Zeyu (Zayne) Zhang
Education
University of Cambridge Oct. 2023 – 2026 (Expected)
B. A. (Hons) in Computer Science Cambridge, England
•
Grade: 1st Class. Highest mark for Object-Oriented Programming. Top 5 in: Databases, Discrete Mathematics, Machine
Learning & Real-world Data, Software & Security Engineering.
•
Cybersecurity Society: Secretary (2024/25) – Represented the University in various international competitions.
∗ 1st place at pwnEd5 finals, hosted by the University of Edinburgh.
∗ 2nd place at the global finals of LakeCTF 2024, hosted by the Swiss Federal Institute of Technology Lausanne.
∗ 3rd place at European finals of CSAW CTF 2023, hosted by New York University.
•
Hughes Hall May Ball (2023/24) – Developed www.hughesmayball.co.uk and managed domain. React · TailwindCSS
•
CUMSA Database Officer (2024/25) – Revamped membership.cumsa.org and admin panel. Next.js · DynamoDB
Experience
Open Government Products Jun. 2024 – Present
Software Engineer Intern Singapore
•
Built & shipped a Next.js app used by HR and team leads to visualize and preview changes to access control policies on the
organization’s GitOps access control solution, reducing human error. This replaces previously ClickOps-heavy workflows.
•
Used Pulumi infrastructure as code to build a Better Stack integration that reduces time-to-triage for vulnerability reports
from several hours to < 1 minute.
•
Initiated and led a project to build open-source secure-by-default components used by developers in production systems and
our starter kit template, making application security easy and invisible. Remediated a Next.js 0-day in the process.
•
Configured CI/CD pipelines including automated NPM package publishing, changelog generation, documentation generation
from TSDoc comments (published to a documentation website), testing and deployment.
•
Initiated and configured advanced static code analysis pipelines across the organization. Wrote and published custom
CodeQL query packs and libraries for data flow analysis on common technologies used, including Next.js, React, and tRPC.
Jane Street, Macquarie Mar. 2024 – Apr. 2024
First-Year Trading & Technology Programme, Technology Spring Insight Programme London, United Kingdom
Cure53 May 2023 – Present
Freelance Security Engineer Berlin, Germany (Remote)
•
Performed 20+ code audits and VAPTs for global clients, including Fortune 20 companies.
•
Targets included web applications, browser extensions, Electron-based desktop applications, and mobile applications.
TikTok Apr. 2023 – Sep. 2023
Security Engineer Intern Singapore
•
Discovered 50+ security vulnerabilities affecting critical internal and external facing services, such as TikTok.
•
Developed Java extension on Burp Suite’s new Montoya API for testing protobuf over both WebSockets and HTTP(s), a
feature not supported by any open-source extension at the time of development.
•
Wrote and deployed to K8s a deliberately vulnerable app in React and Express used as part of an internal competition.
•
Researched at scale: Protobuf over WebSockets, XSS filter bypasses, and rich text editor vulnerabilities.
•
Weaponised a 0-day in an online word processor to harvest employee credentials in a red team operation.
Hackathons & Projects
EurekaPad | Next.js · TailwindCSS · Convex · Clerk · Radix UI · Vercel · Azure Cognitive Services
•
Notion + Jupyter Notebooks for STEM students. Runnable code blocks, intuitive math editor, interactive graphs, etc.
•
Built core features from scratch as a solo developer. Now leading a team of 4 engineers to launch and scale the product.
•
Next iteration of EduAble (below). Supported by Microsoft for Startups.
Echo | Next.js · TailwindCSS · Vercel · Reddit, Twitter API + OAuth
•
Most Promising AI x Web3 Build, 1st Prize @ Encode Club London AI Hackathon 2024
•
Social media aggregator that provides personalised feed for users to regain control of their social media algorithms.
EduAble | Next.js · TailwindCSS · PostgreSQL · Vercel · OpenAI API
•
2nd Place @ Cambridge Generative AI Hackathon 2024, Finalist @ Fitzelerate 2024
•
STEM notetaking app with real-time audio transcription to Markdown & LaTeX, and AI-generated summaries & quizzes.
L
A
T
E
X Source: github.com/zeyu2001/cv | Web Version: cv.analogue.computer
Ambrose | TypeScript · React · TailwindCSS
•
1,200+ downloads.
•
Chrome extension that automatically answers trivia questions and reminds users of pending trivia quizzes in an online game.
Zeno | TypeScript · Express.js
•
Finalist @ STACK the Codes Hackathon 2022
•
Security middleware for Express.js that protects against injection attacks, app-level DoS, SSRF and IDOR vulnerabilities.
Professional Highlights
Speaking Engagements
•
Client-Side Attacks in a Post-XSS World – pwnEd 5 (University of Edinburgh), BSides Cymru/Wales, 2024.
•
XS-Leaks – Client-Side Attacks in a Post-XSS World – BSides London, 2023.
•
HTTP Request Smuggling in the Multiverse of Parsing Flaws – BSides Singapore, 2022.
•
Learn Hacking Through CTF Competitions – Division Zero Bug Bounty Quarter, 2022.
Cybersecurity Vulnerability Research & Bug Bounty 2022 – 2023
•
Discovered security vulnerabilities in popular open-source software. Credited for 15 vulnerabilities in the CVE database.
•
Performed penetration tests for global companies through the HackerOne platform, uncovering > 50 valid security issues.
∗ Achieved maximum lifetime signal-to-noise rating across multiple private & public programs, with zero invalid reports.
∗ Competed against top hackers from around the world and emerged as top bug bounty hunter in the invite-only Ministry
of Defense Bug Bounty Programme 2022 and GovTech Government Bug Bounty Programme 2023.
Cybersecurity Competitions 2022 – 2023
•
Founded Social Engineering Experts, the top Singapore computer security Capture the Flag (CTF) team in 2022 and 2023.
•
Core member and web security player for Blue Water, the global top CTF team in 2023. Finalist @ DEF CON 31-32 CTF.
•
Led organization of SEETF, a global competition with >2,000 players and near-perfect public voting scores in 2022-23.
•
Built cybersecurity challenges attempted by thousands of players in competitions and on platforms such as Hack The Box.
Technical Skills
Languages: TypeScript · Python · Java · OCaml · Go · SQL · L
A
T
E
X
Frameworks: React · Next.js · TailwindCSS · Prisma · Flask · Django
Developer Tools: Git · Docker · Vagrant · Google Cloud Platform · Kubernetes · Unix
Cybersecurity Certifications: OSCP · OSWE · CRT · Burp Suite Certified Practitioner
Honours & Awards
Name Placing Type Scope Awarder Year
Encode Club London AI Hackathon 1
st
Place, AI x Web3 Build Hackathon Global Encode Club 2024
Cambridge Generative AI Hackathon 2
nd
Place Hackathon UK GetSeen Ventures 2024
HackSingapore Finalist (Top 3) Hackathon SG Tribe 2022
STACK the Codes Hackathon Finalist (Top 7) Hackathon SG GovTech 2021
Tech For Good Festival Most Impactful Hackathon SG Engineering Good 2021
Today I Learned AI Camp (University) 4
th
Place AI Hackathon SG DSTA 2021
Government Bug Bounty Programme 8–9 Top Bug Bounty Hunter Bug Bounty Global GovTech 2023
MINDEF Bug Bounty Programme Top Bug Bounty Hunter Bug Bounty Global MINDEF 2022
LakeCTF 1
st
(Finals) Security CTF Global EPFL 2024
BSides Cymru/Wales Community CTF 1
st
Place Security CTF UK Admiral 2024
pwnEd 5 1
st
(Qualifiers), 1
st
(Finals) Security CTF UK University of Edinburgh 2024
DEF CON CTF 1
st
(Qualifiers), 2
nd
(Finals) Security CTF Global Nautilus Institute 2023
HITCON CTF 1
st
(Qualifiers), 9
th
(Finals) Security CTF Global HITCON 2023
CSAW CTF (Europe) 1
st
(Qualifiers) 3
rd
(Finals) Security CTF Europe New York University 2023
HackTM CTF 2
nd
(Finals) Security CTF Global HackTM 2023
Grey Cat The Flag 3
rd
Place Security CTF Global National University of SG 2023
Cyber Defenders Discovery Camp (Uni) 3
rd
Place Security CTF SG DSTA 2022
Cyber SEA Games 2
nd
Place Security CTF SEA AJCCBC 2022
Best in Knowledge (Cyber) - Military Award SG MINDEF/SAF 2021
Distinguished Honor Graduate (Cyber) - Military Award SG MINDEF/SAF 2021
National Olympiad for Informatics Bronze Award Programming SG National University of SG 2019
Singapore Science & Engineering Fair Best Poster Award Research SG MOE, A*STAR 2019
Singapore Statistics Competition 1
st
Place Research SG National University of SG 2019
L
A
T
E
X Source: github.com/zeyu2001/cv | Web Version: cv.analogue.computer
