SUMMARY:

• Information Technology Professional specializing in application security, with broad ranging skills in web development and security practices.
• Skilled at performing penetration testing using both SAST & DAST methodologies.
• Adept at leading a global team Security Champions and instructing others in ways of APPSEC.
• Familiar security best practices including OWASP & APPSTIG.
• Familiar with an array programming languages.
• Sharepoint 2007, 2010 (’07 EIM/AMC SO Certified)

Languages: HTML, Javascript, CSS, .NET, JAVA, ASP, PHP, C++/C#, Coldfusion

Vulnerability:OWASP, CWE, NIST, APPSTIG, etc

SAST Tools:  HP Fortify, Checkmarx, Veracode

DAST Tools:  HP WebInspect, Burp, IBM Appscan, Nikto

Portals/Tools:  Jenkins, JIRA, Wiki, Remedy, HelpDesk, WebGoat

Clearance:  Secret

PROFESSIONAL EXPERIENCE:

Confidential

Senior Application Security Analyst

Responsibilities:

• Identify web application security vulnerabilities (SAST/DAST) and offer resolution advice
• Develop, maintain and communicate future and current state security architecture strategies and models
• Conduct risk assessments, threat modeling and information security reviews on Morningstar systems, applications and platforms
• Maintain an active global Security Champion program by recruiting, training and working with internal dev teams.
• Work directly with internal business units to communicate risk and help resolve open vulnerabilities 
• Understand and help execute information security program goals 
• Maintain and update information security policies and standards
• Provide security remediation advice and training to technical personnel
• Develop and enhance internal security processes, programs and procedures
• Document secure coding guidelines and run training programs to assist internal development personnel
• Collect application vulnerability metrics and introduce automated security checks into application build process
• Manage WAF rule - set to address application security vulnerabilities where necessary

Confidential, IL

Senior Software Security Analyst

• Maintain familiarity with an array of languages, environments and architecture.
• Windows/Solaris/Linux
• Service Oriented Architecture
• .NET/ASP/JAVA/Coldfusion/C#/C++/others
• Analyze and provide feedback to programs on OWASP & Application Security STIG rules and best practices.
• Provide static code analysis of applications via HP Fortify 360.
• Provide reports and observation based on WebInspect and Burp findings.
• Familiar with other tools such as Nikto & WebGoat.
• Develop and maintain Security Tasking Application. Custom made tool that coordinates IA Fortify services and projects results and status to specific programs.
• Provide ongoing education and communal support to developers on security best practices.

Confidential, IL

Web Developer

• Development & maintenance of multiple USTRANSCOM sites & applications on a daily basis.
• Provide first level contact support to all customers within USTRANSCOM relating to sites & applications.
• Work directly with customers on requirements and implementation.
• Central point of coordination and creation for all documentation (User Guides, Application Guides, Continuity, other) for USTRANSCOM J6-OMW.
• Actively provided quality control and section 508 compliance checks on USTRANSCOM sites & applications.
• Provide Tier 1 Sharepoint support for USTRANSCOM. Site collection access.

Confidential, MO

Web Developer

• Develop brochure & marketing sites for clients through the continental United States.
• Managed all site functions for clients (cpanel, email, sql, etc)
• Provide direct support to assigned clients for all web issues.
• Assist in development of SEO/SEM functions & Zip Code indexing.

Confidential

Online Development

• Develop & maintain numerous ecommerce sites using CMS & Custom Applications. This was completed by using both the Magento & Joomla CMS which is PHP based.
• Develop & maintain all SEO/SEM functions in relation to the commerce sites. Using Google, Yahoo, Bing & Trada as forms of PPC.
• Implement & Manage all 3rd party feeds: EBay, Amazon, Shopzilla, Google Products and others. This was done using both premade and custom extensions using HTML/PHP/XML and other sources.
• Design, Schedule and coordinate all email campaigns: Constant Contact, iContact, MailChimp. Using templating, html and other feeds to create weekly email campaigns.
• Maintain all office software & machines. Servers, Desktops, Shipping/Inventory systems, among other duties.
• Manage customer service interaction via email, phone & live chat functions. Tasked with managing Customer Service Reps. and providing tier 2 service to customers.
• Installed & Managed all CMS Platforms. Done using MySQL, Workbench and phpmyadmin tools.

Confidential

Audience Development Manager

• Design & maintain numerous external and internal websites in relationship to company operations. Sites created using the Joomla/PHP CMS also including GNuPG & SSL Encryption for security.
• Manage multiple E-Edition publications. Served in both a Developer and Project Manager role in creation of both the daily & weekly publication sites.
• Independently manage all duties in relation to running "Newspapers in Education."
• Schedule & design advertisements in support of sales campaigns. Focused greatly on the use of Photoshop, Illustrator and InDesign Adobe Products.
• Analyze and create keyword phrases for PPC Campaigns.
• Design and implement e-zines in relation to company operations and events.