I am open to entertaining the potential for change. My requirements are simple:
- Fully remote is an approved option immediately upon hire
- Direct hire
- Absolutely no surprise on-call
- A real work-life balance – 40+ hour weeks are the exception, not the norm
- Supportive culture with strong beliefs in mentoring and personal development
- Preferred security-focused roles (red and/or blue team and/or appsec)
My goal for 2020 is to acquire my OSCP and break into an application security or penetration tester position. If something were to come along before then that’s definitively in security, pays at least what I’m making now, and allows me to work remote 100% of the time without exception from day 1, I’d heavily consider it. I’m also interested in joining a team working with the latest technologies whom aren’t afraid of pushing the envelope to harness the power of the latest available. My passion is to build clean, maintainable, scalable code that is secure, and educating my teammates in vulnerability identification and remediation.
Software Developer, February 2019 – Current
I was brought on to aid in the forward movement for the Contact Center sector of [CURRENT EMPLOYER]. Immediately upon joining, I mapped plans for a progressive migration from virtual machine servers to Azure containers, and reviewed the code base to determine the best plan of action. This effort led to the elimination of a support license, which in turn saved the company over $10,000 annually.
Since then, I have implemented multiple CI/CD pipelines for deployments to Azure and the legacy virtual machines, assisted in remediating security vulnerabilities due to misconfigurations on legacy servers, built an ORM and dependency injection container (PSR compliant/composer autoloader) to ensure future maintainability and scalability of the code base, implemented secure code standards and specifications, assisted in day-to-day support operations, and earned the ServiceNow Fundamentals certification. Below is an additional list of noteworthy accomplishments. These efforts will save the business time, money, and peace of mind for the foreseeable future by increasing engineer efficiency, and decreasing the overall attack surface.
- Upgraded PHP 5.5.9 code to PHP 7.2
- Saved the company over $10,000 on a support license which offered the company no benefit
- Automated manual tasks related to lead loading in RingCentral
- Automated bulk file edits through development of a small Python application
- Remediated prevalent SQLi, LFI, LDAPi, XSS, CSRF, and information disclosure vulnerabilities
- Corrected misconfigurations in SSH, nginx, PHP-FPM and the Ubuntu host operating systems
- Assisted in the implementation of a dev, stage, production stack on Azure
- Increased visibility into application behavior through using App Insights and more concise logging within the PHP applications
- Utilized various network traffic analyzers and static analyzers to further secure code (phpstan/exakat)
- Aided in migration and hardening of various servers (Windows/Linux)
- Introduced SDLC processes into the development lifecycle
- Integrated an industry-standard dependency management framework (composer)
Full Stack Developer, January 2018 – February 2019
As a Full Stack Developer, I focused on building and integrating a single sign on system into [PREVIOUS #1]’s internal CRM system, which is then used by various client-facing applications as central location of identity and access provisioning. The application we launched had been my responsibility for the previous eight months as well. This application provided [PREVIOUS #1]’s clients full transparency into what [PREVIOUS #1] does for them and real-time project tracking. In addition, I worked closely with our Systems Administrator to prepare various other application for an eventual migration to Kubernetes. I also presented on security topics including social engineering (focus on phishing), and secure header configuration for web servers.
- Engineered and integrated a Single Sign-On system for role-based permissions management across multiple client-facing applications
- Presented on topics including secure application header implementation, server hardening, and social engineering
- Containerized applications in preparation for a future migration to Kubernetes
- Implemented multiple CI/CD pipelines and associated security provisions
- Utilized SCRUM Agile methodologies to maintain clear objectives and meet project deadlines
- Assisted in day-to-day server administration tasks including hardening production servers and implementing secure transfer tunnels for application deployments
Web Developer, May 2016 – January 2018
I started at [Previous #2] as a junior developer. As part of my responsibilities, I handled all client interactions for up to 13 clients at a time, with fully responsibility for each of their respective projects. These projects ranged from general website design and build-out to complex web applications used for business management, CRMs, and dispatching. I had the pleasure of assisting in the build and deployment of a stand-alone dashboard system which utilized Raspberry Pi’s to show contact center statistics for a large VRBO client, as well as using Python to integrate with secure money drop safes, later to be used in dispensaries across Oregon and Washington. During my time I also acquired Metrc certification, making[Previous #2] one of the first custom software development companies in the state of Washington licensed to be able to build products for the cannabis industry.
- Harnessed Smarty template engine, PHP5.6 & PHP7, MySQL, Apache, AWS, and nginx to meet or exceed project scopes
- Designed and implemented database schemas for complex web applications
- Ensured modern W3C and ADA-compliant (WCAG 2.0) code specifications were met in all public facing web sites and applications
- Generated company documentation for testing procedures, client relations, incident response, and more
- Managed accounts for up to 13 concurrent projects, including being the point of contact for our clients
Freelance Web Developer
June 2014 – April 2016
Needing to get some ever-valuable experience, I opted to switch careers and go freelance. By doing so I had the pleasure of creating brands and websites for a variety of clients across the US. This period introduced me to many fun projects including brand development, eCommerce development using Joomla! and Magento, and small scale server administration responsibilities.
Everything listed here is in order of proficiency
- Google Cloud Builder
- AWS S3/EC2
- Linux (Gentoo, Slackware, Fedora, Debian, Arch, Kali, Alpine)
- Microsoft Windows
- Metasploit (minimal)
last updated: 2020-04-01 10:45:00 -0700