Calvin Li is a Lead Software Engineer in Application Security with 12 years of experience, based in San Francisco and leading security engineering work at Yelp since 2017. He blends hands-on backend and DevOps skills with pragmatic application security practices—contributing to PaaSTA for secret management and hardening testing pipelines. Calvin is an active open-source contributor, improving widely used projects like Yelp’s detect-secrets to better catch AWS keys and enhancing the Reddit Enhancement Suite for cross-browser compatibility. He focuses on practical, production-ready fixes (timeouts, iptables, CORS/cookie handling) that reduce risk and operational friction. Notably, he explicitly prefers non-fintech/FAANG/crypto/AI roles, signaling a deliberate cultural and domain fit for prospective teams. A UC Berkeley alumnus, he pairs strong engineering fundamentals with a security-first mindset and real-world infrastructure experience.
12 years of coding experience
Bachelor's Degree, Bachelor's Degree at University of California, Berkeley
An enterprise friendly way of detecting and preventing secrets in code.
Role in this project:
Security Engineer
Contributions:55 reviews, 10 commits, 8 PRs in 3 years 2 months
Contributions summary:Calvin contributed to the development of security-related features within the `detect-secrets` repository. Their work included adding a plugin to detect AWS key IDs, enhancing the base plugin class with a whitelist regex check, and removing unnecessary checks from other plugins. Furthermore, the user also made a minor typo fix within a base plugin file. The user's contributions directly improve the tool's ability to identify and prevent secrets in code, specifically targeting AWS keys.
Contributions:8 reviews, 7 commits, 18 PRs in 4 years 1 month
Contributions summary:Calvin contributed to the PaaSTA platform by addressing security-related issues, including modifying timeouts for security checks and preventing the emission of Sensu events. They enhanced the secret management functionality by adding a "paasta secret run" subcommand and clarifying instructions for secret input. Furthermore, the user fixed iptables tests to be compatible with the Jammy OS environment, indicating experience with infrastructure and testing within the PaaSTA ecosystem.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Calvin Li - Lead Software Engineer, Application Security