1. Akamai

Recently there was a Akamai Bandwidth spike in Ameriprise public site and I led the initiative to improve the same. I identified the rootcause and came up with short term and long term plan. Just for short term, I optimized the assets like images and fonts, improved the import cost, for long term I created a workflow for the team to enable bundle size monitoring which notifies whenever it exceeds the threshold value

Situation: Recently at Ameriprise, we encountered a sudden Akamai bandwidth spike on the public-facing site

Task: I was tasked with leading the initiative to investigate and resolve the issue, with a focus on both immediate performance stabilization and long-term prevention.

Action: I conducted a thorough analysis and identified the root cause of the bandwidth spike. In the short term, I optimized assets such as images and fonts and reduced the import cost to quickly mitigate the issue. For the long term, I designed and implemented a workflow for the team that monitors bundle sizes and sends alerts whenever they exceed a defined threshold.

Result: These efforts led to a significant reduction in bandwidth usage and established a proactive monitoring system, ensuring sustained performance improvements and reduced risk of future spikes.

2. Tell me about a time you failed. How did you deal with the situation?

Situation: While working at Oracle as the SPOC for JET security, I was responsible for reviewing and addressing security vulnerabilities reported by Fortify.

Task: During one of the security audits, I encountered a warning related to hardcoded sensitive information. Initially, I underestimated its impact and did not prioritize it for immediate action.

Action: Upon further review, I realized that the warning pointed to a real and potentially critical security issue. Acknowledging the oversight, I took full ownership and promptly addressed the vulnerability by removing the hardcoded data and replacing it with a secure configuration. I also updated our internal checklist to ensure such issues are flagged earlier in the review cycle.

Result: The issue was successfully resolved before the release, preventing any potential security breaches. The experience reinforced the importance of thorough analysis and not dismissing any security warnings prematurely. It also led to improved security review practices across the team.

PERFORMANCE STORY

Situation:

Recently at Ameriprise, we experienced a significant bandwidth spike on the public-facing site, impacting performance and potentially increasing cost through Akamai usage.

Task:

I was assigned to lead the initiative to analyze and address this issue, aiming for both short-term mitigation and long-term sustainability, while improving our web performance standards and observability.

Action:

I approached the problem using a structured performance optimization framework:

Step 1: Measure First — Identified Performance Bottlenecks

Conducted in-depth analysis using Chrome DevTools, Google Lighthouse, and WebPageTest.

Monitored Core Web Vitals (LCP, FID, CLS) and Real User Monitoring via New Relic to diagnose the root cause.

Detected large JavaScript bundles, unoptimized images, and import inefficiencies causing high Time to First Byte (TTFB) and elevated LCP.

Step 2: Optimized Asset Delivery (Short-Term Fixes)

Compressed and converted all major image assets to modern formats like WebP.

Used native loading="lazy" for images and components to defer off-screen content.

Minified and compressed JS/CSS/HTML using Webpack and enabled Gzip compression.

Reduced web font size and used font preloading to prevent render-blocking behavior.

Step 3: Reduced JavaScript Payload

Audited bundles using webpack-bundle-analyzer and removed unused or oversized dependencies.

Applied code splitting and dynamic imports (React.lazy) to break down large bundles.

Enabled tree shaking to eliminate dead code from third-party libraries.

Step 4–7: Frontend Performance Enhancements

Eliminated render-blocking resources by deferring and async-loading non-critical scripts.

Inlined critical CSS for above-the-fold content to improve FCP.

Implemented HTTP/2, optimized API responses, and reduced network requests through smarter data fetching.

Step 8–10: Long-Term Monitoring and Workflow Implementation

Developed a CI-integrated performance monitoring workflow that tracks bundle size and sends alerts if it exceeds defined thresholds.

Added Lighthouse CI to our pipeline for automated audits and regressions.

Set up performance budgets and real-time RUM dashboards via Datadog and New Relic.

Result:

Reduced Akamai bandwidth usage by ~35% within a week.

Improved LCP by over 1s, brought FID under the recommended 100ms, and eliminated most layout shifts (CLS < 0.1).

Established a sustainable performance culture with tooling, automation, and monitoring—ensuring this issue doesn’t recur and new features stay performant by default.

SECURITY STAR

Situation:

At Oracle, the JET team was responsible for releasing secure and scalable UI components and developer tools, including the JET Cookbook—a high-visibility resource containing live code examples used by enterprise developers globally. Prior to a major release, the team needed to strengthen application security, ensure compliance with enterprise standards, and pass internal audits like Fortify and third-party assessments.

Task:

I was tasked with leading the security review and remediation efforts for the JET Cookbook site and related CorePack components. This included ensuring protection against XSS attacks, enforcing Content Security Policy (CSP), resolving third-party dependency vulnerabilities, and integrating security practices into our release lifecycle.

Reviewed Oracle JET Security release and improved XSS, CSP, 3rd party, fortify, and companion audits, JET Audit Framework

Action:

I implemented a comprehensive approach using the following security best practices and tools:

Static Code Analysis

Integrated ESLint with security plugins like eslint-plugin-security and eslint-plugin-xss to flag risky patterns such as use of eval(), innerHTML, and unescaped output.

Configured custom lint rules to enforce no-eval, no-new-func, and strict content sanitization.

Dependency Scanning

Ran npm audit and integrated Snyk to detect and patch known vulnerabilities in third-party packages used by the cookbook and JET components.

Content Security Policy (CSP) Hardening

Evaluated and strengthened CSP headers using CSP Evaluator and Mozilla Observatory, blocking inline scripts and unsafe evals.

Used CSP Builder to define strict rules for trusted domains and resource types.

Vulnerability Testing and Secure Coding Audits

Performed dynamic scanning using Fortify and OWASP ZAP, identifying XSS and DOM-based vulnerabilities across interactive components like Preact-based menus, image renderers, and data-driven links.

Leveraged the JET Audit Framework (JAF) to automate validation of secure coding practices and checklist compliance.

Addressed audit findings proactively before every release, ensuring zero critical or high-severity vulnerabilities in final scans.

Secure Build & Release Process

Integrated security audits into the CI/CD pipeline to prevent regressions.

Documented and contributed to a Security Readiness Checklist for future contributors and component authors.

Result:

Reduced high and medium security issues by ~80% in the JET Cookbook and CorePack builds before the official release.

Passed internal and external audits (including Fortify, companion audits) with no blocker vulnerabilities.

Improved developer security awareness and created a repeatable audit process for future releases using JAF and CSP evaluation tools.

Reinforced Oracle’s reputation for delivering secure and enterprise-grade tooling in their front-end offerings.

ROLES & RESPONSIBILITIES

1. Performance Optimization & Monitoring

Spearheaded bandwidth optimization initiatives, leading to significant reductions in JavaScript bundle sizes (e.g., 42.8% reduction in vendor.js).

Continuously monitored and enhanced frontend performance using tools like Lighthouse, WebPageTest, Webpack Bundle Analyzer, CrUX Dashboard, and RUM (Real User Monitoring) tools.

Proactively improved Core Web Vitals (LCP, CLS, FID/INP) by implementing strategies such as lazy loading, code splitting, asset compression, and performance profiling.

🔹 2. Build Tools & Architecture Upgrades

Led the upgrade from Webpack 4 to Webpack 5, enabling better tree-shaking, improved caching, faster builds, and reduced bundle sizes across the board.

Defined and enforced modern build optimizations using advanced bundling strategies and performance budgets.

🔹 3. Component Design & System Development

Designed and developed next-gen, scalable, and responsive components for large-scale projects (e.g., Ameriprise public site revamp), directly contributing to a 10% increase in user engagement.

Built and owned critical UI modules, such as financial calculators, advisor tools, and content-driven pages, ensuring maintainability, accessibility, and cross-browser compatibility.

🔹 4. Site Reliability & Deployment

Took end-to-end ownership of production deployment pipelines using Jenkins, ensuring reliable and timely delivery of frontend updates.

Collaborated closely with DevOps, QA, and backend teams to integrate CI/CD best practices and streamline releases.

🔹 5. Security & Compliance

Implemented strict Content Security Policy (CSP) directives to harden application security and resolve compliance issues during audits.

Worked closely with security teams to perform vulnerability scans and address issues related to third-party packages and runtime behavior.

🔹 6. Data-Driven Engineering & User Impact

Used real-world usage metrics to guide optimizations for scale — e.g., reducing bandwidth consumption for 2M+ users, saving several gigabytes of data monthly.

Designed pages and experiences that positively impacted KPIs such as page load time, engagement rate, and bounce rate.

🔹 7. Technical Leadership & Mentorship

Led cross-functional initiatives and collaborated with design, backend, and analytics teams to drive product features from idea to production.

Provided guidance on frontend architecture, code quality, and best practices to junior developers and peers.