, testing, and deploying in-house Power-Ups; re-architected for mirrored instances using Terraform and Ansible per vendor guidance.
• Collaborated across teams to deliver features spanning SOAR, TIP, Case Management, and response platforms.
• Guided analysts and engineers in agentic workflows, emphasizing maintainability and early architectural thinking — taking projects from ad hoc scripts to scaled production cloud deployments.
• Mentored new-grad and mid-level engineers and analysts, fostering an inclusive environment for personal and professional growth.
• Led weekly pair programming sessions, annual hackathons, and cross-team status meetings.
• Brought test coverage from 0% to 85% across dozens of repositories.

Datadog | Threat Detection | October 2020 - March 2022

• Mentored junior team members and interns in coding standards, system design, clean coding practices, and test frameworks.
• Reduced average detection code size by 40%.
• Led effort for continuous security testing via automated attack simulation.
• Overhauled custom alerting platform, adding deduplication, centralized response management, and full traceability and metrics.
• Contributed to hiring across multiple teams, interviewing or evaluating take-home projects for 20+ candidates.
• Maintained and improved legacy infrastructure and applications through security updates, deployments, bug fixes, and features.

Secureworks | Counter Threat Unit | July 2015 - October 2020

Senior Information Research Advisor

• Developed and maintained a malware analysis repository supporting hundreds of threat analysts, processing tens of thousands of samples and dozens of terabytes of data per day — backed by automated discovery, classification, family documentation, and a full-text search API.
• Built deployment pipelines enabling zero-downtime continuous delivery of Python web applications through GitLab CI/CD using Terraform, AWS.
• Developed a microservices template enabling one-command container deployment to AWS ECS via Terraform and bash, with a built-in unit test scaffold.
• Built OSINT vulnerability scrapers to automate hours of manual work for technical writers.
• Led migration of tens of thousands of lines across multiple projects to Python 3 using test ratcheting, open source tools, and good old-fashioned plug and chug.

IID | Threat Intelligence | April 2012 - July 2015

Threat Intelligence Analyst | Developer

• Created Python-based algorithmic systems to detect randomly generated (DGA) and fast-fluxed domains.
• Designed tools to accelerate threat intelligence research: GUIs for spam template analysis, IP maps of infiltrated botnets, botnet emulators, and DGA generators.
• Performed dynamic analysis of malware in sandboxes using memory dumps, registry key monitoring, network traffic analysis, and targeted document scanning.
• Co-developed “Cumulative Intelligence Search Tool” leveraging dozens of APIs to quickly return high-level results for malicious indicators (hashes, URLs, hosts, IPs, and uploaded samples). It grew from an internal tool to a leading product offering adopted by over a dozen organizations before being handed off to a dedicated engineering team.

Education

Western Washington University | BS in Mathematics | Minor in Economics

–

This resume has a CI/CD pipeline. Hosted at https://www.samchristian.info/resume/