An Information Technology graduate who is passionate about Information Security and Web Application Development, I am interested in researching and learning security testing methodologies as well as developing web applications.
Information Security Analyst
I joined Pointwest's newly-formed Technical Security Group as a Security Analyst. I trained Software Developers and Quality Engineers on conducting Dynamic Vulnerability Assessments. I run Vulnerability Assessments on Internal Web Applications and provide advice during triage. I am responsible for maintaining the team's taxonomy based on different taxonomies that already exists. I also help develop the team's workflow on conducting its operations. Some of my current tasks are to research on Static Application Security Testing and to research on Threat Modeling in Agile Software Development.
Web Application Security Consultant - Manual Tester
Leads a team of 11 QA testers and managed their daily queues. Helped the testers conduct their False Positive Validation by checking the validity of their FPV’s and ensuring that their results comply with the team’s standards. Ensured that technical issues within the team are resolved in the absence of the Technical Lead.
Web Application Security Consultant - Quality Assurance Tester
Conducted false positive validation on the vulnerability findings of automated dynamic security assessments. Performed remediation tests for previous vulnerability findings. Ensured that scan settings complies with the team’s automated testing standards. Researched testing methodologies for validating vulnerability findings.
Web Application Security Consultant - Automated Tester
Performed automated vulnerability assessments on the web applications of various Fortune 500 companies using HP’s WebInspect. The test includes initial assessment and analysis for possible online security threat and vulnerabilities. Ensured optimal settings are met for better vulnerability findings. Generated reports according to customer requests and made sure that it complies with the team’s data safety standards.