Open to opportunities

Craig Bartoshesky

@craigbartoshesky

Message

Cybersecurity leader specializing in AppSec, Secure SDLC, and DevSecOps with measurable risk reduction.

United States

Message

What I'm looking for

I seek senior security roles leading AppSec or DevSecOps programs where I can drive secure SDLC adoption, mentor teams, deploy tooling, and align security with business outcomes.

I am a cybersecurity leader with 15+ years driving enterprise Application Security, Secure SDLC, and vulnerability management programs across Fortune 10–500 organizations. I translate complex security posture into clear business impact and advise executive stakeholders on scalable AppSec and DevSecOps capabilities.

I have led AppSec delivery across large application portfolios, operationalized repeatable security frameworks, and reduced late-stage findings and recurring vulnerabilities by meaningful percentages. I’ve built threat modeling playbooks, managed penetration testing and tooling rollouts (SAST, DAST, SCA, ASPM), and contributed to AI-assisted testing and automation pilots.

I mentor and grow teams, support client delivery and account expansion, and align security strategy with engineering execution to accelerate secure product delivery in regulated and high-stakes environments.

Experience

Work history, roles, and key accomplishments

Security Manager

Ernst & Young

Jan 2023 - Jan 2026 (3 years)

Managed high-visibility AppSec engagements and led secure SDLC and DevSecOps delivery, reducing late-stage findings by ~25–35% and accelerating assessment ramp-up by ~20–30%.

Application Security Threat Modeling DevSecOps SAST DAST Vulnerability Management Executive Reporting

Senior Application Security Engineer

Ernst & Young

Jan 2018 - Dec 2022 (4 years 11 months)

Led AppSec delivery across 15–30+ applications annually, embedding threat modeling, penetration testing, and secure code review to cut assessment ramp-up time ~20–30% and reduce recurring findings ~20–30%.

Application Security Threat Modeling Penetration Testing Code Review SAST DAST

Application Security Engineer

Aspect Security

Jan 2017 - Jan 2018 (1 year)

Performed web and API penetration tests and code reviews as technical lead for financial clients, scoped engagements, and acted as client interface for vulnerability management initiatives.

Penetration Testing API Security Code Review Vulnerability Management Client Engagement Scoping Reporting

IT Security Analyst

The Vanguard Group

Jan 2014 - Jan 2017 (3 years)

Coordinated security architecture reviews, penetration testing, and secure code review across vendor teams, strengthening secure SDLC adoption and reducing recurring vulnerabilities.

Security Architecture Vendor Management Risk Visibility Agile Delivery

Developer

The Vanguard Group

Jan 2009 - Dec 2013 (4 years 11 months)

Delivered UI modernization and application enhancements across multiple Agile projects, maintained key applications, and supported major launches to improve reliability and on-time delivery.

Application Development Agile Production Support Release Management Troubleshooting Cross Functional Collaboration