Operations Security Engineer (Applications Security)
Current• Identifies, interprets, and remediates vulnerabilities across a variety of applications, programming languages, and platforms• Explains and demonstrates vulnerabilities to application owners and provide recommendations for mitigation.• Conducts and coordinates vulnerability assessments of software application under development.• Performs and conducts penetration tests and manual/automated code reviews.• Sets up and performs Static Application Security Testing (SAST) using Checkmarx CxSAST • Sets up and performs Open-Source Analysis (OSA) using Checkmarx CxOSA • Sets up and performs Dynamic Application Security Testing (DAST) using Rapid7 AppSpider• Utilizes Burp Suite Pro as part of the verifying SAST and DAST findings, and manual testing• Utilizes Visual Studio to verify SAST findings and conduct manual source code reviews• Leverages the OWASP Top 10 for the analysis and verification of findings • Explains and demonstrates vulnerabilities to the development team and application owners, provides recommendations for mitigation, and provides guidance on secure coding practices• Documented the processes and tools used by the Application Security team as part of DevSecOps and updates the document when necessary• Works closely with the Team Leads to ensure findings are verified accordingly and open-source library list is current • Works closely with the Cyber Security Analyst as he goes through the security controls of each module• Created the Application Team’s dashboard (containing charts and reports) in ServiceNow to ensure that requests are tracked and monitored• Created the Corporate Security Team’s dashboard (containing charts and reports) in ServiceNow according to the specifications received from the team’s manager to ensure that requests are tracked and monitored• Performed rapid code scanning using CAST Highlight and AIP in support of the AFS Tennessee Valley Authority (TVA) contract