Andrew Hoffman

Senior Staff Security Engineer at Ripple

Seattle, Washington, United States
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

👤
Senior
🎓
Top School
Andrew Hoffman is a Senior Staff Security Engineer with 11 years of experience designing and hardening web and mobile products for top fintech and enterprise platforms. He has led secure architecture and cross-organizational security initiatives at Ripple and Coinbase, and previously helped build Salesforce’s Locker Service—one of the first JavaScript namespace isolation libraries. An author of a practical O’Reilly book on modern web application security, he blends deep vulnerability research and penetration testing experience with hands-on engineering across front-end and backend stacks. His open-source work includes security-focused contributions to Salesforce’s Aura framework, improving XSS defenses and component sanitization. Based in Seattle, he mentors engineers across levels and consistently translates complex security requirements into deployable tools and internal standards. Notably, he pairs product-minded engineering with academic rigor from dual CS and Economics degrees at the University of Washington.
code11 years of coding experience
job15 years of employment as a software developer
bookBachelors Computer Science (3.52) and Economics (3.56), Bachelors Computer Science (3.52) and Economics (3.56) at University of Washington
languagesEnglish, Spanish
github-logo-circle

Github Skills (6)

security10
javascript10
aura-framework10
web-components10
xss10
testing10

Programming languages (2)

JavaScriptRuby

Github contributions (5)

github-logo-circle
forcedotcom/aura

Nov 2017 - Aug 2018

This project is archived, please see the readme for additional resources.
Role in this project:
userFront-end Developer
Contributions:16 commits in 9 months
Contributions summary:Andrew primarily contributed to the testing and sanitization of web component attributes and JavaScript schemes within the Aura framework. Their work involved writing tests to ensure the security of `xlink:href`, `src`, and `javascript:` schemes, addressing potential vulnerabilities related to cross-site scripting (XSS). The commits also reflect efforts to improve the framework's security model, focusing on the behavior of `SecureElement` and `SecureLocation`. Additionally, the user made changes to support and implement the locker service.
additionalsalesforce-lightninglwcarchivedshadow-dom
and1hof/and1hof.github.io

Mar 2017 - Dec 2022

Contributions:58 commits, 2 PRs, 133 pushes in 5 years 10 months
javascript
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Andrew Hoffman - Senior Staff Security Engineer at Ripple