Tracy Gauger

Onboarded nearly 1,000 repositories into Veracode in just over a year, integrated Veracode into CI/CD to block high-severity vulnerabilities, and drove third-party vulnerability remediation prioritized by risk metrics such as EPSS and KEV.

Built application security programs for clients, performed SAST/DAST/SCA and manual penetration testing, and integrated AppSec tooling into Azure DevOps and Jira while producing evidence-based remediation reports.

Coordinated with development teams to manage AppSec expectations and audit evidence, analyzed SAST/DAST results to eliminate false positives, performed manual penetration testing, and managed third-party pentest engagements.

Onboarded F5 Silverline WAF and coordinated cross-functional launches, performed security assessments for web applications, verified remediations from third-party pentests, and supported phishing training rollout.

Performed security testing and exploit demonstrations on proprietary web applications, produced remediation reports, and presented security awareness at new employee orientations.

Ran Tenable compliance scans and tailored audit files to harden OS, managed IAM attestations and application password compliance, and led phishing awareness and annual training achieving 100% compliance for two years.

Worked in Agile across the SDLC performing feature and regression testing, wrote test automation, participated in static code reviews, and acted as engineering liaison for partner programs.

Completed a Bachelor of Science in Computer Science at the University of Minnesota, Institute of Technology.

Completed a Bachelor of Arts in Psychology at the University of Minnesota, College of Liberal Arts.