Experience

Experience

Last Updated: Dec 14, 2024

Offensive Application Security Analyst

Citibank | July 2022 - Present

General

These are tasks I perform regularly, regardless of position.

  • Performed white and grey box penetration tests with DAST tools including Burp Suite Pro, AppScan, ReadyAPI, SQLmap, and Kali Linux on web applications, APIs, databases, thick clients, and Android apps.
  • Conducted code reviews and vulnerability assessments on web applications, APIs, thick clients, and SaaS applications using tools such as Checkmarx, Qualys, Metasploit, and Nessus.
  • Performed infrastructure scanning to identify vulnerabilities and ensure robust security measures.
  • Created reports and collaborated with application teams to address reported issues and provide actionable remediation guidance.

Assistant Vice President - 2024

  • Identified most Priority risk issues in NAM AVA for 2024.
  • Helped identify and develop scan checks for CVE-2024-36459.
  • Established a process for triaging issues for Citi’s invite-only Private Bug Bounty program and Vulnerability Disclosure Program.
  • Continued to develop the internal Burp Suite extension for the team (JAVA).
  • Started to support development for internal reporting software (C#/.NET).
  • Completed volunteering for Static Code Analysis team.

Officer - 2022-2023

  • Discovered 10% of the total High-Impact Priority vulnerabilities globally at Citi in 2023 and surpassed all other testers in the NAM region in both quantity and severity of the identified issues.
  • Presented several vulnerabilities found during testing and held “tech talks” for NAM Application Vulnerability Assessment teams.
  • Developed several custom Burp Suite extensions using the new Montoya API to improve testing capabilities and efficiency, including integration with ChatGPT.

GFT Java Software Engineer

Citibank | July 2021 - July 2022

  • Led a successful migration from Solr to Elasticsearch for an internal search engine, leveraging Java and Angular technologies.
  • Managed a Red Hat Linux VM within Citi’s internal cloud, which hosted an ELK stack instance for the Elasticsearch migration.
  • Provided security consultancy, leveraging expertise to guide the team’s developers in implementing effective cybersecurity best practices.

Undergraduate Research Assistant

The University of North Texas | Jan - May 2021

  • Developed a C++ program that:
    • Stored social networks as a matrix in a compressed format.
    • Used matrix multiplication to find the centrality of a given matrix to help identify super-spreaders of an infectious disease.

EIO&T Summer Analyst

Citibank | July - August 2020

  • Gained a high level of understanding of the positions within Citi’s EO&T 2-year rotational program.
  • Acquired hands-on experience in:
    • Analyzing data from production applications.
    • The life cycle of a scrum project.
    • The workflow of developing an application at a financial institution.

Download Resume