Jacob Sandum
AeroLeads people directory · profile

Jacob Sandum Email & Phone Number

Security Engineer at Google
Location: Madison, Wisconsin, United States 9 work roles 2 schools
LinkedIn matched
✓ Verified Jul 2026 3 data sources Profile completeness 86%

Contact Signals

LinkedIn Profile matched
3 free lookups remaining · No credit card
Current company
Role
Security Engineer
Location
Madison, Wisconsin, United States
Company size

Who is Jacob Sandum? Overview

A concise factual answer block for searchers comparing this professional profile.

Quick answer

Jacob Sandum is listed as Security Engineer at Google, a with 315106 employees, based in Madison, Wisconsin, United States. AeroLeads shows a matched LinkedIn profile for Jacob Sandum.

Jacob Sandum previously worked as Open Source and Bug Bounty Security Researcher at Freelance and Senior Application Security Engineer at Imanage. Jacob Sandum holds Bachelor Of Science - Bs, Computer Science from University Of Wisconsin-Madison.

Company email context

Email format at Google

This section adds company-level context without repeating Jacob Sandum's masked contact details.

Google

Review company-level records connected to Jacob Sandum before choosing the right outreach path.

Profile bio

About Jacob Sandum

I am a computer science graduate from UW-Madison with a strong interest in offensive security research, reverse engineering, application security, and secure software development. I enjoy developing, understanding, attacking, and securing software. I’m always looking for ways to challenge my technical skills and I love to read exploit write ups and new security research. My favorite blogs are from Google Project Zero, Doyensec, and Zero Day Initiative.I enjoy white box testing of software because I favor reading code to identify potentially dangerous functions and architectures first, and finding ways to trigger the dangerous functionality after. This methodology allows me to excel in AppSec, open source, decompiled, and reverse engineered software security research. I love diving into complex code bases to discover novel attack surfaces. I’m not just a red teamer: I can both identify and patch security issues in codebases. I have experience developing and enhancing security-related frameworks, such as file and crypto libraries.In terms of software development, I have experience with Python, C, Rust, Javascript, Haskell, and Java in professional, academic, and personal projects. I’m the most interested in working with low-level/native applications and protocols. I have experience reverse engineering ARM and x86 assembly. I also have experience developing TCP clients for custom networking protocols and antiquated networking protocols like SunRPC. I also have experience identifying and exploiting memory corruption vulnerabilities through these protocols. My ideal position would involve both analyzing code for security flaws and writing patches or very close involvement with remediation.

Current workplace

Jacob Sandum's current company

Company context helps verify the profile and gives searchers a useful next step.

Google
Google
Security Engineer
California, United States
Website
Employees
315106
AeroLeads page
9 roles

Jacob Sandum work experience

A career timeline built from the work history available for this profile.

Security Engineer

California, United States

Open Source And Bug Bounty Security Researcher

Freelance

Bug bounty and VDPhttps://bugcrowd.com/jacobsandumOpen source software security researchhttps://github.com/sandumjacob

Senior Application Security Engineer

Offensive security / red team lead, continuously identifying high - critical severity novel vulnerabilities in internal and external vendor software. Identified multiple critical memory corruption zero-days in third party software. Created Proof-of-concept stack and heap overflow exploits leading to RCE. Identified the vulnerabilities by reverse engineering x86-64 assembly with Ghidra, creating custom fuzzing harnesses to target sensitive code paths, and triaging AFL++ crashes to identify exploit primitives.Working on both on-prem applications developed in languages like C++ and C#, and cloud applications developed on Java and Kubernetes. Taught team members on how to dissect containers/helm charts to identify security issuesIdentified and helped patch (root cause patch and detection scripts) many high-critical web-based application security flaws.Identified buffer overflow exploits in SunRPC API. Created Python Fuzzer targeting SunRPC procedures defined in XDR with mutated data for identifying additional flaws automatically. Developed Python automation systems for DAST scanning, integrating with both headless ZAP and Burp DAST APIs.Created highly technical security diagrams detailing overall product security architecture.Patched open source software to resolve identified security issues for product teams. Created highly specific remediation options, including source code changes.Developed internal CTF with CTFd and Docker for recruitment, training, and entertainment purposes.Developed Django web server to ingest and display data from internal SAST and DAST tooling in a centralized dashboard. The server interacts with REST and GraphQL APIs.Mentoring team members on software development, software exploitation, and container systems.Setup and ran interviews for red team hiring.

Application Security Engineer Intern

Chicago, Illinois, United States

As an application security intern at iManage, I am responsible for assessing several iManage software products for security defects. The assessment process involves source code review, manual white box testing with debugging, configuring, and analyzing SAST/DAST tooling results. I am also responsible for communicating any findings to the development teams responsible for the affected products and identifying remediation options.My background in software development and my skills in security allow me to excel in this position. I've identified multiple high and critical risk security defects with manual testing in our main products that were previously undiscovered. These findings have been remediated with advisories posted with my advice and insights. Some of them include scripts I've developed to test remediation.I have gained extensive experience securing cloud native applications deployed with AKS. I've also gained extensive experience reverse engineering custom and outdated protocols such as sunRPC/ONCRPC. I've discovered and resolved a significant amount of tangible, high impact security issues. Some of them have resulted in advisories, some were patched before releases. I revamped the DAST program at iManage on my own initiative during my internship by programming a new authentication and crawling mechanism for the tools we used with Python and Bash. It automates and improves our scanning setup by interacting with GraphQL APIs provided by our scanners. I also containerized our scanning setup with Docker and ZAP.I am the security product owner for a product that has a frontend web application developed with Angular Typescript. The frontend interacts with an extensive backend containing several services developed in Java, Python, and C++ that communicate over HTTP and RPC. The product also has a mobile application and a Windows desktop application.

Jun 2023 - Apr 2024

Cybersecurity Operations Center Student Team Lead

Madison, Wisconsin, United States

I was promoted to CSOC Student Team Lead after a round of internal interviews. In addition to the student analyst responsibilities, I managed student scheduling, projects, and assigned tasks.

Nov 2022 - Jun 2023

Intern Cybersecurity Analyst

Madison, Wisconsin, United States

Working as a part time cybersecurity analyst intern, I primarily collect threat intelligence and perform incident response by analyzing daily firewall and endpoint logs. Working with multiple IDS and IPS on the network, this position requires strong log collection and analysis skills. After daily analysis, I escalate incidents to other colleagues for follow up or perform the incident response myself. Incident responses include disabling network devices, disabling accounts, informing departments of issues, testing for SQL injection vulnerabilities, or performing forensics. I also analyze potential phishing emails to determine if they are malicious, if they specifically target the campus, and then determine the phishing hosts. Additionally, I occassionally collect threat intelligence for the cybersecurity team and research vulnerabilities that may affect the campus.Furthermore, I am working on a special project with a senior coworker developing an extensive Python script for generating a monthly departmental cybersecurity report

Oct 2021 - Nov 2022

Support Specialist

Working as a help desk agent at the division of information technology at UW-Madison providing technology support via phone and in person. Involves using IT ticketing software to detail, document, and troubleshoot cases. Involves troubleshooting with software such as Windows, Mac, Office365, Canvas, and Duo. Also includes network troubleshooting with the campus firewall and network access control.

Jun 2021 - Oct 2021

Cybersecurity Research

Minnetonka, Minnesota, United States

Minnetonka Research served as a way to explore academic research in the field of cybersecurity. I began this exploration by creating a homelab, which included several virtual machines running on an isolated LAN. With this homelab, I created a Python script to remotely deploy malware samples onto the homelab and monitor network traffic. This was done in an effort to improve the process of evaluating intelligent network intrusion detection systems published in academic papers.

May 2019 - Jun 2020

Student Researcher

Weevilwerx

Christmas Lake

I worked as a student researcher using Euhrychiopsis lecontei as a biological control agent to prevent the proliferation of Eurasian Watermilfoil in Christmas Lake.

Jul 2019 - Aug 2019
2 education records

Jacob Sandum education

Education record

Minnetonka High School

Activities and Societies: Wrestling, International Baccalaureate

FAQ

Frequently asked questions about Jacob Sandum

Quick answers generated from the profile data available on this page.

What company does Jacob Sandum work for?

Jacob Sandum works for Google.

What is Jacob Sandum's role at Google?

Jacob Sandum is listed as Security Engineer at Google.

Where is Jacob Sandum based?

Jacob Sandum is based in Madison, Wisconsin, United States while working with Google.

What companies has Jacob Sandum worked for?

Jacob Sandum has worked for Google, Freelance, Imanage, Uw-Madison, Division Of Information Technology (Doit), and Minnetonka Research.

How can I contact Jacob Sandum?

You can use AeroLeads to view verified contact signals for Jacob Sandum at Google, including work email, phone, and LinkedIn data when available.

What schools did Jacob Sandum attend?

Jacob Sandum holds Bachelor Of Science - Bs, Computer Science from University Of Wisconsin-Madison.

Find 750M verified contacts

Search by job title, company, industry, location, and seniority. Export verified B2B contact data when you need it.