Experience

Chipper Cash

• United States
• Financial Services
• 100 - 200 Employee

• Snr Security Engineer

  • Sep 2022 - Present

  Established the overall Secure Development Lifecycle for Chipper Cash. Provided direction and guidance to developers regarding secure coding which included performing secure code review sessions. Effectively indulged in communicating with developers to build relationships and provided answers to security questions. Conducted various Proof Of Concept to identify the appropriate vendor tools to fit Chipper Cash environment. Established the overall Secure Development Lifecycle for Chipper Cash. Provided direction and guidance to developers regarding secure coding which included performing secure code review sessions. Effectively indulged in communicating with developers to build relationships and provided answers to security questions. Conducted various Proof Of Concept to identify the appropriate vendor tools to fit Chipper Cash environment.



Ernst & Young Global Consulting Services

• Bahamas
• Business Consulting and Services
• 700 & Above Employee

• Cyber Security Manager

  • Apr 2022 - Sep 2022

  Assisted with the management of Bank Of America Risk Assessment. Created Security Controls for EY clients and ensured all software releases goes through the required security checks. Reviewed client application security documents, identify gaps within their process, and suggested solutions. Managed a team dedicated to critical task which includes embeding security within Software Development Lifecycle (SDLC). Assisted with the management of Bank Of America Risk Assessment. Created Security Controls for EY clients and ensured all software releases goes through the required security checks. Reviewed client application security documents, identify gaps within their process, and suggested solutions. Managed a team dedicated to critical task which includes embeding security within Software Development Lifecycle (SDLC).



JPMorgan Chase & Co.

• United States
• Financial Services
• 700 & Above Employee

• Snr. Application Security Architect

  • Jun 2021 - Dec 2021

  Working with DevOps team members to build the CI/CD platform with secure SDLC/DevSecOps practices Conducting Security code reviews and triaging vulnerability findings report. Creating & documenting processes which includes Secure Development Lifecycle (SDL), Security Coding Standard, Risk Assessment, etc. as part of creating an effective and a strong Application Security program for CXLoyalty. Conducting threat modelling and secure design reviews Environment: Java, Checkmarx, JFrog Xray, NexusIQ, JS, C-Sharp, Jira, AWS, Eclipse Show less



eBay

• United States
• Technology, Information and Internet
• 700 & Above Employee

• SNR. Application Security Engineer

  • Sep 2019 - Sep 2020

  • Worked directly under StubHub’s CISO and provided daily update on application security progress/concern to eBay’s Global Information Security team • Conducted Security code reviews and worked one-on-one with dev teams on remediation. • Reviewed security requirements, security designs, and architecture for distributed system • Developed in-house application for metrics tools that displays real-time vulnerabilities (graphically) discovered from security tools that are integrated with the CI/CD pipeline • Conducted training sessions with dev teams on secure design/coding Environment: Java, Checkmarx, Fortify, Burp Suite, Java, JSON, XML, IruisRisk, SD Elements, JFrog Xray, Seeker, NexusIQ Show less



Acuity Brands

• United States
• Appliances, Electrical, and Electronics Manufacturing
• 700 & Above Employee

• Snr. Application Security Engineer

  • Apr 2019 - Sep 2019

  • Built the whole Application Security process which includes the Security Development Lifecycle Process • Secured web applications via code review sessions, SAST, DAST and Pen testing • Provided security requirements for Internet Of Things (IoT) applications • Manually Threat Modelled legacy applications as well as led the effort to automate Threat modelling process • Built the whole Application Security process which includes the Security Development Lifecycle Process • Secured web applications via code review sessions, SAST, DAST and Pen testing • Provided security requirements for Internet Of Things (IoT) applications • Manually Threat Modelled legacy applications as well as led the effort to automate Threat modelling process



AFLAC Worldwide Headquarters

• Snr. Application Security Consultant

  • Oct 2015 - Mar 2019

  • Defined Application Risk Assessment and Threat Modeling application, which includes creating Security Control to minimize/mitigates vulnerabilities. • Established the overall SDL process which includes the creation and maintaining AFLAC’s Secure Coding Standard document. • Performed secure code review sessions and recommending remediation for Dev teams • Performed static code and dynamic web assessment and scheduling remediation calls to assist development teams mitigate vulnerabilities. • Provided advice on vulnerability risk acceptance to management as well issuing alternate mitigation. • Managed and research course curriculum for secure coding computer-based training for development teams which promotes secure coding practices. Environment: Acunetix, HIPAA, PCI DSS, Java, Android Java, JavaScript, C/C++, C-Sharp, Veracode, SQLMAP, ZAP, SAST, DAST, Show less



General Motors

• Roswell GA

• Software Security Analyst

  • Oct 2013 - Oct 2015

  • Performed Security Code reviews with developers and approved fixes for vulnerabilities • Validated vulnerabilities via Manual Penetration test and suggested fixes to the development teams • Set up Security Testing process and developed secure coding training doc for new Hires • Defined Security testing requirements and developed Test Plan document for applications and guide project teams though their testing needs till software release • Engaged with Assurance team on certified multiple applications to be installed on GM network • Walked through and presents periodic vulnerability matrix to Management and analyzing risk factors • Assisted Code Management integrating Jenkins with HP Fortify Static Code Analysis tool. Environment: HP Fortify, HP WebInspect, Java, C/C++,C-Sharp, Burp Suite, JavaScript, Wireshark, SOX Show less



Telos Corporation

• United States
• Computer and Network Security
• 400 - 500 Employee

• Application Security Consultant

  • Mar 2012 - Jun 2013

  • Provided consultation on secure code practices, security tools implementation, and scanning Air Force applications with Fortify SCA, AppScan, and AppDetective. • Implemented Software Security tools such Fortify SCA into different SDLC. • Analyzed scan results from Fortify SCA scans and providing a detailed overview on vulnerabilities which includes Definition, Risk, and Remediation. • Participate in manual code reviews looking for vulnerabilities such as SQL injection, XSS, Path Manipulation, etc. • Assisted in putting together training documents such as best coding practices doc for newly hired employees and clients. Environment: HP Fortify, HP WebInspect, ZAP, IBM AppScan Standard Edition, Python, IBM AppScan Source Edition, SQLMAP, AppDetective Database scanning tool Show less



Neptune Tech.

• Montgomery, Alabama Area

• Software Engineer

  • May 2007 - Nov 2011

  NEPTUNE TECHNOLOGIES, TALLASSEE, AL April 2007 – Nov 2011 • Designed, developed, and upkeep of Java Water, Gas, and Electric meter reading application. • Developed an incident response program that monitors Neptune AMR software. • Developed Policies, Standards, and Procedures to secure Neptune’s Automatic Meter Reader (AMR) software. • Responsible in securing Automatic Meter Reader (AMR) application via code review sessions. Environment: C#, Java, Android Java, C++/C, JavaScript, Batch/Shell Script, SQL Anywhere, Python, Wireshark, SSH, ISO 9001, Protocol Analyzer, GPRS Model,RF transmitters, Linux From Scratch(LFS) Show less



Georgia State University

• United States
• Higher Education
• 700 & Above Employee

• Technical Support

  • Aug 2005 - Apr 2007

  • Used diagnostic skills and internal tools to identify root causes of customer system log in issues, analyze problem, develop situations, and recommend action. • Received customer calls from first level service center representatives to provide second level technical phone support to GSU customers interfacing with base level products and services departments, productivity tools, and third level support. • Responsible for installation of antivirus programs on over 500 University computers. Environment: Troubleshooting, Ghost Symantec, Remedy Ticketing System Show less