James McDonald

Senior Application Security Associate at Undisclosed
  • Claim this Profile
Contact Information
us****@****om
(386) 825-5501
Location
St Petersburg, Florida, United States, US
Languages
  • English -
Skills

Topline Score

Topline score feature will be out soon.

Bio

Generated by
Topline AI

5.0

/5.0
/ Based on 2 ratings
  • (2)
  • (0)
  • (0)
  • (0)
  • (0)

Filter reviews by:

Paula DiTallo

Jim is an exceptional InfoSec engineer. His natural eye for detail, patterns and anomalies are perfectly matched for the challenging tasks of enterprise security. Jim is an asset to any organization.

Rhonda L. Payton, PMP, CSM

Jim and I worked together at Kforce Professional Staffing. His extensive technology security-related knowledge greatly assisted me in making sure we stayed in compliance with public laws such as Sarbanes-Oxley. Plus, he was always personable and professional; I would not hesitate to recommend him to your organization.

You need to have a working account to view this content.
Join now
You need to have a working account to view this content.
Join now

Credentials

  • ITIL® Foundation Certificate in IT Service Management (ITILv3)
    PEOPLECERT
    Nov, 2014
    - Nov, 2024
  • GIAC Web Application Penetration Tester (GWAPT)
    SANS Institute
    Jan, 2015
    - Nov, 2024
  • EC-Council Certified Ethical Hacker (CEH)
    EC-Council
    Sep, 2011
    - Nov, 2024
  • GIAC Certified Incident Handler (GCIH)
    SANS Institute
    Nov, 2009
    - Nov, 2024
  • Certified Information Systems Security Professional (CISSP)
    (ISC)²
    Mar, 2005
    - Nov, 2024
  • Certified Information Systems Auditor (CISA)
    ISACA
    Feb, 2014
    - Nov, 2024

Experience

  • Undisclosed
    • Financial Services
    • 700 & Above Employee
    • Senior Application Security Associate
      • Aug 2018 - Present

      Senior Application Security Associate on the Application Penetration testing team. Working with contractors and other FTEs, on testing, reporting, retesting over 200 apps annually. Unofficial SME, working as mediator and decision maker whenever conflicts and disputes occur between App Pentest team vs Developers and Business owners over issues regarding findings. Heavily involved in creating and updating our pentest test cases and CVSSv3.x Scores for findings, as well as changes in report… Show more Senior Application Security Associate on the Application Penetration testing team. Working with contractors and other FTEs, on testing, reporting, retesting over 200 apps annually. Unofficial SME, working as mediator and decision maker whenever conflicts and disputes occur between App Pentest team vs Developers and Business owners over issues regarding findings. Heavily involved in creating and updating our pentest test cases and CVSSv3.x Scores for findings, as well as changes in report design. Show less Senior Application Security Associate on the Application Penetration testing team. Working with contractors and other FTEs, on testing, reporting, retesting over 200 apps annually. Unofficial SME, working as mediator and decision maker whenever conflicts and disputes occur between App Pentest team vs Developers and Business owners over issues regarding findings. Heavily involved in creating and updating our pentest test cases and CVSSv3.x Scores for findings, as well as changes in report… Show more Senior Application Security Associate on the Application Penetration testing team. Working with contractors and other FTEs, on testing, reporting, retesting over 200 apps annually. Unofficial SME, working as mediator and decision maker whenever conflicts and disputes occur between App Pentest team vs Developers and Business owners over issues regarding findings. Heavily involved in creating and updating our pentest test cases and CVSSv3.x Scores for findings, as well as changes in report design. Show less

  • MainNerve LLC
    • United States
    • Computer and Network Security
    • 1 - 100 Employee
    • Senior Penetration Tester
      • Sep 2017 - Jul 2018

      This position involves performing various information assurance tasks with a focus on manual web application penetration testing in the corporate and government sectors. Responsibilities: * Perform web application penetration testing and vulnerability assessments * Develop improved methodology, processes, infrastructure, tools, and deliverables that contribute to the ongoing enhancement of the company's vulnerability assessment capabilities * Create detailed… Show more This position involves performing various information assurance tasks with a focus on manual web application penetration testing in the corporate and government sectors. Responsibilities: * Perform web application penetration testing and vulnerability assessments * Develop improved methodology, processes, infrastructure, tools, and deliverables that contribute to the ongoing enhancement of the company's vulnerability assessment capabilities * Create detailed assessment reports which accurately describe identified security weaknesses, potential business risks, prioritize mitigation recommendations, and estimate costs and effort levels for remediation * Present and clearly communicate findings and recommendations to the client's senior management, IT team members, and application developers * Train and mentor team members on web application assessment methodologies, tools, and techniques * Configure, maintain, and utilize web application testing infrastructure and tools Show less This position involves performing various information assurance tasks with a focus on manual web application penetration testing in the corporate and government sectors. Responsibilities: * Perform web application penetration testing and vulnerability assessments * Develop improved methodology, processes, infrastructure, tools, and deliverables that contribute to the ongoing enhancement of the company's vulnerability assessment capabilities * Create detailed… Show more This position involves performing various information assurance tasks with a focus on manual web application penetration testing in the corporate and government sectors. Responsibilities: * Perform web application penetration testing and vulnerability assessments * Develop improved methodology, processes, infrastructure, tools, and deliverables that contribute to the ongoing enhancement of the company's vulnerability assessment capabilities * Create detailed assessment reports which accurately describe identified security weaknesses, potential business risks, prioritize mitigation recommendations, and estimate costs and effort levels for remediation * Present and clearly communicate findings and recommendations to the client's senior management, IT team members, and application developers * Train and mentor team members on web application assessment methodologies, tools, and techniques * Configure, maintain, and utilize web application testing infrastructure and tools Show less

  • HSN
    • United States
    • Retail
    • 700 & Above Employee
    • Senior Cyber Security Engineer
      • Aug 2015 - Sep 2017

      Conduct cyber security assessments and penetration tests for web applications and networks. Search for security vulnerabilities in both traditional IT assets (web applications, fat clients, ERP systems, installations of COTS products), as well as internally developed products. Follow industry best practice methodologies for penetration testing (e.g., OWASP guidelines, NIST, PTES, OSSTMM), using tools for a basic level assessment, and manual penetration testing for advanced level… Show more Conduct cyber security assessments and penetration tests for web applications and networks. Search for security vulnerabilities in both traditional IT assets (web applications, fat clients, ERP systems, installations of COTS products), as well as internally developed products. Follow industry best practice methodologies for penetration testing (e.g., OWASP guidelines, NIST, PTES, OSSTMM), using tools for a basic level assessment, and manual penetration testing for advanced level assessments. Document findings for management and technical staff and recommend mitigating actions. Incident handler for CIRT and all internal investigations, conducting both host and network forensics when applicable. Maintain Imperva web application firewalls for Production Ecommerce Sites, creating many custom signatures to mitigate attacks in progress. Perform Malware Analysis on suspicious attachments, not detected by AV products. Built an automated malware analysis platform using both virtual and physical workstations based on Cuckoo, YARA, Malhuer, and other industry standard applications. Perform advanced static and dynamic analysis of malware where applicable. Threat hunting and research using various Threat Intellegence Sources, both Open Source and Commercial. Involved in recommending and determining security requirements for projects and new initiatives, as well as in remediation of vulnerabilities. Involved in PCI vulnerability assessments both internal and QSA tests and remediation efforts. Working on integrating MISP - Malware Information Sharing Platform and our open source and commercial threat feeds into our daily operations and to share our data with the community. Show less Conduct cyber security assessments and penetration tests for web applications and networks. Search for security vulnerabilities in both traditional IT assets (web applications, fat clients, ERP systems, installations of COTS products), as well as internally developed products. Follow industry best practice methodologies for penetration testing (e.g., OWASP guidelines, NIST, PTES, OSSTMM), using tools for a basic level assessment, and manual penetration testing for advanced level… Show more Conduct cyber security assessments and penetration tests for web applications and networks. Search for security vulnerabilities in both traditional IT assets (web applications, fat clients, ERP systems, installations of COTS products), as well as internally developed products. Follow industry best practice methodologies for penetration testing (e.g., OWASP guidelines, NIST, PTES, OSSTMM), using tools for a basic level assessment, and manual penetration testing for advanced level assessments. Document findings for management and technical staff and recommend mitigating actions. Incident handler for CIRT and all internal investigations, conducting both host and network forensics when applicable. Maintain Imperva web application firewalls for Production Ecommerce Sites, creating many custom signatures to mitigate attacks in progress. Perform Malware Analysis on suspicious attachments, not detected by AV products. Built an automated malware analysis platform using both virtual and physical workstations based on Cuckoo, YARA, Malhuer, and other industry standard applications. Perform advanced static and dynamic analysis of malware where applicable. Threat hunting and research using various Threat Intellegence Sources, both Open Source and Commercial. Involved in recommending and determining security requirements for projects and new initiatives, as well as in remediation of vulnerabilities. Involved in PCI vulnerability assessments both internal and QSA tests and remediation efforts. Working on integrating MISP - Malware Information Sharing Platform and our open source and commercial threat feeds into our daily operations and to share our data with the community. Show less

  • Bright House Networks
    • United States
    • Telecommunications
    • 700 & Above Employee
    • Principal Security Engineer
      • Mar 2014 - Aug 2015

      Principal Security Engineer responsible for web application firewalls, web application penetration testing, network penetration testing, forensics and eDiscovery, incident response and daily security operations. Several roles in security projects related to PCI compliance and remediation efforts as well as overall security operations. Principal Security Engineer responsible for web application firewalls, web application penetration testing, network penetration testing, forensics and eDiscovery, incident response and daily security operations. Several roles in security projects related to PCI compliance and remediation efforts as well as overall security operations.

  • Publix Super Markets
    • United States
    • Retail
    • 700 & Above Employee
    • Senior Information Security Analyst
      • May 2013 - Mar 2014

      Senior Information Security Analyst with large retail organization based in central Florida. Responsible for web application testing, penetration testing, vulnerability validation, eDiscovery, computer and network forensics, and lead incident handler for CIRT. Deployed and maintain web application firewalls in multiple environments, Retail SIEM, and network file encryption for sensitive data. Responsible for web application penetration testing and network penetration testing using various… Show more Senior Information Security Analyst with large retail organization based in central Florida. Responsible for web application testing, penetration testing, vulnerability validation, eDiscovery, computer and network forensics, and lead incident handler for CIRT. Deployed and maintain web application firewalls in multiple environments, Retail SIEM, and network file encryption for sensitive data. Responsible for web application penetration testing and network penetration testing using various commercial and open-source tools. Several roles in security projects related to PCI compliance and overall security operations. Show less Senior Information Security Analyst with large retail organization based in central Florida. Responsible for web application testing, penetration testing, vulnerability validation, eDiscovery, computer and network forensics, and lead incident handler for CIRT. Deployed and maintain web application firewalls in multiple environments, Retail SIEM, and network file encryption for sensitive data. Responsible for web application penetration testing and network penetration testing using various… Show more Senior Information Security Analyst with large retail organization based in central Florida. Responsible for web application testing, penetration testing, vulnerability validation, eDiscovery, computer and network forensics, and lead incident handler for CIRT. Deployed and maintain web application firewalls in multiple environments, Retail SIEM, and network file encryption for sensitive data. Responsible for web application penetration testing and network penetration testing using various commercial and open-source tools. Several roles in security projects related to PCI compliance and overall security operations. Show less

  • BayCare Health System
    • United States
    • Hospitals and Health Care
    • 700 & Above Employee
    • Sr. Network Security Analyst
      • Mar 2012 - May 2013

      Senior Network Security Analyst and team lead responsible for daily operations and various roles in projects. Develop and maintain security policies and procedures for incident response, risk and vulnerability assessments, penetration testing, firewalls, content filtering, data loss prevention, web application firewalls, database monitoring systems, and intrusion prevention systems. Participate in various projects in technical and security related roles. Responsible for monitoring and… Show more Senior Network Security Analyst and team lead responsible for daily operations and various roles in projects. Develop and maintain security policies and procedures for incident response, risk and vulnerability assessments, penetration testing, firewalls, content filtering, data loss prevention, web application firewalls, database monitoring systems, and intrusion prevention systems. Participate in various projects in technical and security related roles. Responsible for monitoring and maintaining firewalls, Web Application firewall and database monitor, Intrusion Prevention Systems, content filtering, Vulnerability Manager, and DLP systems. Perform web application testing using various commercial and open-source tools, and work with system administrators and developers on remediation efforts. Other duties include forensics, eDiscovery, External DNS, SSL certificates management, audit and remediation efforts (HIPAA, PCI, HITECH, Meaningful Use) and various roles in projects. Show less Senior Network Security Analyst and team lead responsible for daily operations and various roles in projects. Develop and maintain security policies and procedures for incident response, risk and vulnerability assessments, penetration testing, firewalls, content filtering, data loss prevention, web application firewalls, database monitoring systems, and intrusion prevention systems. Participate in various projects in technical and security related roles. Responsible for monitoring and… Show more Senior Network Security Analyst and team lead responsible for daily operations and various roles in projects. Develop and maintain security policies and procedures for incident response, risk and vulnerability assessments, penetration testing, firewalls, content filtering, data loss prevention, web application firewalls, database monitoring systems, and intrusion prevention systems. Participate in various projects in technical and security related roles. Responsible for monitoring and maintaining firewalls, Web Application firewall and database monitor, Intrusion Prevention Systems, content filtering, Vulnerability Manager, and DLP systems. Perform web application testing using various commercial and open-source tools, and work with system administrators and developers on remediation efforts. Other duties include forensics, eDiscovery, External DNS, SSL certificates management, audit and remediation efforts (HIPAA, PCI, HITECH, Meaningful Use) and various roles in projects. Show less

  • Collabera
    • United States
    • Information Technology & Services
    • 700 & Above Employee
    • IT Security Consultant
      • Feb 2011 - Feb 2012

      IT Security Consultant assigned to an International Fortune 500 Global Security Services company providing client site Security Operations at another International Global 500 company located in Clearwater, Florida. Develop and maintain security policies and procedures for incident response, risk and vulnerability assessments, penetration testing, routers, firewalls, content filtering, data loss prevention, and intrusion prevention systems. Participate in various projects in technical and… Show more IT Security Consultant assigned to an International Fortune 500 Global Security Services company providing client site Security Operations at another International Global 500 company located in Clearwater, Florida. Develop and maintain security policies and procedures for incident response, risk and vulnerability assessments, penetration testing, routers, firewalls, content filtering, data loss prevention, and intrusion prevention systems. Participate in various projects in technical and security related roles. Responsible for monitoring and maintaing Cisco routers and firewalls, Microsoft firewalls, IBM Proventia Intrusion Prevention Systems, as well as content filtering and DLP systems. Perform Web application testing using various commercial and open-source tools, work with system administrators and developers on remediation efforts. SIRT Incident Response Lead for US and Latin American Operations. Conducted annual PCI DSS Penetration test for level 1 compliance for client prior to being assigned to an operational role at the site. Show less IT Security Consultant assigned to an International Fortune 500 Global Security Services company providing client site Security Operations at another International Global 500 company located in Clearwater, Florida. Develop and maintain security policies and procedures for incident response, risk and vulnerability assessments, penetration testing, routers, firewalls, content filtering, data loss prevention, and intrusion prevention systems. Participate in various projects in technical and… Show more IT Security Consultant assigned to an International Fortune 500 Global Security Services company providing client site Security Operations at another International Global 500 company located in Clearwater, Florida. Develop and maintain security policies and procedures for incident response, risk and vulnerability assessments, penetration testing, routers, firewalls, content filtering, data loss prevention, and intrusion prevention systems. Participate in various projects in technical and security related roles. Responsible for monitoring and maintaing Cisco routers and firewalls, Microsoft firewalls, IBM Proventia Intrusion Prevention Systems, as well as content filtering and DLP systems. Perform Web application testing using various commercial and open-source tools, work with system administrators and developers on remediation efforts. SIRT Incident Response Lead for US and Latin American Operations. Conducted annual PCI DSS Penetration test for level 1 compliance for client prior to being assigned to an operational role at the site. Show less

  • Apptis (now part of URS Corporation)
    • IT Services and IT Consulting
    • 100 - 200 Employee
    • Information Assurance Engineer
      • Aug 2008 - Jun 2010

      Maintain IA-CND sensor grid situational awareness from Tier 0 to Tier 2; report and respond to sensor grid outages and/or anomalies; direct network surveillance resources. Track and report theater IA-CND performance/capability metrics. Coordinate and manage INFOCON changes and track compliance. Review current intelligence for relevant threats and develop appropriate actions/response. Distribute current IA-CND intelligence information to the USCENTCOM Components. Respond to direction from… Show more Maintain IA-CND sensor grid situational awareness from Tier 0 to Tier 2; report and respond to sensor grid outages and/or anomalies; direct network surveillance resources. Track and report theater IA-CND performance/capability metrics. Coordinate and manage INFOCON changes and track compliance. Review current intelligence for relevant threats and develop appropriate actions/response. Distribute current IA-CND intelligence information to the USCENTCOM Components. Respond to direction from intelligence section regarding specified tasks for mitigation of specific threat to current network operations. Review security threats and determines/implements effective countermeasures IAW established policies/regulations/directives. Analyze network or system changes/reconfigurations for security impacts (performs risk analysis/assessment). Show less Maintain IA-CND sensor grid situational awareness from Tier 0 to Tier 2; report and respond to sensor grid outages and/or anomalies; direct network surveillance resources. Track and report theater IA-CND performance/capability metrics. Coordinate and manage INFOCON changes and track compliance. Review current intelligence for relevant threats and develop appropriate actions/response. Distribute current IA-CND intelligence information to the USCENTCOM Components. Respond to direction from… Show more Maintain IA-CND sensor grid situational awareness from Tier 0 to Tier 2; report and respond to sensor grid outages and/or anomalies; direct network surveillance resources. Track and report theater IA-CND performance/capability metrics. Coordinate and manage INFOCON changes and track compliance. Review current intelligence for relevant threats and develop appropriate actions/response. Distribute current IA-CND intelligence information to the USCENTCOM Components. Respond to direction from intelligence section regarding specified tasks for mitigation of specific threat to current network operations. Review security threats and determines/implements effective countermeasures IAW established policies/regulations/directives. Analyze network or system changes/reconfigurations for security impacts (performs risk analysis/assessment). Show less

Community

You need to have a working account to view this content. Click here to join now