Open to opportunities

Carlos Ramirez

@carlosramirez4

Message

Application Security professional specializing in DAST, vulnerability testing, and IAM-focused access governance.

Costa Rica

Message

What I'm looking for

I’m looking for a role where I can run high-quality DAST and manual web/API testing, turn findings into accurate risk reports, and strengthen IAM-focused access governance—while collaborating cross-team and continuously expanding my security toolkit.

I’m an Application Security professional specialized in Application Security with 3+ years of experience in DAST, web application testing, vulnerability analysis, and IAM processes. I bring a strong analytical mindset, attention to detail, and a passion for learning emerging security technologies.

As a Dynamic Security Auditor at OpenText, I performed 3–5 daily automated and manual web application vulnerability scans using WebInspect and Burp Suite. I configured automated scans per client requirements, validated findings, and reduced false positives while improving reporting accuracy with risk severity level classification.

I also conducted manual testing across Authentication/Session, Access Control, Business Logic, and Input Validation, using attacks such as XSS, SQL Injection, and privilege escalation. In addition, I completed basic API testing using Postman and Burp Suite.

Before that, I worked as a Systems Security Administrator I, executing IAM procedures to support access governance by reviewing roles, privileges, and user accounts to prevent unauthorized access. Earlier, as a Tier II Fortify Technical Support Engineer, I supported Fortify products (WebInspect, Static Code Analyzer), performed static and dynamic security testing, and troubleshot issues across networks, databases, and application code while producing reports aligned with OWASP Top 10.

Experience

Work history, roles, and key accomplishments

Dynamic Security Auditor

OpenText

Mar 2022 - Apr 2025 (3 years 1 month)

Performed 3–5 daily automated and manual DAST web application vulnerability scans using WebInspect and Burp Suite, configuring scan settings to client requirements and improving reporting accuracy by reducing false positives. Conducted manual testing across authentication/session, access control, business logic, and input validation (e.g., XSS, SQL injection, privilege escalation) and performed ba

DAST Burp suite Vulnerability Testing Authentication Access Control XSS SQL Injection API Testing

Systems Security Administrator I

Experian

Apr 2020 - Mar 2022 (1 year 11 months)

Executed IAM procedures to support access governance by reviewing roles, privileges, and user accounts to prevent unauthorized access. Processed BAU requests in Active Directory and O365, verifying approvals and compliance with corporate security policies for permission and account changes.

IAM Access Governance Active Directory O365 Role And Privilege Review Distribution Lists Security Policies

Fortify Support Engineer (Tier II)

Micro Focus

Aug 2017 - Nov 2018 (1 year 3 months)

Provided Tier II technical support for Fortify products (WebInspect and Static Code Analyzer) via email, phone, and remote sessions, including performing static and dynamic application security testing. Troubleshot complex issues across networks, databases, and application code using logs and reproduction, and produced reports aligned with OWASP Top 10.

Root Cause Analysis Troubleshooting Tomcat Wireshark TCP IP SQL Server OWASP Top 10