CodeDriven Career
@codedrivencareer
Senior application security analyst with 9+ years securing SDLC, CI/CD, and APIs using proven SAST/DAST and risk programs.
United StatesWhat I'm looking for
I’m a Senior Application Security Analyst with 9+ years of experience in application security, vulnerability management, and secure software development lifecycle (SSDLC). I build practical security programs that reduce risk early—through threat modeling, secure design reviews, and continuous testing.
I have hands-on expertise with SAST/DAST scanning and remediation validation using tools like Veracode, IBM AppScan, Checkmarx, Fortify, OWASP ZAP, and Burp Suite. I map findings to OWASP Top 10 and NIST standards, define risk severity, and document vulnerabilities with clear remediation SLAs aligned to organizational risk appetite.
In enterprise and government environments, I integrate security into delivery pipelines by implementing DevSecOps and security controls in CI/CD (Jenkins, Azure DevOps, GitHub Actions). I also secure APIs and authentication flows using OAuth 2.0, SAML, OpenID Connect (OIDC), and SSO, then support application security accreditation before releases.
I’m comfortable partnering across development teams, IT leadership, and CISO stakeholders to enforce risk acceptance processes, including Risk Acceptance Letters for unresolved vulnerabilities. My approach is collaborative and measurable—turning scan results and security events into actionable guidance that leads to secure production deployments.
Experience
Work history, roles, and key accomplishments
Application Security SME
UnitedHealth Group
Jul 2023 - Present (2 years 11 months)
Conducted application vulnerability assessments using SAST/DAST tools, analyzed scan reports, and documented risks with remediation SLAs aligned to organizational risk appetite. Performed STRIDE threat modeling, integrated security testing into Jenkins/Azure DevOps CI/CD pipelines, and supported application security accreditation and risk acceptance processes.
Performed application security testing and vulnerability validation, supporting SSDLC/DevSecOps by integrating security controls into development and deployment workflows. Conducted risk assessments and security reviews, supported penetration testing and remediation tracking, and assisted in security event/incident analysis using SIEM/EDR/IDS-IPS tooling.
Conducted application security reviews and threat modeling, supporting identification of OWASP Top 10 vulnerabilities and remediation strategies. Implemented and administered CASB solutions for access monitoring, least-privilege enforcement, and DLP/encryption controls, and supported identity governance and auditing for compliance.
Security Engineer
iGATE Global Solutions Ltd.
Mar 2018 - Aug 2019 (1 year 5 months)
Aggregated, correlated, and analyzed log data from network and security devices to drive SIEM offenses and investigations. Designed and implemented security requirements and policies, conducted IT controls risk assessments, and monitored critical servers and applications using customized Splunk queries and endpoint management.
Network Engineer
Intellect Design Arena Ltd
Jun 2016 - Feb 2018 (1 year 8 months)
Configured and maintained network devices and services including routers, switches, firewalls, load balancers, VPN, and QoS. Provided Level-2/3 support, performed upgrades/patching and security configuration, monitored performance and capacity, and followed change-management policies to ensure reliable network operations.
Education
Degrees, certifications, and relevant coursework
CodeDriven hasn't added their education
Don't worry, there are 90k+ talented remote workers on Himalayas
Availability
Location
United StatesAuthorized to work in
Job categories
Skills
Interested in hiring CodeDriven?
You can contact CodeDriven and 90k+ other talented remote workers on Himalayas.
Message CodeDrivenFind your dream job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
