Anthony James Trujillo ("Tony")

Herriman, UT · 801-652-6242 · ajtrujillo68@gmail.com · LinkedIn

0.04% Escaped Defect Rate · 10+ Years

Professional Summary

Principal Software Engineer · AI Force Multiplier · Architecture · Zero Trust · Identity · Compliance

IETF Internet-Draft author — draft-tonyai-a2a-trust-00, agent-to-agent trust and AI governance — routed to IETF Security working group track on day one. Hands-on Principal Engineer building secure enterprise systems at scale. Known as "TonyAI" for agentic workflows that cut delivery time 3× while holding a 0.04% defect rate across 10+ years. Deep expertise in Zero Trust security, identity (Auth0, Okta, Entra ID, SAML 2.0, OAuth2), AWS, and microservices. Exceeds Expectations across every role and every company — highest code output engineer across multiple consulting engagements. Volunteered for the highest-stakes assignments, drove feasibility spikes before full commitment, and pushed back on management to protect code quality. The result: zero critical production bugs, zero support calls for login or access failures.

Technical Core

Engineering Leadership & Communication: Team Leader, Scrum Master, Agile Ceremonies (Sprint Planning, Retrospectives, Standups, Reviews), Monthly 1:1s, Team Advocate (carried concerns to management), Feasibility Spikes, Technical Design Docs, Pitch & Proposal, Tech Debt Management, Shift-Left Engineering (local & pipeline code coverage, security scans), Code Reviews, DB Reviews, Mentorship & Team Enablement, Constructive Feedback Culture, Psychological Safety & Collaborative Culture, Cross-functional Communication (Engineering, Legal, Security, PM, InfoSec), Vendor Evaluation & Selection, Stakeholder Management.

AI & GenAI (SME): Agentic Workflows (Cursor, Claude Code, GitHub Copilot, GitLab Duo), Large Language Models (LLMs), Prompt & Context Engineering, MCP, RAG, AI Agent Orchestration, AI Agents, MCP Servers, Agent Skills, Claude in Amazon Bedrock, A2A Trust, Agent-to-Agent Identity, AI Cost Engineering, Token Budgeting, Bedrock Knowledge Base, Bedrock Guardrails, OpenAPI/Swagger.

Identity & Security (SME): Zero Trust Architecture, Authentication (AuthN), Authorization (AuthZ), Spring Security, SAML 2.0, OAuth2, OIDC, PKCE, WebAuthn, FIDO2, Auth0, Auth0 Custom Login UI (Vue, React, JS), IdP Claims & Scopes Mapping, Token Claims Customization, Okta, Entra ID, JumpCloud, Keycloak, CheckPoint, SSO Deployment & Rollout, IdP Provisioning (internal & enterprise DSO), M2M Identity, Customer-Facing SSO Verification, MFA, RBAC, ReBAC, SCIM, JIT Provisioning, User Federation, JWT, SOC2, PCI-DSS, Worldpay, Wireshark, Fiddler, Snyk, Pen-Test Remediation.

Cloud & Platform Engineering: AWS EKS, ECS, S3, SES, SQS, SNS, Lambda, API Gateway, KMS, IAM, IAM Policies, Amazon Verified Permissions, Cedar, Cognito, Amplify, Organizations, CloudFormation, EventBridge, CloudTrail, CloudWatch, GuardDuty, Config, Audit Manager, AWS CloudShell, AWS CodeCommit; Azure (Entra ID); Terraform, YAML IaC, Bash.

CI/CD & Platform Engineering: GitLab CI/CD, GitHub Actions, Harness, TeamCity, AWS CodeCommit, Kubernetes, Helm, Docker, Ansible, GitLab Vault, Secrets Management in Pipelines, Ephemeral Environments, YAML IaC.

Backend (Java/C++/C#): Python, TypeScript, Java 17, Spring Boot, Spring MVC, C, C++, C#, .NET, Go (familiar), Groovy/Grails, Node.js, Kafka (DDD/Avro), RabbitMQ, WebSockets, HL7 (Health Level 7), X12 (ASC X12 EDI — claims 837 / EOB 835), Microservices, Monolith to Microservices Migration, Distributed Computing, Asynchronous Systems, Event-Driven Architecture, Software Architecture and Design, DDD, REST, Apigee, OpenFeign, Twilio, Maven, Gradle, JUnit, Spock, Mockito, JaCoCo, Software Testing, SOLID, DRY, Agile, Scrum.

Frontend: React, Vue.js, JavaScript, jQuery, Backbone, HTML5, CSS3, SASS.

Data: DDL, DML, DB Performance Tuning, Query Optimization, Schema Design, Oracle 19c, PostgreSQL, MySQL, MSSQL, Azure SQL Edge, NoSQL, Liquibase, Flyway, Hibernate, GORM, JPA, Spring Data.

Observability: Dynatrace, Splunk, AppDynamics, CloudWatch, Spring Boot Actuator, Performance Tuning, SLA/SLO Monitoring.

Security Portfolio (Between roles — running code, live demos)Co-piloted by Claude Code

tonyt68.github.io/portfolio — 7 live PoCs, running demos, IETF Draft, Anthropic certifications

github.com/tonyt68/ietf-a2a-trust-poc — Working PoC: JWT chains, HMAC integrity, ReBAC, cryptographic audit trail

Experience

Henry Schein One — Herriman, UT

Principal Software Engineer / Team Lead | July 2023 – April 2026

AI Force Multiplier: Pioneered agentic Cursor/Claude Code workflows that cut delivery time 3×; built repeatable playbooks adopted across the team. Set HSO sprint velocity record: 17 story points — unmatched by any other engineer. Refactored security codebase 3 times in Cursor beta with fast feedback loops and shift-left practices — caught bugs earlier, reduced rework, accelerated learning. Shifted to AI-generated test suites with Claude Code — same rigor, 3× the coverage velocity.
AI Safety & Deployment Framework: Engineered methodology for safe, high-velocity AI-assisted development: shift-left architecture review (design before code), isolated contexts (git branches + separate AI sessions), backup strategies (rollback plans + cryptographic audit trails), atomic changes (single-problem commits), human gates (code review + security gates), tight feedback loops (deploy → observe → improve). Framework deployed across HSO with zero production defects and 3× team velocity. Applicable to any engineering organization scaling AI safely.
AI Evaluation & Adoption: Selected for company AI evaluation team — assessed Cursor, GitHub Copilot, GitLab Duo, and Claude; recommended Cursor for company-wide rollout. Ranked top 50 company-wide for Cursor usage.
10+ Year Quality Record: Sustained 0.04% escaped defect rate across all product cycles and multiple roles. Team recognized by SVP of Engineering and CTO as the highest-performing in the company — highest velocity, highest output, lowest defect rate.
Auth0 MFA — Enterprise-Scale User Base: Sole architect, implementer, and rollout owner for Auth0 login and MFA flows including SCIM provisioning — no Auth0, Okta, or Microsoft professional services engaged. Worked directly with Auth0 engineering teams to resolve complex edge cases. Zero production defects at launch; led team of 5 through custom login UI, adaptive MFA (risk-based), and SMS via Twilio. Platform sustained thousands of concurrent logins 3× daily — app tier scaled horizontally on EKS, Auth0 tenant sized correctly from day one; zero 429 rate-limit errors across the full production lifecycle. Conducted WebAuthn/FIDO2 PoC in React evaluating passwordless authentication paths.
M2M & User Identity — Secure 3rd Party Integrations: Architected and implemented both machine-to-machine (OAuth2 client credentials) and user-delegated identity flows for secure 3rd party integrations — including Worldpay payment processing and partner platform APIs. PCI-DSS compliant by design; every integration inherits the same identity model, scoped access, and audit trail as first-party services.
Greenfield Identity Platform Leadership: Owned full lifecycle for every major identity initiative — greenfield design, golden path implementation, e2e integration testing, customer-facing IDP provisioning, and production rollout. Designed Auth0 identity golden path from scratch; implemented across PMS; trained teams on security patterns and platform design so they could own it independently. Authored user migration communications, end-user help documentation, and support runbooks ahead of each launch. Led enterprise customer IDP provisioning calls directly — sole technical point of contact for DSO onboarding, no professional services from Auth0, Okta, or Microsoft. Three other HSO product lines adopted the SAML 2.0 golden path independently, converting one engineering investment into a cross-product competitive differentiator.
Entra ID SSO — Workforce Identity: RBAC + JIT provisioning for 200+ internal users; eliminated all manual production DB provisioning — IT could fully provision new hires from day one with zero DB intervention.
IdP Federation & DSO Adoption: Designed Auth0 IdP federation for PMS's largest DSO enterprise customers — proposal accepted by the first DSO on first presentation. Delivered self-service email de-duplication and PIN step-up auth; both became platform standards adopted across all PMS products. Architected with SOC2 as a first-class constraint.
Web Threat, Bot Defense & Fraud Prevention: Neutralized two simultaneous live attacks — a bot-driven DDoS flooding the login endpoint at thousands of requests/sec, exhausting Auth0 resources and causing 504s platform-wide; and a data exfiltration campaign hammering millions of records/sec consuming system resources. Identified root cause in both, stopped both, platform stayed online. Invented Session Kill Switch — neutralized session hijacking and fraudulent session reuse in real time, zero data exposure. SOC2 maintained throughout.
Security Guru & Vendor Authority: Designated primary advisor across InfoSec, Engineering, and Product for all identity and security decisions. Evaluated and selected third-party identity providers and security vendors — Auth0, Okta, Entra ID — owned the recommendation, the integration, and the outcome. Translated compliance requirements into shippable architecture without direct authority; built security as an organizational discipline adopted across all product teams.
Full SDLC Ownership & Shift-Left: Owned end-to-end SDLC for all delivered work — architecture, implementation, CI/CD pipelines (GitLab/Harness with Snyk, SpotBugs, JaCoCo, Jest), security gates, deployment, and post-launch support. Implemented shift-left practices: local code coverage gates, pre-commit security scans, architecture review before implementation. Caught bugs at design/code time, not production. No handoffs, no gaps in the chain.
SDLC Automation & Scaling: 90% reduction in support tickets via AWS event-driven automation (SES, SQS, SNS); built Email Bounce Engine as a platform service — automated suppression list handling eliminated manual whitelists, adopted across multiple teams and 4 PMS web applications company-wide, empowering user admins to fix and debug email delivery issues themselves; performance scaling and pod health monitoring across Kubernetes/EKS with real-time observability.
Proprietary Inventions: Magic Mint (context-aware token binding), Actions Mapping Engine (DB-driven OBO auth), Session Kill Switch, Email Bounce Engine, PIN Step-Up Auth.
Security Patterns & Platform Design Training: Authored and taught HSO-wide security patterns (threat modeling, authorization boundaries, audit trails, compliance architecture). Trained teams on identity platform design so they could architect and implement identity solutions without external dependencies. Created repeatable patterns for greenfield projects, reducing time-to-production for new initiatives across the company.
Mentorship at Scale: Onboarded engineers to 90% of the PMS domain; taught the full identity stack so teams could build and operate it independently.
System Escalation & DevOps Bridge: Go-to engineer during production outages — bridged DevOps and PMS internals knowledge to triage fast, minimize customer impact, and land the right fix the first time.
Legacy: Post-departure, HSO stood up a dedicated AppSec team to replace the security work previously owned by one engineer. All Auth0 PMS code in production — still bug-free. Zero support calls reporting login or access failures across the entire enterprise user base.

KeSTA I.T. — State of Utah — Salt Lake City, UT

Lead Java Developer | October 2022 – July 2023

Oracle-to-PostgreSQL Migration: Zero data loss; cut query response time from minutes to seconds via targeted indexing and query refactoring. Two senior architects independently said they had never seen that volume and quality from one engineer in that timeframe — unprompted.
Stack Modernization: Java 8 / AngularJS → Java 17 / Spring Boot / Angular in a high-security government environment.
CI/CD & API Standards: GitHub Actions pipelines with automated quality gates; OpenAPI/Swagger specs eliminating cross-team integration friction.

Henry Schein Practice Solutions — Herriman, UT

Principal Software Engineer / Team Lead | June 2021 – October 2022

Monolith-to-Microservices: Grails 3 → Java 17 / Spring Boot decomposition cut deployment time from 1.5 hours to 13 minutes.
Pen-Test Remediation: Closed all critical and medium findings in 3 sprints; zero findings against SSO/auth flows — Security-by-Design from day one.
Security-by-Design CI/CD: GitLab/Harness pipelines with Snyk, SpotBugs, CheckStyle, JaCoCo, and Jest — automated quality and security gates on every commit.
Infrastructure as Code: Terraform IaC for the Spring Security gateway — provisioned, versioned, and auditable from first deploy.
Team Enablement: Mentored engineering and QA on Kafka patterns, identity standards, and Event Storming; reduced onboarding time for event-driven service design.

Henry Schein One / Henry Schein Practice Solutions — Herriman, UT

Full-Stack Staff Engineer / Founding Integration Architect / Team Lead | August 2012 – June 2021

Greenfield Auth Evolution: Architected the PMS identity layer from scratch; evolved it through the full stack: Basic Auth → OAuth2 → SAML 2.0 → M2M → JWT/Bearer. Every auth paradigm on the platform today traces to this work.
SAML 2.0 — Revenue Platform Asset: Enterprise SAML 2.0 (IdP + SP) with Okta SSO + User Federation (10k users) and Entra ID — enterprise-scale SSO rollout. By 2018, three other HSO products adopted this to win enterprise customers — one engineering investment became cross-product revenue.
On-Behalf-Of API Platform: Greenfield Entra ID OBO flow adopted by multiple internal teams; support tooling built on top is used daily by support techs and managers to resolve customer calls.
One-Man Platform Engineering (2012–2019): No DevOps, no DevEx — owned architecture, technical strategy, code, Scrum, and infrastructure simultaneously until dedicated teams stood up in 2019. At that point, DevOps entrusted full CI/CD pipeline ownership for the entire PMS.
Security & Code Quality Ownership: Owned Snyk and Check Point scans across all code and dependencies. Led first external pen-test — lowest finding count in company history. Zero successful breaches. SOC2 maintained throughout.
Web Threat & Bot Defense: Stopped DDoS attacks previously taking the platform down; invented foundational access control system with DB schema, seed rights, and backend multi-tenancy violation checker.
Full-Stack Builder: AWS ECS → EC2 + Kubernetes, Kafka/DDD, PostgreSQL, Spring Boot, React/Vue.js/Next.js, GitLab CI/CD. Evolved the frontend from jQuery/Backbone to the modern platform it is today.
Engineering Standards Authority: Served on HSO DB schema and standards team; patterns adopted company-wide. Go-to advisor across all product teams on security and database architecture.
Platform Reliability: Engineered real-time update engine, zero-conflict scheduling, and multi-tenancy architecture for enterprise integrations.

Symantec Corporation — Lindon, UT

Principal Software Engineer & Tech Lead | Oct 2004 – Jun 2010 and Feb 2011 – Aug 2012

Restore Anyware: Dissimilar-hardware restoration of live Windows OS snapshots to any target machine; independently extended to P2V and V2P across VMware, ESX, Hyper-V, and Linux — full DR for SharePoint, Active Directory, SBS, and MS Project. Browser engineering for Symantec Enterprise Vault management console.
Symantec Protection Center: Cloud-hosted CISO security console for enterprise-wide alerting, reporting, and remediation. Network security monitoring and threat visibility across enterprise endpoints.
Active Directory Expert: Deep internals expertise — Domain Controller migrations, RODC deployments, replication transactions, high/low water marks, SMB/SharePoint/SQL Server integrations. Traveled to Seattle to defend Restore Anyware before Microsoft; Microsoft validated the AD integrity approach and retained full support for Symantec customers.
Recognition: Symantec Star Award and 2× A++ performance awards; filed a software patent — US8103747 (Network Configuration Management).

Earlier Career (See LinkedIn for full detail)

Role	Company	Dates	Stack / Keywords
Senior Software Engineer	Kaseya	Jun 2010 – Feb 2011	C++, C#, .NET, Active Directory, LDAP, AWS S3, Windows Volume Shadow Services, COM, Unit Testing (GMOCK, CPPUnit), SQL Server
Senior Software Analyst	Comsys / Flying J	Jul 2004 – Oct 2004	C#, .NET, Oracle, PL/SQL, SQL Server, T-SQL, Web Services, XML, ADO.NET, Credit Card Authorization, Data Replication
Senior Software Analyst	Veracity Solutions / Misys Healthcare	Nov 2002 – Jun 2004	C#, C++, .NET, Oracle, ODP.NET, NUnit, ATL, STL, MSMQ, Windows Sockets, COM, Healthcare/Pharmacy Systems, PCI-adjacent
Programmer Analyst	Tek Systems / Misys Healthcare	Nov 2001 – Nov 2002	C++, COM+, DCOM, Visual Basic, ATL, MFC, XML, ADO, Windows 2000
Programmer Analyst	K-Force / Vanteon	Mar 2001 – Nov 2001	Java, C++, MFC, Swing, UNIX, Biometric Encryption, MS Crypto API, Digital Certificates, COM
Programmer Analyst / Team Lead	Alltel Information Services	Dec 1998 – Mar 2001	C, C++, MFC, Windows CE, Oracle, PL/SQL, UNIX, TCP/IP, Rational Rose, Team Lead — scheduling, mentoring, source control
Programmer Analyst	Satellite Image Systems	Oct 1996 – Dec 1998	Visual C++, Borland C++, Data Entry/Archival Systems, EDI, flat-file databases
Computer Operator	Eduserv Technologies	Aug 1992 – Oct 1996	VAX VMS Mainframe, Borland C++, tape backup, printer systems, IT ops
Satellite Systems Operator / Team Lead	US Army	Jun 19, 1987 – Jan 1991	SATCOM, LOS, TCP/IP, RS-232, Team Lead — Top Secret clearance (1987–1992) — Honor Student
Computer / Network Operator	US Army	Jan 1991 – Aug 15, 1992	IBM DPS 8000 Mainframe, JCL, WAN/patch panels, TCP/IP, Top Secret clearance (1987–1992)

Books That Shaped the Craft

Design Patterns: Elements of Reusable Object-Oriented Software — Gamma, Helm, Johnson, Vlissides (Gang of Four)
The C++ Programming Language: Special Edition (3rd Edition) — Bjarne Stroustrup
Object-Oriented Programming in C++ — Robert LaFore
19 Deadly Sins of Software Security — Howard, LeBlanc & Viega
The Pragmatic Programmer: Your Journey to Mastery (20th Anniversary Ed.) — Thomas & Hunt
Refactoring: Improving the Design of Existing Code (2nd Ed.) — Martin Fowler
Becoming an Indispensable Employee in a Disposable World — Neal Whitten

Education & Continuous Learning

Anthropic Academy — AI Agents, RAG, MCP Servers, Agent Skills (completed); Claude in Amazon Bedrock (completed)
Continuous Learning — YouTube: @theseriouscto (CTO strategy), @NateBJones (AI), @IBMTechnology (cloud computing)
TLS/Digital Certificates, SAML 2.0, OAuth2, OIDC, AppSec — Pluralsight & Udemy
Atlantic Computrain — Sun Java 2 Programmer Certificate, 2000
Certified Careers Institute — AOS, Computer Science, 3.8 GPA, 1996
US Army Signal School — Computer Operator Certificate, 1991 (Honor Student)
US Army Signal School — Satellite Systems Operator Certificate, 1987 (Honor Student)