Sr. Application Security Consultant
Current Implemented Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities from applications deployed in DEV, PRE-PROD and PROD environments. Rolled out IBM AppScan products such as AppScan Enterprise (ASE), Standard, Source, Developer plug-ins to various development teams across the business lines. Conducted monthly developer workshops to educate and train developers on secureSDLC, scan source code using IBM AppScan Source, triage and resolve the security vulnerabilities. Conducted security assessment to ensure compliance to firm’s security standards (i.e., OWASP Top 10). Specifically, manual testing has been performed to identify Cross-Site Scripting and SQL Injection related attacks within the code. Participated in the implementation of AWS Cloud security for applications being deployed in the Cloud. Developed threat modeling framework (STRIDE, DREAD) for critical applications to identify potential threats during the design phase of applications. Reviewed source code (Java/J2EE/Spring/FTL/JavaScript) and developed security filters within AppScan for critical applications. Reviewed Android and iOS mobile code for TIAA mobile apps and recommended code fixes. Participated in the Proof of Concept (POC) in implementing Arxan application protection software for Mobile apps.