San Antonio, Texas, United States
Application Security Consultant/Analyst/Architect, Penetration Tester, Information Security, Security Testing
- Working on-site as Contractor in USAA ( hired by TCS ) with TN Visa. - Security Test under dotcom, mobile web pages and services. - Work with Agile Methodology. - Work with OWASP top 10 and other vulnerabilities - Assessment of project changes to determine impacts to security. - IBM Appscan tool configuration, execution and evaluation of results. - Manual Black Box testing. - Use of Burp Suite Pro. - Use of soapUI and ARC to test changes on services. - Defects reporting and tracking. - Help to developers to fix Security Defects. - Validation of fixes and closure of defects. - Strong communication with QA Leads. - Mobile testing on Android and iOS applications. - Generation of project metrics.
- Security Testing. (Black Box, White Box, Gray Box and Threat Modeling). - Security requirements & follow-up for compliance. - Coordinator of team representatives around the world. - Execute Static & Dinamic Scan tools (SAST & DAST), and validate results. - Manual Penetration testing and use of proxy tools like toddler, zap, webscarab. - Testing based on OWASP top 10 and others standards like CWE. - Coordination, follow-up & give Training for Secure Coding. - Work with different development, lead and management levels. - Application Security Consultant. - Presenter of Security Awareness. - Metrics creation and reporting. - Mentoring and training to new joinees.
- Employee of Softtek working for GE in Softtek Office. - Security Testing. (Black Box, Gray Box). - Manual Penetration testing and use of proxy tools. - Work on Security testing Center of Excellence team. - Research and evaluation of security tools/scans. - Implementation of OWASP Web Application Firewall. - Creation of the Threat Modeling and Security Design Review service. - Research of Java best practices code snippets.