Building the application security program by implementing the Security Development Lifecycle (SDL) within our Agile Software Development Lifecycle (SDLC). This includes security requirements, secure design, coding standards, security code reviews, and application security training leveraging OWASP best practices. Act as a Team Consultant for 9 SCRUM teams regarding application security. Implementing a Static Code Analysis (SCA) program using HP Fortify that will integrate with the continuous build system to proactively find and address security vulnerabilities on a regular basis. Regularly work with customers and potential customers to address any application security related questions and/or issues that arise. Assess applications using a combination of Burp Proxy, OWASP ZAP, and various open-source / custom applications.
Co-designed and implemented the production web vulnerability assessment and remediation process using HP WebInspect and IBM Rational AppScan. Responsibilities included performing scans, manual testing with Burp Suite and OWASP ZAP, validating results, reporting results to the development teams, and providing remediation support. Developed scripts in Ruby to streamline each step of the process. Built a repeatable process for identifying applications and notifying teams of applications that are out of compliance or soon to be out of compliance with the corporate application security certification policies. Regularly reported and spoke to various working groups on the results. Regularly worked with development teams and project managers to assist with the understanding and remediation of security vulnerabilities. Developed remediation documentation for the most commonly found vulnerabilities. Provided guidance and helped evaluate the purchase and implementation of the F5 ASM Web Application Firewall. Assisted with configuration, validation of settings, and testing of rules
Directed application-level security across all platforms and development teams. This includes application security evaluations (both internally developed and 3rd party applications), testing, risk mitigation and remediation, and code reviews. Designed and implemented a security model that will integrate into every part of the SDLC (Software Development Lifecycle). This includes the development of secure-coding standards, education, and automation. Developed comprehensive utilities to automate and verify user provisioning in Active Directory based on a role-based access methodology using C# and ASP.NET. Shaved 30% off of the project plan. Led the directive to evaluate, implement, and manage Enterprise Log Management / SIEM. Implemented the Nitroview ELM. Managed internal vulnerability scanning, analysis, and remediation across the organization. Directed the effort of researching, evaluating, implementing, and monitoring a Web Application Firewall to be used to protect all Internet-facing sites. Implemented a Teros APS-100 Web Application Firewall and a Citrix Netscaler Web Application Firewall. Worked with development teams to define and implement new applications behind the application firewall as well as move pre-existing applications.
Designed and implemented the company's first externally-facing web application that exposes information to thousands of external agents. Responsible for all phases of the project from requirements gathering through user assurance testing. This application uses J2EE/JSP/Struts and is deployed on Websphere with interfaces to DB2, SQL Server, and AD. Created a library of common utilities to be used across all internally-developed Java applications to provide a consistent way to interface with enterprise services. Collaborated with other team members to create analogous utilities for .Net applications. Designed and implemented an application using Jacada technology and Java that provides a web-based GUI to a life insurance mainframe application. This consolidated 14 mainframe screens to 5 screens. This application was designed as a proof of new technology and its success made it become the primary way of accessing mainframe information via a web interface. Designed and implemented a claims application using Jacada technology and Java. This application provides a web-based GUI to the Claims system. The goal of the project is to make entering and viewing claims more intuitive and to reduce training costs.
Worked as a senior web developer to design, develop, and maintain 150+ client sites using Java / JSP with an Oracle backend. Design and implement enhancements to the extranet site as well as the intranet site. Some projects include designing a site-wide error-reporting system (completed) and implementing version control and defect tracking enhancements. Worked closely with the director of development and other managers to design and implement new functionality. Mentored 4 other employees. Activities included assigning tasks, mentoring, and assisting them with their tasks when necessary.
Designed and implemented database pooling and other performance enhancements for the Drug Information Framework. Increased performance by an average of 10 to 15 times. Designed and implement a database utility to populate and update databases with Java/JDBC. Project lead for a medical knowledgebase product. Tasks included communicating with customers, resolving defects, and researching enhancements. Streamlined the data update process from 4-6 weeks to 3 days. Implemented enhancements that removed inherent limitations in the application and allowed it to be extensible. Updated the Drug Toolkit to DDIM (Drug Drug Information Module) 3.2. Changes involved almost a complete rewrite of the module in C++/COM (ATL). Designed and implemented the EDI Toolkit 1.0. Responsibilities included gathering requirements, design, documenting, and implementing in C++. Simultaneously developed a Java and COM version as a proof of concept.
Worked on a team of 2 to design and develop authoring tools to generate ISO9000/QS9000 compliant documents using C/C++ and MFC. These tools interact with a library of utilities to handle document management, routing, and database functions. Designed and added new GUI components to libraries available to applications. Developed cross-product set of base classes to speed up development of new applications, maximize code re-use, and maintain similar look-and-feel of products.
Worked as a Software Engineer at this software company that wrote software for customer support and infrastructure management. Worked on the ASE team that implemented a proprietary language called KML that ran on Windows, OS/2, and several flavors of UNIX. KML had a pascal-style syntax and implemented the "write once, run anywhere" paradigm before java came out. Worked on a team of 5 to develop and maintain the Interface-Designer, which is written with a C++ based cross-platform GUI library, and is used to design graphical user interfaces in KML, Software Artistry's 4GL. Focused on the Windows implementation using the Win32 API and MFC. Ported software written in C++ from Win16 to Win32 and UNIX.
Identify and understand the development practices, networks and infrastructure that make Salesforce Marketing Cloud successful Recommend and build solutions/mitigation plans to help resolve risks. Guide the technology organization's security by participating in design reviews, Threat Modeling, and in depth security penetration testing of our code and systems. Provide input on application design, secure coding practices, log forensics, log design and vulnerability remediation. Perform cutting edge research on new attacks, write white papers and present on those findings to internal audiences. Evaluate and build application security tools for internal consumption and drive usage of these tools.
Assist local web hosting provider with Linux system administration and special development projects using Apache, PHP, and MySQL. Provide technical customer support to the customers. Create custom programming solutions for clients as-needed. Assist several local non-profits / charities with computer needs. Technical editor for "Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'"
Organize quarterly meetings. This involves procuring sponsors, locations, and speakers. Maintain the group mailing list and Meetup. Facilitate all group communications. Code contributor to the OWASP ZAP (Zed Attack Proxy) project.
B.S.
B.S.
Computer Security Application Security Enterprise Development
This BrandYourself profile is automatically optimized to show up high in Google