• Identifies, interprets, and remediates vulnerabilities across a variety of applications, programming languages, and platforms• Explains and demonstrates vulnerabilities to application owners and provide recommendations for mitigation.• Conducts and coordinates vulnerability assessments of software application under development.• Performs and conducts penetration tests and manual/automated code reviews.• Sets up and performs Static Application Security Testing (SAST) using Checkmarx CxSAST • Sets up and performs Open-Source Analysis (OSA) using Checkmarx CxOSA • Sets up and performs Dynamic Application Security Testing (DAST) using Rapid7 AppSpider• Utilizes Burp Suite Pro as part of the verifying SAST and DAST findings, and manual testing• Utilizes Visual Studio to verify SAST findings and conduct manual source code reviews• Leverages the OWASP Top 10 for the analysis and verification of findings • Explains and demonstrates vulnerabilities to the development team and application owners, provides recommendations for mitigation, and provides guidance on secure coding practices• Documented the processes and tools used by the Application Security team as part of DevSecOps and updates the document when necessary• Works closely with the Team Leads to ensure findings are verified accordingly and open-source library list is current • Works closely with the Cyber Security Analyst as he goes through the security controls of each module• Created the Application Team’s dashboard (containing charts and reports) in ServiceNow to ensure that requests are tracked and monitored• Created the Corporate Security Team’s dashboard (containing charts and reports) in ServiceNow according to the specifications received from the team’s manager to ensure that requests are tracked and monitored• Performed rapid code scanning using CAST Highlight and AIP in support of the AFS Tennessee Valley Authority (TVA) contract

• Experienced with Defense Sexual Assault Incident Database (DSAID), which utilizes Entellitrak and MicroStrategy applications hosted on Oracle and SQL Servers• Lead the Defense Sexual Assault Incident Database (DSAID) Data Warehouse team which creates reports and dashboards in DSAID Enhanced Reporting Capability (DSAID ERC) using MicroStrategy• Analyzed the data from the investigative agencies (AFOSI, Army CID, and NCIS), and provided the DSAID Sexual Assault Prevention and Response (SAPR) Program Managers guidance to resolve issues with specific data • Created and maintained project documents• Leveraged Agile Methodology using SCRUM• Planned, developed, implemented, and maintains the DSAID Microsoft Team Foundation Server (TFS) site to include managing user account permissions and access to data. Customized the TFS work items when necessary, and created queries and charts• Customized, organized, and maintained the DSAID SharePoint site. Managed user access and permissions to the site• Reviewed Java code during data analysis when necessary

• Led team of software developers, database administrators and analysts on the day-to-day operations of the US Army Personnel Authorizations Module (PAM) System, Personnel Occupational Specialty Code Edit (POSCEDIT) and PAMWEB.• Facilitated enhancement of web applications by providing compliance and security requirements analysis, design specifications, secure coding guidelines, and programming support while remaining focused on client needs.• Analyzed security code scan results (SAST/DAST), researched solutions pertinent to the web application, and then guided the development team as they modified the code to resolve the vulnerabilities.• Interfaced with database administrators, data analysts, developers, technical support, and information assurance analysts to determine the best requirement specifications.• Consulted regularly with customers on project status, proposals, and technical issues. Also translated technical specifications into detailed product requirements.• Acted as the primary point of contact for clients, translating feedback into technical enhancements.• Offered requirements analysis, system design, and programming support for the enhancement of PAMWEB, the Personnel Authorizations Module (PAM) web application.• Created and maintained project documentation. Prepared detailed reports concerning project specifications, activities, and metrics.• Provided immediate assistance and resolution to questions and system problems that users encounter and conducts formal training for users• Played a major role in converting the application from classic ASP to ASP.NET by designing the application, performing development, helping team members learn how to develop using VB .NET, and leading the team to ensure that the conversion is on schedule. • Reversed engineered ApplyMOC (a VB5 application) and then led the team of software developers and analysts in its redesign, reprogramming, and integration into PAMWEB as a module.

• Wrote maintainable and extensible code in a team environment.• Performed tasks for the PAM System on the mainframe, including the design, development, and maintenance of programs• Worked on the design, development, operation, and maintenance of the interactive information systems in support of the Army Training Requirements and Resources System (ATRRS) and the Personnel Authorizations Module (PAM).• Provided functional and technical assistance on the helpdesk.