Mitchell Thomas

Software Architect & Security Engineering Leader

Skills

• Design and architect automated security solutions, including vulnerability scanners and security control assessment systems.
• Foster a “human-in-the-loop” engineering culture, ensuring software architects maintain oversight of automated security tooling.
• Promote security-by-design principles in cloud-native architectures and Kubernetes environments.
• Leverage interactive LLM frameworks to enhance threat modeling and security workflows.
• Languages: Python, Golang, Java, Clojure, C#, Unison
• Frameworks/Platforms: Cursor, Claude Code, Helm, Terraform, AWS, Kubernetes, OpenTelemetry, Kafka, Spark 4

Occupation

Oct 2022 - Present Cloudera, Inc., Portland, OR (remote)

• Principal Engineer, IC7
  • Responsible for the technology direction of Observability and Data Engineering products.
  • Lead 25 engineers delivering secure, cloud-native data engineering product releases on AWS, Azure, and On-Premises (Kubernetes).
  • Developed an interactive LLM framework to enhance team-based threat modeling exercises, accelerating the identification of attack vectors while keeping architects central to validation.
  • Conducted technology research and evaluation of vector database options to build Retrieval Augmented Generation (RAG) solutions.
  • Delivered real time Cloudera Observability features introducing OpenTelemetry and Thanos, capturing over 5 million in revenue.
  • Mentor to engineers focusing on career ladder, improving team and cross-team communications, and increasing productivity through coding assistant tooling.
  • Led cross-functional teams in maintaining 99.9% uptime for cloud-native data services through robust monitoring and proactive infrastructure optimization.
  • Led on-call engineering support rotations, facilitated engineering/support liason meetings prioritizing important engineering escalations and improving process.

Dec 2019 - Jan 2022 Open Cybersecurity Alliance

• Member of Technical Steering Committee and Architecture Working Group

2009 - Oct 2022 Fortra (formerly Tripwire Inc.), Portland, OR

• Senior Software Architect, Principal Developer
  • Managed strategic architect research team focusing on advanced security control assessment technologies and organizational methodology.
  • Lead a lift-and-shift product effort to offer Tripwire Enterprise on AWS cloud services.
  • Introduced Backstage improving team component ownership and decreasing time-to-resolution during on-call duties.
• Senior Developer, Software Architect
  • Principal developer for Tripwire Log Center, architecting the core engine for automated security state assessment across IT infrastructures.
  • Principal developer for many Tripwire products utilizing AWS, Kubernetes, security-focused micro-service patterns and asynchronous messaging
  • Bootstrapped near-shore team of 20 engineers in Mexico.

2004 - 2009 GemTalk Systems (formerly GemStone Inc.), Beaverton, OR

• Architect, Staff Engineer
  • Engineer on GemFire now Apache Geode, a distributed k/v store.

1996 - 2004 DoubleClick Inc. (formerly NetGravity Inc.), San Mateo, CA

• Engineer
  • Engineer on DoubleClick Ad technology acquired by Google in 2007 and still in use today.

Education

1987-1991 BSEE Santa Clara University, Santa Clara, CA

Patents

US Patent 10,313,257 Agent message delivery fairness

US Patent 9,992,230 Assessing security control quality and state in an information technology infrastructure.