- Capabilities
- 5
- Tools & platforms
- 5
- Discipline
- Security
Embed static application security testing across the SDLC — scanning source and dependencies for vulnerabilities early, with automated gates that catch issues before code reaches production.
- Static code analysis across .NET, Java and Node.js
- CI/CD-integrated SAST gating and policy enforcement
- Triage, false-positive tuning and finding prioritization
- Secure code review of authentication and input handling
- Software composition analysis (SCA) for dependencies
The stack behind the work.
The tools I reach for day to day — with a rough sense of where my depth sits.
Checkmarx
AdvancedEnterprise static analysis (SAST)
SonarQube
AdvancedCode quality & security gating
Snyk Code
AdvancedDeveloper-first SAST & SCA
Semgrep
ProficientCustom rule-based static scanning
CodeQL
ProficientQuery-based code scanning in CI
Projects that put this to work.
Enterprise AppSec Migration
Driving tiered application onboarding into a unified AppSec program with automated CI/CD gating.
IAM Least-Privilege Redesign
Role redesign and policy enforcement program reducing over-privileged access across cloud accounts.
CI/CD Security Automation
Embedded SAST, DAST and SCA gates into shared CI/CD pipelines for automated pre-deployment validation.
AI/LLM Security Guardrails
Secure-by-design review and guardrail program for AI/LLM-integrated services across the platform.
Application Security
Embedding secure-by-design into the SDLC.
DAST
Dynamic testing that probes running apps like an attacker.
Cloud Security
Hardening cloud-native estates at enterprise scale.
DevSecOps
Automating security as code into every pipeline.