Devaughn Mckinney Email & Phone Number

• Risk Management BranchCompleted Tasks:
• Led the code review team tasked with performing code reviews for source code findings within HP Fortify Enterprises.
• Provided complete administration support for HP Fortify (Enterprise)
• Integrated scan capabilities and configurations with GitHub repositories using token authentication, triggered by CI pipelines.
• Provided context and false positive support prior to development team engagement.
• Developed processes to provide remediation paths with development teams, supporting a streamlined approach to remediation of findings.

• Assessments and Classified Operations BranchCompleted Tasks:
• Tasked as an application security SME supporting assessments of systems by assessing NIST 800-53 controls relating to application security.
• Provided static application security testing and analysis using SonarQube and created a mapping of vulnerabilities to NIST 800-53 controls.
• Provided dynamic application security testing and analysis using Burp Suite and provided consultations on remediation efforts with development teams.
• Collaborated with CI/CD architect engineers on developing methodologies in providing security gates within CI/CD steps for security scanning tools in support of continuous monitoring and ongoing authorization. Major.
• Developed a USCIS wide false positive remediation process integrating multiple division resources in order to properly track and integrate false positive contexts within scanning tools

• Security BranchCompleted Tasks:
• Tasked with continuing Application Development training initiative.
• Developed and conducted an Appscan/dependency check advanced training course for development teams and project leads.  Appscan introduction and application architecture review Application configuration. Resolving.
• Provided continual SME support to application developments which completed the advanced training.
• Provided onboarding support to development teams seeking to integrate appscan within their CI/CD Pipeline,
• Developed and implemented threat modeling pilot program, which sampled 6 development teams and supporting management through a newly developed threat modeling course.

• Application Development BranchCompleted Tasks:
• Tasked with standing up an application security program used to support application development teams with their application security posture.
• Developed and conducted A five session HCL Appscan basic training course designed to train development teams on conducting effective source code scans
• Led the capability maturity model initiative which measured the security posture of the target application based on various development SLDC capabilities and security measures applied by the target development team.
• Developed guidance used to integrate Appscan within CI/CD using security gates.
• Provided code review SME guidance to development teams with uncommon or complicated findings needing solutions.Major Accomplishments

• Security Operations BranchCompleted Tasks:
• Led the code review team tasked with performing code reviews for source code findings within HP Fortify Enterprises.
• Provided complete administration support for HP Fortify (Enterprise)
• Integrated scan capabilities and configurations with GitHub repositories using token authentication, triggered by CI pipelines.
• Provided context and false positive support prior to development team engagement.
• Developed processes to provide remediation paths with development teams, supporting a streamlined approach to remediation of findings.

Application Software Security Engineer Lead responsible for performing trend analysis and providing security related recommendations based on the analysis of source code software projects; reviewing and making recommendations to revise the existing software review process; identifying and recommending additional tools that can be leveraged for deeper and.

Reston, Virginia, US

This position is responsible for operating as an expert in administrating Windows Server, Active Directory and IIS in several highly-virtualized heterogeneous environments. Perform server administrations tasks to ensure optimal uptime for environments and best-practice application and infrastructure implementations. Provide daily support and maintenance of.

.NET developer/Systems Engineer position working onsite at their client's location near Fort Belvoir, VA. The developer does both development and maintenance using C#, VB.NET, ASP.NET 3.5, and SQL Server 2005. Systems engineer taking ownership of systems providing support for projects on site. Tasks include but are not limited to: systems integration.