Eric Sohel

Software engineer working on backend systems, security tooling, and real-time data infrastructure.

About

I'm studying computer science and applied math at Stony Brook University, graduating May 2027. I'm headed back to Capital One in NYC this summer for my second SWE internship after working on their wire transfer platform last year.

Before that, I built a differential-testing harness for Meta's Pysa static analyzer through the MLH Fellowship — it synthesized 10,000+ Python programs with ground-truth source→sink labels to surface false negatives in Pysa's interprocedural taint-tracking. Right now I'm building DraftIQ, a production REST API for fantasy baseball auction drafting.

Experience

Jun – Aug 2026

Capital One — SWE Intern, Low-Latency Platform, NYC

Returning to build real-time payment infrastructure under strict p99 latency budgets and exactly-once processing semantics.

Jun – Aug 2025

Capital One — SWE Intern, Wire Transfer Platform, McLean

Shipped the validation and approval workflow for Capital One's first in-house wire transfer platform — ~$1B/day in high-value payments on internal AWS, replacing the third-party vendor and eliminating per-transaction fees.

Built Node.js / Fastify microservices on AWS Lambda and Fargate with idempotency keys and exponential-backoff retries to prevent duplicate debits under network jitter, upstream timeouts, and client retries.

Designed an Aurora PostgreSQL approval state machine spanning four verification APIs for auditable multi-step clearance, with automated compliance checks and clean recovery from mid-flow worker crashes.

May – Aug 2024

Meta — SWE Fellow, MLH Fellowship · Pysa Static Analyzer

Contributed to Pysa within Meta's facebook/pyre-check repo — interprocedural taint analysis catching SQLi, SSRF, code injection, and path traversal across Instagram's Python codebase.

Designed and shipped a differential-testing harness (merged as pyre-check#886) synthesizing 10,000+ Python programs with ground-truth source→sink labels — randomized call graphs, decorator stacks, and API-misuse patterns — to grade Pysa's analysis against an oracle. Surfaced 20+ previously-undetected exploit-shape taint flows; each locked as a regression test. Merged PRs →

Mar – Jun 2024

Stanford Code in Place — Section Leader, CS 106A

Led 2 weekly Python and Karel sections (~20 students) for Stanford's free global CS 106A — 30,000+ learners across 100+ countries. Invited back as Head TA for the next cohort.

Projects

2025 — now

DraftIQ Player Data API

A production REST API for fantasy baseball auction drafting. Real-time MLB data ingestion via a tiered scheduler (30-minute injuries with active-hours gating, 6-hour depth charts & transactions, daily metadata, seasonal stats); idempotent jobs with exponential backoff and staleness-aware metadata.

Algorithmic valuation engine using z-score-based valuation against a replacement-level baseline with positional-scarcity adjustments and live draft-state re-valuation — 600+ player valuations in tens of milliseconds, feeding ranked nominations, positional-need scores, and budget allocations.

Self-serve developer portal with full API-key management — scrypt password hashing, signed-cookie sessions, per-key CIDR whitelisting (pure-Node, no library), tumbling-window rate limiting, and a 30-day audit log.

Node.jsExpressSQLiteReactMLB Stats APIOpenAPI 3.0

Live developer portal → GitHub →

60+ Jest/supertest tests. OpenAPI 3.0 spec validated by CI. Deployed via GitHub Actions to Render + Vercel.

2024

Pysa differential-testing harness — facebook/pyre-check

A differential-testing harness for Meta's Pysa static analyzer, built during the MLH Fellowship. Generated Python programs with ground-truth taint labels to expose false negatives in Pysa's interprocedural taint-tracking; shipped as pyre-check#886 alongside 3 smaller merged PRs (registry instrumentation, diagnostic warnings, documentation).

Skills

Languages: Python, JavaScript / TypeScript, Java, SQL; familiar with C / C++ and OCaml.
Cloud & Distributed: AWS (Lambda, Fargate, EC2, Aurora, SQS), microservices, idempotency, exactly-once semantics, state machines, exponential backoff, REST / OpenAPI 3.0.
Databases: PostgreSQL, MongoDB, SQLite, Redis.
Backend & Tooling: Node.js, Fastify, Express, React, Docker, Linux, Git, GitHub Actions, CI/CD, Jest, static analysis.

Awards

Citadel Terminal Competition — 2nd place
Cornell Trading Competition — top 5 (2×)
AIME Qualifier (2×) — top ~5% of AMC test-takers