About
Highly accomplished Senior Application Security Engineer with over 6 years of expertise in product security, penetration testing, and advanced AI/LLM security practices. Proven success in designing and launching enterprise-wide security programs, mitigating critical vulnerabilities by up to 85%, and leading cross-functional teams to integrate robust security strategies into the SDLC. Drives significant improvements in system security and compliance through expert threat modeling, vulnerability management, and Linux/Python scripting.
Work
Remote, Remote, US
→
Summary
Led the design and launch of Reltio's inaugural organization-wide Application Security program, aligning with business goals, compliance, and secure SDLC principles.
Highlights
Spearheaded the design and launch of Reltio's inaugural organization-wide Application Security program, ensuring alignment with business goals and secure SDLC principles.
Developed and maintained custom Application Security Posture Management (ASPM) rules, enhancing security enforcement across CI/CD pipelines and production environments.
Reduced average vulnerability remediation time by 50% by identifying, analyzing, and remediating application security vulnerabilities using industry-leading ASPM tools and integrating auto-triage with Jira & Slack.
Conducted comprehensive threat modeling and architecture reviews for critical components, including Reltio's Model Context Protocol (MCP Server), ensuring robust mitigations aligned with OWASP and MCP best practices.
Remote, Remote, US
→
Summary
Drove product and AI security initiatives as Product Owner and Subject Matter Expert, defining security requirements, leading integrations, and enhancing system security.
Highlights
Defined and prioritized AppSec security requirements as Product Owner, achieving 100% alignment with organizational goals and enhancing product security posture.
Led the integration and optimization of JFrog Xray (SCA) as Subject Matter Expert, increasing identification of open-source and supply chain vulnerabilities by 50%.
Analyzed over 100 LLM models using NVIDIA GARAK, identifying OWASP LLM Top 10 vulnerabilities, and leading red teaming efforts to guide secure AI tool development.
Achieved a 30% improvement in system security as Technical Product Owner for Linux hardening, developing strategic roadmaps and facilitating cross-team collaboration.
Remote, Remote, US
→
Summary
Spearheaded the design and implementation of directed security requirements for GE Healthcare's XRAY products, ensuring compliance and mitigating risks.
Highlights
Pioneered an advanced X-ray compliance framework using Python and shell scripting, reducing STIG vulnerabilities and potential risks by 85% for XRAY products.
Designed and implemented comprehensive Service, Port, Package, and Sudo Whitelisting, alongside a Threat Model for Next-Gen GE X-Ray Products.
Conducted comprehensive vulnerability assessments on X-ray OS (SUSE & Red Hat) using Tenable Nessus and Nmap, identifying and resolving over 100 critical vulnerabilities.
Developed a security fail-safe bash script for the Linux security service, minimizing kernel panic attacks by 99%.
Collaborated with the X-Ray core software team to ensure HIPAA, FDA, and DoD compliance for X-Ray products.
Skills
Product Security & Engineering
Product Security, Vulnerability Management, Security Automation, Project Management, Threat Modeling, SAST, DAST, SCA, Code Review, OWASP Top 10, Fuzz Testing, Secure Software Development Life Cycle (SSDLC).
AI & LLM Security
AI Security, AI for Security, LLM Vulnerability Assessment, Responsible AI, Red Teaming LLM Applications, Prompt Injection.
Frameworks & Standards
STRIDE, DREAD, NIST CSF, NIST AI RMF.
Tools & Technologies
Kali Linux, JFrog Xray, Tenable Nessus, Garak, Cycode, VirusTotal, Iriusrisk, Nmap, BurpSuite, Nikto, Sonarqube, Python, Shell/bash Scripting.