Application Security professional with software development background and extensive Fortify experience
Application Security: Fortify, Veracode, Checkmarx
Java: Swing, Groovy, Hibernate, Spring, Struts, J2EE, EJB, JSP, JDBC, XML/XSLT, Webservices/WSDL
Database: Oracle, SQL Server, Informix, Postgres, Hibernate, JDO, PL - SQL
Cyber security engineer advisor
- Discussed the interpretation of Fortify static code analysis scans with developers.
- Wrote ad hoc queries against Fortify database to determine who was scanning, who was assessing their scans, what the top issues were, etc.
- Addressed known technical issues with incomplete Fortify scans
- Wrote extensive documentation, including a Fortify playbook and an introduction to application security for developers, as well as install guides
- Authored whitepaper on Threat Modeling in compliance with NIST 800 - 53
- Researched technical solutions to address known security vulnerabilities in third party libraries
Information Security Engineer
- Performed static code analysis using Fortify as well as additional scripts and visual inspection of code for security vulnerabilities.
- Worked as technical lead, interviewing and training newer employees and interacting with the line of business to address code review issues.
- Developed mobile code review practice using Checkmarx static analysis tool.
- Developed processes for integrating Veracode scans with the static analysis practice.
Senior software engineer
- Made changes to the mobile web interface for the clinic locator so that it is able to display the wait times for the individual clinic
- Architected and developed a demo application with similar functionality to the existing Confidential website to be used by the sales/marketing team.
- Designed, implemented, optimized and debugged an application to allow service providers to search for insurance remittances, using the JQuery DataTables library.. Report was generated on the fly with a PDF being created using IText.
- Participated in conversion project to move the Web development group from an ad-hoc series of unrelated projects to a more focused process-related team. Adapted and documented JQuery in order to eliminate redundant libraries.
- Performed unit and functional tests using Junit and stress/load testing using JMeter to simulate the perfomance of database and web servers under typical production loads
- Responsible for full life-cycle (requirements gathering, design, development, and unit testing) of new features to be added to flagship product, including modules for internationalization, timing, and cheating detection, using Java, Swing, and Spring
- Wrote enhancements to an XML/XHTML based system used to create and administer certification exams using Swing and Groovy on the front end
- Debugged production issues with Swing, XML parser, and proprietary state-machine implementations
- Performed performance testing and profiling where appropriate to locate and address memory leaks and threadlock issues