Martian

Product Security Engineer/Architect

Security Architecture Design

Penetration Testing

Code Review

CAREER PROFILE 

Highly motivated and dedicated cybersecurity Professional with over 8 years of experience in the industry. Military Veteran with strong experience providing subject matter expertise in security program development, information technology management, team management, technical security assessments, auditing, and program/policy development. Exhibits dedication to meeting and exceeding client expectations and requirements. Looking for a responsible and challenging cybersecurity position within a growth-oriented, forward-thinking organization to help achieve its objectives by utilizing current experience, skillset, and education to the fullest extent. 

 

CORE COMPETENCIES

- Application Security - DAST/SAST/IAST - Vulnerability Assessments - Penetration Testing - Multi-level Collaboration 

- Incident Response - Risk Management - AppSec Program - Security Leadership and Governane - Secure Coding 

CORE QUALIFICATIONS 

TECHNICAL SKILLS/TOOLS: Tenable Security Center, Rapid7, BurpSuite, Cloudflare, Veracode, Synopsis, Invicti (NetSparker), Veracode, Synopsis, MobSF, Git, Visual Studio, CyberArk, Splunk, ReSTART, Brinqa, Remedy/ServiceNow, JIRA, Confluence, Microsoft’s Security Suite (O365, Endpoint, Cloud, Identity, Azure) 

PROGRAMMING/SCRIPTING: Python, Bash, Zsh, Fish, and PowerShell 

WEB LANGUAGES/STACKS: JavaScript, HTML, CSS, Java, PHP, LAMP, WAMP 

OPERATING SYSTEMS: Ubuntu, Kali, Paladin, Parrot Linux, Microsoft Windows, Mac OS X, Android/iOS 

  • Demonstrate a strong IT Security background with expertise in various application security roles 
  • Quickly learn and master new technology; equally successful in both team & self-directed settings; and proficient in a range of tools and testing methodologies. Strong analytical skills to identify key technology and business processes and controls. 
  • Excellent written and verbal communication skills, Problem-solving, troubleshooting skills with ability to quickly adapt to changing & competing priorities.  
  • Strong organizational skills; ability to prioritize, maintain attention to detail and recognize time constraints. Customer orientation & a professional approach with ability to interact with all levels within the organization. 

 

PROFESSIONAL EXPERIENCE 

Startup Fintech/Software SaaS – Virtual/Remote Work        Jul 2024 - Present 

Lead Software Security Engineer 

As a Software Security Engineer, responsible for analyzing and securing software applications across all phases of the SDLC. Led efforts to identify, mitigate, and resolve security vulnerabilities, ensuring secure coding practices and strong defenses against common threats like SQL injection and XSS. Worked closely with development and engineering teams to integrate security measures into software design and operations, providing solutions that align with security best practices, compliance standards, and the organization’s long-term security goals. 

CONTRIBUTIONS: 

  • Designed and implemented security solutions to mitigate common attack vectors such as SQL injection, Cross-Site Scripting (XSS), and other emerging threats, aligning with the organization's security reference architecture. 
  • Led and conducted comprehensive security testing (static and dynamic analysis) and regular code reviews, identifying potential vulnerabilities and providing recommendations for remediation to development teams. 
  • Troubleshot and debugged security issues throughout the SDLC, providing technical leadership on how to effectively address vulnerabilities and implement the most effective countermeasures. 
  • Worked closely with engineering teams to embed security into application architecture, ensuring new designs adhere to secure coding standards and minimizing risk throughout development and deployment. 
  • Provided expertise and guidance to development teams on secure coding practices, including secure authentication, data encryption, and input validation to minimize security risks in applications. 
  • Maintained detailed documentation of security policies, risk assessments, and mitigation strategies to ensure alignment with industry standards and internal compliance requirements. 
  • Continuously assessed and integrated new security tools into development pipelines, ensuring comprehensive vulnerability scanning, threat detection, and risk management across platforms. 
  • Ensured compliance with security policies, data privacy laws, and industry regulations (e.g., PCI DSS, GDPR), maintaining the confidentiality, integrity, and availability of sensitive business data. 
  • Assisted in conducting risk assessments and incident response activities, providing expertise in identifying, evaluating, and mitigating potential threats to the organization’s assets. 




Fintech/Software/SaaS Company – Virtual/Remote Work Jul 2023 – Nov 2024 

Application Security Engineer 

Responsible for performing code reviews, vulnerability scans, securing the entirety of the Software Development Lifecycle and recommending mitigations to the development operations leadership. Conducting source code reviews, software release approvals, mitigation and remediation plans. Assisting in the review of business applications from a to avoid security related issues/threats at the early stages of the software development. 

CONTRIBUTIONS: 

  • Lead the application vulnerability remediation program by ensuring that vulnerabilities are remediated within SLA timelines, advising development teams on the correct approach to close specific vulnerabilities, and investigating potential false positives. 
  • Conduct static, dynamic, and third-party vulnerability scans on hosted and on-premises banking, healthcare, legal, and fraud detection applications. 
  • Report and manage vulnerabilities to engineering and devops teams from penetration tests, code reviews, and conducting PCI ASV scans to assist in preparation efforts for various audits such as FFIEC. 
  • Define software security best practices, performs software security tests, and supports the identification, interpretation, and remediation of security vulnerabilities across a variety of platforms 
  • Review and approve Change Approval Board and Off-Cycle Change Request tickets. 
  • Program new features and perform upkeep on application and infrastructure scripts which generate vulnerability reports for company executives. 
  • As a Software Security Engineer, responsible for analyzing and securing software applications across all phases of the SDLC. Led efforts to identify, mitigate, and resolve security vulnerabilities, ensuring secure coding practices and strong defenses against common threats like SQL injection and XSS. Worked closely with development and engineering teams to integrate security measures into software design and operations, providing solutions that align with security best practices, compliance standards, and the organization’s long-term security goals. 

 

 

Cybersecurity Consulting Firm– Virtual/Remote Work Jun 2022 – Jun 2023 

Application Security Consultant (Threat and Vulnerability Management Services) 

Responsible for performing vulnerability assessment and penetration testing on enterprise applications and recommending mitigations to the development team. Conducting Web Application Vulnerability Assessment & Threat Modeling, secure code review on the applications. Assisting in the review of business solution architectures from a security point of view which helps avoid security related issues/threats at the early stage of the project. 

CONTRIBUTIONS: 

  • Used best practices in handling manual penetration testing on APIs, web, and mobile applications , leveraging innovative approaches that were recognized and adopted as a gold standard. 
  • Performed application security assessments, secure code reviews, and advanced advisory activities through client services engagements 
  • Standardized the documentation of vulnerabilities and the subsequent technical remediation efforts. 
  • Secured web applications by finding and fixing critical issues using advanced tools and techniques. 
  • Helped create and implement secure coding solutions for web applications by offering guidance and expertise to developers, architects, and stakeholders to ensure top-notch security. 

Healthcare Industry Cybersecurity Contract – Virtual/Remote Work      Nov 2021 - Jun 2022 

Cyber Security Analyst (SOC/CSIRT/T&VM) 

Responsible for identifying, analyzing, and mitigating potential cyber threats. Gathered and interpreted data, responding to incidents, evaluated risks and vulnerabilities, designed and implemented security controls, conducted security testing, communicating with stakeholders, and collaborated with other cybersecurity professionals to ensure effective cybersecurity policies and procedures. 

 

Contributions: 

  • Proficiently performed routine health checks on security solutions to secure fully operational and compliant service. Verified windows and Linux Servers were patched successfully and available. 
  • Effectively monitored SIEM solution and Microsoft’s Security Suite and responded to alerts as per SLA. 
  • Conducted thorough IOC searches as a team, leveraging new threat intelligence to identify APTs and potential threat campaigns. 
  • Monitored and analyzed threats to clients' servers & workstations through the Microsoft Defender and Splunk security solutions, escalated incidents, and provided detailed reports to appropriate teams. 

 

Department of Defense  Cybersecurity Contractor - Air Base     Feb 2021 - Nov 2021 

Lead Information Security Analyst | Information System Security Manager (ISSM) 

Responsible for overseeing and managing the information security program, including identifying and mitigating security risks, ensuring compliance with regulations and policies, managing security incidents, and providing guidance and training to other employees. Evaluated new technologies and security solutions and made recommendations to senior management on how to improve the organization's security posture. Additionally, lead and mentor other members of the information security team. Protecting sensitive information and assets from cyber threats. 

Contributions: 

  • Managed the IA program, System Security Plans, and security training as the Cybersecurity PM, ensuring compliance and promoting security awareness for facility management, InfoSec personnel, and other users. 
  • Maintained the security & integrity of networks, systems, and applications by enforcing organizational security policies and monitoring security tools for compliance with DISA Command Cyber Readiness Inspections (CCRIs). 
  • Assessed IT systems' security controls and enhancements independently to optimize their effectiveness while ensuring compliance with installation standards. 
  • Provided oversight for the maintenance of the COMPUSEC and 8570 programs, including training for administrative users, and ensured compliance with documentation requirements for appointed unit Cybersecurity Liaisons (CLs) and Information System Security Officers (ISSOs). 

 

United States Military – Various Locations      Mar 2015 - Mar 2021 

Security Administrator/COMSEC Custodian | Unmanned Aerial Systems 

Responsible for implementing and maintaining security measures to protect computer systems, networks, and data from unauthorized access, theft, or damage. Develop and enforce security policies, procedures, and standards to ensure industry regulations and best practices compliance. Conducting security audits and risk assessments to identify vulnerabilities and recommend solutions to mitigate risks. 

Contributions: 

  • Administered and maintained infrastructure using Red Hat Linux, Windows, and Cisco switches, achieving 90% efficiency and adhering to architectural guidelines and policies. 
  • Provided continuous production for the National Training Center by coordinating and performing activities related to troubleshooting, installation, testing, analysis, and security of voice/datalink communications (COMSEC). 
  • Achieved complete compliance with NIST 800-53 by planning, designing, and testing current and future upgrades to IT infrastructures, leveraging exceptional leadership, teamwork, and organizational skills. 

EDUCATION

Master of Science | Cybersecurity & Information Assurance – Western Governors University 

Bachelor of Science | Cybersecurity & Information Assurance – Western Governors University 

CERTIFICATIONS (GRC, Offensive/Defensive Ops) 

SANS GIAC | Incident Handler (GCIH), Web App Penetration Tester (GWAPT) 

(ISC)2 | Certified Information System Security Professional (CISSP) 

ISACA | Certified Information Security Manager (CISM) 

eLearnSecurity | Web Application Penetration tester eXtreme (eWPTX) 

CompTIA | Security+, Cybersecurity Analyst+ (CySA+), Pentest+, Advanced Security Practitioner (CASP+) 

Project Management Institute | Certified Associate in Project Management (CAPM)  

EC-Council |CEH ANSI & Practical (CEH MASTER), Certified Application Security Engineer (CASE-Java) 

Cloud Security Alliance |Certificate of Cloud Security Knowledge (CCSK)