Melissa Dow Email and Phone Number

• Perform DAST and SAST application security testing techniques, using automated tools and manual testing (i.e. Burpsuite, OWASP ZAP, Fiddler, HP Fortify, Checkmarx, Dependency Checker)• Create exploit proofs of concept and report vulnerabilities to application PMs and developers• Identify application security weaknesses, and write recommendations for preventing or fixing them• Analyze and Respond to vulnerability inquiries and vulnerability reports• Research and implement new threats and attack vectors that impact web applications and infrastructure• Assess new and existing applications and system deployments for vulnerabilities and design flaws, and prioritize remediation efforts based on risk level• Support and consult with product and development teams in the area of application security• Serve as subject matter expert for secure coding practices, penetration testing, and all aspects of application and product security• Collaborate and coordinate security assessment scope, schedule, and requirements with team members and application leads on a daily basis• Serve as primary Point of Contact for multiple projects at one time• Review code for common security vulnerabilities• Analyze and present results of testing to team members, managers and customers• Develop tools to aid penetration test automation and effectiveness• Manage the implementation process for assigned projects. Estimate work effort on a project• Comfortable working with teams from multiple domains and flexible in working on a wide variety of tasks spanning the full stack, Application Security, System Software and Security Analytics• Serve as lead for team; schedule and allocate resources across multiple projects, prepare and maintain documentation for internal and external processes, support onboarding for new hires

• Perform lifecycle web application penetration testing to identify security issues and known/unknown vulnerabilities. • Conduct web vulnerability assessment and recommend improvements to web devices and IoT security posture. Test various web attack vectors including: SQL injection, XSS, content and header injection, target data reconnaissance. • Plan and conduct dynamic and static analysis of web applications using BurpSuite, NetSparker, and Acunetix WVS. Analyze servers for potential vulnerabilities as a result of operational, technical, or design flaws. • Verify SSL authentication and crypto configuration compliance policies and provide detection and remediation strategies for best practice. • Research open source intelligence feeds to identify potential threats to DOD web applications. • Conduct quarterly wireless scanning to identify rogue systems not approved by DOD. • Develop and enforce web access policies in accordance with DOD and DCSA directives. • Present exploitation results and recommend changes and countermeasures to leadership as Subject Matter Expert to support enterprise security. • Generate After Action Reports (AAR) with technical proof-of-concepts and mitigation techniques for site owners. • Teach OWASP Top 10 Web Application Pentesting course to DCO Team members. Design course material. • Triaged and validated vulnerabilities and provided remediation guidance during execution of the Hack the Marine Corps Bug Bounty program consisting of 100 HackerOne participants.

•Perform analysis of system/network incidents to determine root cause and develop mitigation techniques for preventing similar incidents. •Complete compliance audits and active evaluations on current and future systems/software to discover possible vulnerabilities that could be introduced to the AKO-ES Enterprise Network. •Develop and maintain standard operating process and procedures in the areas of security analysis, security certification, security documentation. •Perform direct interaction with the customers to explain security related issues and provide courses of actions to remediate these issues. •Assist in the implementation of the required government policy (i.e., STIGs, RMF), and make recommendations on process tailoring and complete documentation required by these activities. •Provides solutions to a variety of technical problems of increasing scope and complexity as assigned

• Security incident investigation: Analyzed security logs to determine root cause; assessed damage.• Security Monitoring/ Threat Detection: Performed daily IDS analysis/monitoring and generated technical and executive summary reports; Investigated traffic logs through data mining to ensure preventative security and prevent future compromises; Examined firewall and VPN traffic logs for anomalies and security threats for remediation.• Security compliance: Established and maintained user account privileges for incoming and outgoing personnel.• Security policy and procedures: Developed uniform standard operating procedures; Worked with multiple teams at the client site to ensure that security policies are being followed; Briefed leaders on security weaknesses; Gathered and organized technical information for the development and maintenance of system security plans (SSPs) and acceptable behavior policies. Created Work Flow Process diagrams and documentation to support security tracking and auditing.• Security Training and Communications – Wrote quarterly security newsletter for program-wide distribution; Created training materials focused on best practice scenarios; Conducted routine audits of all program personnel to ensure compliance with established standards, policies, procedures, and certification requirements. Prepared executive summaries for leadership documenting recent security events and actions taken.• Validated and coordinated HBSS scheduled maintenance.

• Designed and implemented Access database for Tax/Audit department capable of merging over 300 billing records. Presented end product to entire tax group and created related training materials.• Wrote chapters in Program Planning and Control (PP&C) Field Guide, labor reports, proposal review, billing labor categories, and organizational flowcharts.• Participated on a team that resolved approximately $800,000 in outstanding billing hours.• Assisted Northrop Grumman project schedulers and trained in EVMS, EAC, Finance Indirect Rates, Project Scheduling and SAP. Received Northrop Grumman training in Business Management Basics and Cyber Security. • Assisted the Capture Team in gathering information for successfully strategizing a Price to Win proposal within Northrop Grumman.