Max Moroz is a security engineering leader with 11 years of hands-on experience building and scaling defenses for billion-user platforms, now leading Product and Infrastructure Security at Instacart. He built and grew global teams at ByteDance from 3 to 40 engineers across product security, red team, infra, detection, and governance while embedding automated controls into large SDLCs to improve developer velocity. At Google he was a core developer for ClusterFuzz and OSS-Fuzz adoption, driving hundreds of fuzzers and reporting tens of thousands of bugs across critical open-source projects and shipping tooling like Chrome’s first code-coverage pipeline. Max combines deep technical craftsmanship—contributions to american fuzzy lop, libFuzzer workshop materials, and llvm-cov optimizations—with strategic experience in regulatory engagement, bug bounty modernization, and incident response. He holds advanced training in law and security, and is known for turning research-grade fuzzing and build optimizations into production-grade programs that materially reduce risk.
11 years of coding experience
9 years of employment as a software developer
Executive Education, Executive Education at Stanford University Graduate School of Business
Master's degree, Law, Master's degree, Law at USC Gould School of Law
Master's degree, Computer and Information Systems Security / Information Assurance, Master's degree, Computer and Information Systems Security / Information Assurance at National Research Nuclear University MEPhI (Moscow Engineering Physics Institute)
Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.
Role in this project:
Full-stack Developer
Contributions:5 reviews, 55 commits, 3 PRs in 5 years 2 months
Contributions summary:Max contributed significantly to a workshop repository focused on fuzzing C/C++ projects. They implemented various fuzzers and examples within different lessons, showcasing practical application of fuzzing techniques. The user's work included setting up testing environments, generating test cases, and integrating with tools like radamsa. They also provided source code for libFuzzer, ensuring the workshop participants had necessary resources.
Contributions:4 releases, 1 review, 16 commits in 11 months
Contributions summary:Max primarily focused on maintaining and updating the `afl` project's codebase. Their contributions included bumping the version number, preparing for releases, and fixing bugs related to shared memory operations. They also reverted a change related to default AFL_PATH and fixed a typo. These updates demonstrate a focus on project stability and ongoing maintenance.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Max Moroz - Director Of Security Engineering at Instacart