Lead Information Security Engineer
Current Implement Checkmarx (code analysis tool for web apps) for Static application security testing. Reviewed source code (Java/J2EE/Spring/FTL/JavaScript) and developed security filters within Checkmarx for critical applications. Implemented Secure Software Development Life Cycle (S-SDLC) processes; developed secure coding practices for web, mobile applications, including database and middleware systems. Conducted weekly meetings with developers to remediate security issues. Supporting in preparation of plans to review software components through source code review or application security review Automated Checkmarx with Bamboo (CI/CD) to run scans on a daily basis. Implemented Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities from applications deployed in DEV, PRE-PROD and Source code using IBM AppScan Source, triage and resolve the security vulnerabilities. Performed PCI pre-assessment audit for the entire network as well as the related applications in preparation for the annual external PCI compliance audit Providing fixes & filtering false findings for the vulnerabilities reported in the scan reports. Supporting in preparation of plans to review software components through source code review or application security review Prepare and assemble work papers for assigned audits in accordance with departmental standards and update the SOX repository in a timely manner Provide timely status reports to the project manager on progress of activities Used Burp suite to manual penetration testing for internal sites