Jay Smith is a Senior Principal Security Engineer based in Herndon, VA with 13 years of security-focused engineering experience and a background spanning the NSA, Mandiant, and Google. He combines deep reverse-engineering and emulation expertise—evidenced by contributions to high-profile open-source tooling like Mandiant’s speakeasy (kernel/user emulation) and flare-ida utilities—with practical mitigation work for abusive API behaviors. At Mandiant he rose to Technical Director, applying hands-on malware analysis and tooling to drive detection and response, and now shapes security engineering at scale within Google. His academic foundation includes an MS in Computer Science from Johns Hopkins and a BS in EECS from UC Berkeley, underpinning both systems-level rigor and practical tooling development. Notably, Jay has extended emulation frameworks to handle unsupported instructions and richer protocol/struct definitions, reflecting a knack for making analysis platforms more robust and debuggable. He blends leadership and deep technical craft to translate complex vulnerability research into deployable protections.
13 years of coding experience
Bachelor of Science - BS, Electrical Engineering and Computer Science, Bachelor of Science - BS, Electrical Engineering and Computer Science at UC Berkeley College of Engineering
Contributions:3 reviews, 89 commits, 48 PRs in 8 years 10 months
Contributions summary:Jay contributed to the `mandiant/flare-ida` repository, which is focused on IDA Pro utilities for reverse engineering. Their contributions primarily involved adding and updating utilities and plugins for shellcode analysis and struct type handling. The user also added a struct typer plugin and made updates related to the transition of the git repository.
Contributions:2 reviews, 8 commits, 4 PRs in 8 months
Contributions summary:Jay focused on enhancing the security of the `speakeasy` project, a Windows kernel and user mode emulation framework, specifically by implementing and refining API hammering mitigation techniques. Their contributions include adding a `--no-mp` flag to improve debugging, and developing mechanisms to detect and patch potentially abusive API calls. They also worked on allowing certain APIs to bypass the hammering mitigation.
kernelemulatorwindows-kernelwindowssandbox
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Jay Smith - Senior Principal Security Engineer at Google