Ross Wolf is a software engineer with eight years of experience specializing in security-focused backend systems, compiler design, and query languages. He led design and implementation of Event Query Language (EQL) and its interpreter across endpoint and server stacks at Endgame and Elastic, and contributed to high-profile open-source projects like Elasticsearch by enhancing EQL parsing, optimization, and planning. At Sublime Security he moved prototype systems into production, authored a Message Query Language and a dual-backend compiler supporting Go and SQL, and continues to build detection pipelines that stop email threats. Ross combines deep systems and threat-detection expertise with practical architecture work—refactoring large codebases (including Python 3 migrations) and aligning schemas with MITRE ATT&CK—making him effective at turning research-grade ideas into reliable, auditable production features.
8 years of coding experience
8 years of employment as a software developer
Bachelor of Science (B.S.) Computer Engineering, Bachelor of Science (B.S.) Computer Engineering at University of Illinois Urbana-Champaign
Contributions:764 reviews, 209 commits, 167 PRs in 1 year 4 months
Contributions summary:Ross contributed significantly to the development of the KQL (Kibana Query Language) module within the `detection-rules` repository. Their primary contribution was implementing a KQL parser, suggesting a focus on building and enhancing the core functionality related to threat detection and hunting. The user's work involved significant code changes in Python, specifically related to parsing and processing of KQL queries. The user also added Kibana connectors and updated fleet integrations.
Contributions:35 reviews, 10 commits, 12 PRs in 1 year 7 months
Contributions summary:Ross primarily contributed to enhancing the Elastic Common Schema (ECS) project. Their work focused on adding new field sets, specifically related to Windows Registry operations, DLLs, PE files, and digital code signatures, which suggests a focus on system event and security data. Furthermore, the user converted the project to Python 3 and refactored multiple project files. They also improved and updated the project's threat modeling aspects by incorporating MITRE ATT&CK framework references and updated documentation, showing significant architectural contributions.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.