Support application security growth for SMBC MANUBANK and Jenius Bank

Build an application security team!

- Assessed overall attack surface and risk posture to prioritize security focus for the organization - Created and implemented secrets management policy resulting in the proper storage, access, and rotation of keys, credentials, and other secrets - Expanded our data retention and logging in alignment with SOC 2 type 2 and GDPR requirements - Improved employee onboarding/offboarding processes that ensured thorough and timely access restrictions were possible

- Created a robust security program from the ground up in alignment with business requirements from Allstate and Avail- Created a Vulnerability Management Program (VMP) to track security risks from identification through remediation in accordance to SLA’s- Evaluated, procured, and implemented tooling for SAST, DAST, SCA, Email, Endpoint, Cloud, and SOC/SIEM, that fed security alerts into our VMP - Implemented secure coding processes and tooling throughout the SDLC and CI/CD that allowed for secure code to be built with minimal friction- Led 3rd party assessments for penetration testing, cloud, and IAM reviews resulting in policy and role changes - Assisted in remediation for multiple incident response activities that were swiftly terminated- Added email security tooling and security awareness training that improved security culture across the organization - Led audit and compliance initiatives from risk analysis through remediation - Implemented and operated a Vulnerability Disclosure Program for researchers to independently report security issues and be rewarded - Identified and reported security metrics to leadership that indicated program health and areas of concern to prioritize future investment

- Promoted to lead success of all U.S. security service delivery and operations- Scaled a team of security service engineers that delivered high quality validation and compliance testing for 100+ bug bounty programs- Developed training for security engineers technical growth that improved validation speed and quality, and up-leveled junior engineers- Created and orchestrated delivery of the Next Generation Penetration Testing product offering resulting in increased client acquisition and ARR

- Promoted to scale a team of security service engineers that delivered high quality validation and compliance testing for 50+ bug bounty programs- Continued operation and delivery of all professional service engagements driving sales enablement and renewals

- Led and operated companies largest professional services engagement which included tier 1 validation for a fortune 50 social networking company- Managed numerous bug bounty programs while delivering quality validation and acting as a liaison between independent researchers and clients

Performed penetration testing engagements in web application, network, mobile, and fraud that discovered many critical and high vulnerabilitiesPerformed post-breach analysis that identified asset ownership gaps and mapped them to appropriate internal stakeholders

Contracted with VISA, Inc. to configure SAST and DAST scanning services for new acquisitions that mapped their security processes to VISA’s SDLCTrained new employees and Quality Assurance engineers to configure scanning services and validate findings

Promoted to expand the security training program internationally while supporting training managers, resulting in the technical growth of over 100 ASE’s across 3 distributed offices

Promoted to build a security training program that scaled a team of 20+ local application security engineersTrained non-technical audiences in application security fundamentals that facilitated the technical growth for customer success and sales enablement

Configured SAST and DAST security scans for hundreds of web applications and triaged OWASP Top10 security findings Performed manual penetration testing against many web applications