Application Security Penetration Testing -Performing application penetration testing to identify, inspect, and analyze the technical controls that support network, system, and application security. Responsible for validating overall security of platforms and confirming fixes for previously identified vulnerabilities.AppSec Strategy Implementation -Operationalized SAST & DAST scanning by identifying high risk applications, performing baseline & ad-hoc scans, triaging… Show more Application Security Penetration Testing -Performing application penetration testing to identify, inspect, and analyze the technical controls that support network, system, and application security. Responsible for validating overall security of platforms and confirming fixes for previously identified vulnerabilities.AppSec Strategy Implementation -Operationalized SAST & DAST scanning by identifying high risk applications, performing baseline & ad-hoc scans, triaging vulnerabilities, and discussing security reports with application developers.AppSec Program Assessment - Conducted an application security review of the people and processes used in the deployment of applications throughout the SDLC. Performed a gap analysis, identified target state maturity, and defined a prioritized action plan to enhance the enterprise’s Global Application Security Program.IT Release Management Program Enhancement -Established an updated ITRM process to satisfy open regulatory requirement gaps through the development and roll-out of new ITRM controls and procedures enterprise-wide. Led socialization & management of scope, timeline, tooling requirements, documentation, & user training. Show less

Penetration and Vulnerability Assessment -Web application penetration testing involving reconnaissance, vulnerability scanning, manual web testing, and reporting. Utilizing tools like Kali Linux, Burp Suite, Nessus, Nikto, Dirbuster, and more.Application Security Program Development - Incorporating Application Security as part of a Cyber Acceleration Program. Involving the implementation of a secure software development lifecycle, application risk assessments, static code… Show more Penetration and Vulnerability Assessment -Web application penetration testing involving reconnaissance, vulnerability scanning, manual web testing, and reporting. Utilizing tools like Kali Linux, Burp Suite, Nessus, Nikto, Dirbuster, and more.Application Security Program Development - Incorporating Application Security as part of a Cyber Acceleration Program. Involving the implementation of a secure software development lifecycle, application risk assessments, static code scanning, dynamic application security scanning, scanning timelines, and secure coding practices.Secure Cloud Automation and Implementation -Design and development of a Vulnerability Scan API to be integrated with AWS and Azure. Used Python to develop automated validation testing for Vulnerability Scan API & Firewall Rule Change API. Acted as Scrum Master for team of 10. Show less

- Responsible for the manual security testing of multiple web applications following OWASP Top 10 and industry standards. - Working with offshore counterpart to analyze potential security vulnerabilities in new projects, writing comprehensive test cases, implementing those test cases, and reporting any vulnerabilities found. - Executing progression and regression testing cases on multiple projects for bi-weekly releases, as well as supporting these releases overnight.- Maintaining… Show more - Responsible for the manual security testing of multiple web applications following OWASP Top 10 and industry standards. - Working with offshore counterpart to analyze potential security vulnerabilities in new projects, writing comprehensive test cases, implementing those test cases, and reporting any vulnerabilities found. - Executing progression and regression testing cases on multiple projects for bi-weekly releases, as well as supporting these releases overnight.- Maintaining the current security status of all applications under the Director's portfolio to present in weekly meetings. This includes keeping updated security reports on static, dynamic, and IP vulnerabilities, as well as tracking projected remediation completion dates.- Communicating across dev, infra, DAST, and SAST teams to determine root causes for security scan results and setting the completion date for vulnerability remediation. Show less

Checkmarx is a leader in application security solutions, having developed the first platform for true Source Code Analysis (SCA) with its marquee solution: Static Application Security Testing (SAST).I worked on the Engine team using Agile Scrum to analyze, fix, and write new security queries in C# to detect security vulnerabilities in a variety of languages such as Java, Android, Groovy, and C++. These queries were to improve Checkmarx's Source Code Analysis tool, which allows… Show more Checkmarx is a leader in application security solutions, having developed the first platform for true Source Code Analysis (SCA) with its marquee solution: Static Application Security Testing (SAST).I worked on the Engine team using Agile Scrum to analyze, fix, and write new security queries in C# to detect security vulnerabilities in a variety of languages such as Java, Android, Groovy, and C++. These queries were to improve Checkmarx's Source Code Analysis tool, which allows programmers to scan their raw source code, even if uncompiled, to detect a wide range of security vulnerabilities.I became very familiar with OWASP Top 10 security vulnerabilities and risks, as well as different ways they may appear in code and how to resolve these vulnerabilities in the code. Show less

I participated as an active blue team member and team co-captain in a national competition centered around teams' ability to detect and respond to outside threats, maintain availability of existing services such as mail servers and web servers, respond to business requests, and balance security needs against business needs.I directed communications between SIRT team and administration in a simulated business environment, practiced effective incident reporting using the CERT standard… Show more I participated as an active blue team member and team co-captain in a national competition centered around teams' ability to detect and respond to outside threats, maintain availability of existing services such as mail servers and web servers, respond to business requests, and balance security needs against business needs.I directed communications between SIRT team and administration in a simulated business environment, practiced effective incident reporting using the CERT standard in crisis situations, enforced effective documentation techniques within the team, and consolidated network documentation.The mission of the Collegiate Cyber Defense Competition (CCDC) system is to provide institutions with an information assurance or computer security curriculum a controlled, competitive environment to assess their student's depth of understanding and operational competency in managing the challenges inherent in protecting a corporate network infrastructure and business information systems. Show less

I worked in the Software Code and Unit Test Team for the VCS21 Program. While I worked on completing or resolving various user stories and defects, I gained a better familiarity with using C#, JavaScript, PostgreSQL, HTML, and CSS.I also participated in a competition between teams of interns to present the project our team worked on, which my team placed first in our category. Our project involved researching and testing various algorithms and COTS to find a way to improve visibility of… Show more I worked in the Software Code and Unit Test Team for the VCS21 Program. While I worked on completing or resolving various user stories and defects, I gained a better familiarity with using C#, JavaScript, PostgreSQL, HTML, and CSS.I also participated in a competition between teams of interns to present the project our team worked on, which my team placed first in our category. Our project involved researching and testing various algorithms and COTS to find a way to improve visibility of camera images taken in turbid water, which we recommended for use by the SouthPaw project at Harris. Show less