Provide application security support for a variety of of sectors, building a security program based on best practices - Build application security program, identifying risks - Conduct penetration testing activities - Provide static and dynamic code analysis coverage, automating the process and generating reports
- Led application security program post-acquisition process, maintaining security activities and requirements for the product in a transition from on-premise datacenters to AWS cloud provider. - Integrated security into the Agile lifecycle, automating secure code analysis to meet product requirements within delivery timelines. - Reduced security program cost by replacing commercial tools with open source counterparts. - Worked side by side with support team to answer security concerns and vulnerabilities reports from customers, connecting directly with them if needed - ISO27001 and SOC2 recertification support, writing tools to automate security reporting - Train developers on common security vulnerabilities - Web Application Firewall maintenance and analysis to identify threats - Validate and determine scope of security issues - 3rd party penetration testing scheduling, set up and outcome analysis
Worked as Security Quality Assurance Lead in ClaroLab for customer Jive Software - Define security testing schedule, in coordination with developers and QA teams - Define must fix bugs previous to a release - Validate compliance with security policy previous to a release - Automate security tasks - Coordinate, set up and engage with 3rd party penetration test providers for the product
Security Quality Assurance for customer Jive Software - Worked on web and mobile versions of the product - Run static and dynamic security scans, analyze results and generate reports - Conduct manual penetration testing - Report security bugs to developing teams, explain its implications and how they can be addressed - Validate proposed fixes for security bugs - Search for regressions on modified code with previous bugs