Zeyu (Zayne) Zhang

Email: [email protected] | Website: analogue.computer | LinkedIn: www.linkedin.com/in/zhang-zeyu

Education

University of Cambridge Oct. 2023 – 2026 (Expected)

B. A. (Hons) in Computer Science Cambridge, England

•

Grade: 1st Class. Highest mark for Object-Oriented Programming. Top 5 in: Databases, Discrete Mathematics, Machine

Learning & Real-world Data, Software & Security Engineering.

•

Cybersecurity Society: Secretary (2024/25) – Represented the University in various international competitions.

∗ 1st place at pwnEd5 ﬁnals, hosted by the University of Edinburgh.

∗ 2nd place at the global ﬁnals of LakeCTF 2024, hosted by the Swiss Federal Institute of Technology Lausanne.

∗ 3rd place at European ﬁnals of CSAW CTF 2023, hosted by New York University.

•

Hughes Hall May Ball (2023/24) – Developed www.hughesmayball.co.uk and managed domain. React · TailwindCSS

•

CUMSA Database Oﬃcer (2024/25) – Revamped membership.cumsa.org and admin panel. Next.js · DynamoDB

Experience

Optiver Jul. 2025 – Sep. 2025

Incoming Software Engineer Intern Amsterdam, Netherlands

Open Government Products Jun. 2024 – Sep. 2024

Software Engineer Intern Singapore

•

Built & shipped a Next.js app used by HR and team leads to visualize and preview changes to access control policies on the

organization’s GitOps access control solution, reducing human error. This replaces previously ClickOps-heavy workﬂows.

•

Used Pulumi infrastructure as code to build a Better Stack integration that reduces time-to-triage for vulnerability reports

from several hours to < 1 minute.

•

Initiated and led a project to build open-source secure-by-default components used by developers in production systems and

our starter kit template, making application security easy and invisible. Remediated a Next.js 0-day in the process.

•

Conﬁgured CI/CD pipelines including automated NPM package publishing, changelog generation, documentation generation

from TSDoc comments (published to a documentation website), testing and deployment.

•

Initiated and conﬁgured advanced static code analysis pipelines across the organization. Wrote and published custom

CodeQL query packs and libraries for data ﬂow analysis on common technologies used, including Next.js, React, and tRPC.

Insight Programmes 2024

•

Jane Street: One of 60 selected participants for the First-Year Trading & Technology Programme.

•

IMC Trading: One of 15 selected participants for Launchpad. 4th place in the individual low-latency challenge.

•

Macquarie Group: One of 30 selected participants for the Technology Insight Programme.

Cure53 May 2023 – Present

Freelance Security Engineer Berlin, Germany (Remote)

•

Performed 20+ code audits and VAPTs for global clients, including Fortune 20 companies.

•

Targets included web applications, browser extensions, Electron-based desktop applications, and mobile applications.

TikTok Apr. 2023 – Sep. 2023

Security Engineer Intern Singapore

•

Discovered 50+ security vulnerabilities aﬀecting critical internal and external facing services, such as TikTok.

•

Developed Java extension on Burp Suite’s new Montoya API for testing protobuf over both WebSockets and HTTP(s), a

feature not supported by any open-source extension at the time of development.

•

Wrote and deployed to K8s a deliberately vulnerable app in React and Express used as part of an internal competition.

•

Researched at scale: Protobuf over WebSockets, XSS ﬁlter bypasses, and rich text editor vulnerabilities.

•

Weaponised a 0-day in an online word processor to harvest employee credentials in a red team operation.

Hackathons & Projects

EurekaPad | Next.js · TailwindCSS · Convex · Clerk · Radix UI · Vercel · Azure Cognitive Services

•

Supported by Microsoft for Startups. Recipient of the SUTD Baby Shark Fund grant.

•

Notion + Jupyter Notebooks for STEM students. Runnable code blocks, intuitive math editor, interactive graphs, etc.

EduAble | Next.js · TailwindCSS · PostgreSQL · Vercel · OpenAI API

•

2nd Place @ Cambridge Generative AI Hackathon 2024, Finalist @ Fitzelerate 2024

•

STEM notetaking app with real-time audio transcription to Markdown & LaTeX, and AI-generated summaries & quizzes.

X Source: github.com/zeyu2001/cv | Web Version: cv.analogue.computer

Echo | Next.js · TailwindCSS · Vercel · Reddit, Twitter API + OAuth

•

Most Promising AI x Web3 Build, 1st Prize @ Encode Club London AI Hackathon 2024

•

Social media aggregator that provides personalised feed for users to regain control of their social media algorithms.

Ambrose | TypeScript · React · TailwindCSS

•

1,200+ downloads.

•

Chrome extension that automatically answers trivia questions and reminds users of pending trivia quizzes in an online game.

Zeno | TypeScript · Express.js

•

Finalist @ STACK the Codes Hackathon 2022

•

Security middleware for Express.js that protects against injection attacks, app-level DoS, SSRF and IDOR vulnerabilities.

Professional Highlights

Speaking Engagements

•

Client-Side Attacks in a Post-XSS World – pwnEd 5 (University of Edinburgh), BSides Cymru/Wales, 2024.

•

XS-Leaks – Client-Side Attacks in a Post-XSS World – BSides London, 2023.

•

HTTP Request Smuggling in the Multiverse of Parsing Flaws – BSides Singapore, 2022.

•

Learn Hacking Through CTF Competitions – Division Zero Bug Bounty Quarter, 2022.

Cybersecurity Vulnerability Research & Bug Bounty 2022 – 2023

•

Discovered security vulnerabilities in popular open-source software. Credited for 15 vulnerabilities in the CVE database.

•

Performed penetration tests for global companies through the HackerOne platform, uncovering > 50 valid security issues.

∗ Achieved maximum lifetime signal-to-noise rating across multiple private & public programs, with zero invalid reports.

∗ Competed against top hackers from around the world and emerged as top bug bounty hunter in the invite-only Ministry

of Defense Bug Bounty Programme 2022 and GovTech Government Bug Bounty Programme 2023.

Cybersecurity Competitions 2022 – 2023

•

Founded Social Engineering Experts, the top Singapore computer security Capture the Flag (CTF) team in 2022 and 2023.

•

Core member and web security player for Blue Water, the global top CTF team in 2023. Finalist @ DEF CON 31-32 CTF.

•

Led organization of SEETF, a global competition with >2,000 players and near-perfect public voting scores in 2022-23.

•

Built cybersecurity challenges attempted by thousands of players in competitions and on platforms such as Hack The Box.

Technical Skills

Languages: TypeScript · Python · Java · OCaml · Go · SQL · L

Frameworks: React · Next.js · TailwindCSS · Prisma · Flask · Django

Developer Tools: Git · Docker · Vagrant · Google Cloud Platform · Kubernetes · Unix

Cybersecurity Certiﬁcations: OSCP · OSWE · CRT · Burp Suite Certiﬁed Practitioner

Honours & Awards

Name Placing Type Scope Awarder Year

Encode Club London AI Hackathon 1

Place, AI x Web3 Build Hackathon Global Encode Club 2024

Cambridge Generative AI Hackathon 2

Place Hackathon UK GetSeen Ventures 2024

HackSingapore Finalist (Top 3) Hackathon SG Tribe 2022

STACK the Codes Hackathon Finalist (Top 7) Hackathon SG GovTech 2021

Tech For Good Festival Most Impactful Hackathon SG Engineering Good 2021

Today I Learned AI Camp (University) 4

Place AI Hackathon SG DSTA 2021

Fitzelerate Finalist (Top 7) Entrepreneurship UK Fitzwilliam College 2024

Government Bug Bounty Programme 8–9 Top Bug Bounty Hunter Bug Bounty Global GovTech 2023

MINDEF Bug Bounty Programme Top Bug Bounty Hunter Bug Bounty Global MINDEF 2022

LakeCTF 1

(Finals) Security CTF Global EPFL 2024

Mine the Matrix Finalist (Top 30) Security CTF Europe Bending Spoons 2024

BSides Cymru/Wales Community CTF 1

Place Security CTF UK Admiral 2024

pwnEd 5 1

(Qualiﬁers), 1

(Finals) Security CTF UK University of Edinburgh 2024

DEF CON CTF 1

(Qualiﬁers), 2

(Finals) Security CTF Global Nautilus Institute 2023

HITCON CTF 1

(Qualiﬁers), 9

(Finals) Security CTF Global HITCON 2023

CSAW CTF (Europe) 1

(Qualiﬁers) 3

(Finals) Security CTF Europe New York University 2023

HackTM CTF 2

(Finals) Security CTF Global HackTM 2023

Grey Cat The Flag 3

Place Security CTF Global National University of SG 2023

Cyber Defenders Discovery Camp (Uni) 3

Place Security CTF SG DSTA 2022

Cyber SEA Games 2

Place Security CTF SEA AJCCBC 2022

Best in Knowledge (Cyber) - Military Award SG MINDEF/SAF 2021

Distinguished Honor Graduate (Cyber) - Military Award SG MINDEF/SAF 2021

National Olympiad for Informatics Bronze Award Programming SG National University of SG 2019

X Source: github.com/zeyu2001/cv | Web Version: cv.analogue.computer