- Capabilities
- 5
- Tools & platforms
- 5
- Discipline
- Security
Lead AppSec strategy across web, API, and cloud-native platforms. Identify and remediate vulnerabilities at the design stage and across the entire delivery pipeline.
- SAST, DAST and SCA tooling integration
- Secure code review across .NET, Java, Node.js
- Threat modeling using STRIDE
- Authentication, authorization and input validation review
- Vulnerability management lifecycle ownership
The stack behind the work.
The tools I reach for day to day — with a rough sense of where my depth sits.
Burp Suite
ExpertManual web app pentesting & interception
OWASP ZAP
AdvancedAutomated DAST scanning in CI
Checkmarx
AdvancedStatic analysis (SAST) for code review
Snyk
AdvancedDependency & SCA vulnerability scanning
SonarQube
ProficientCode quality & security gating
Projects that put this to work.
Enterprise AppSec Migration
Driving tiered application onboarding into a unified AppSec program with automated CI/CD gating.
IAM Least-Privilege Redesign
Role redesign and policy enforcement program reducing over-privileged access across cloud accounts.
CI/CD Security Automation
Embedded SAST, DAST and SCA gates into shared CI/CD pipelines for automated pre-deployment validation.
Cloud Security
Hardening cloud-native estates at enterprise scale.
DevSecOps
Automating security as code into every pipeline.
API & Identity Security
Securing the perimeter of distributed systems.
Technical Program Management
Turning security strategy into delivered outcomes.