Tracy Gauger
@tracygauger
Senior application security engineer driving secure development and remediation.
What I'm looking for
I am a passionate and dedicated application security professional who excels at collaborating across teams to secure applications while supporting business objectives. I bring hands-on experience with SAST, DAST, SCA tools and manual penetration testing.
At Albertsons Safeway I onboarded almost 1,000 repositories into Veracode in just over a year, integrated Veracode with CI/CD to block high-severity vulnerabilities, and created AppSec dashboards and reports for stakeholders. I also drove prioritized third-party vulnerability remediation using risk metrics like EPSS and KEV.
I have built application security programs for clients, performed assessments, analyzed automated tool findings to reduce false positives, and integrated security tooling into Azure DevOps and Jira. In prior roles I configured WAFs, coordinated pentest engagements, verified remediations, and performed security testing using tools like Burp Suite, AppScan, Nmap, sqlmap and Metasploit.
I hold GWAPT and CISSP certifications and a CCSK certificate, and I enjoy mentoring junior security staff, educating developers and DevOps engineers, and communicating technical risk to executive stakeholders.
Experience
Work history, roles, and key accomplishments
Senior Application Security Engineer
Albertsons Safeway
Aug 2022 - Present (3 years 2 months)
Onboarded nearly 1,000 repositories into Veracode in just over a year, integrated Veracode into CI/CD to block high-severity vulnerabilities, and drove third-party vulnerability remediation prioritized by risk metrics such as EPSS and KEV.
Application Security Engineer
GuidePoint Security
Oct 2021 - Jul 2022 (9 months)
Built application security programs for clients, performed SAST/DAST/SCA and manual penetration testing, and integrated AppSec tooling into Azure DevOps and Jira while producing evidence-based remediation reports.
Application Security Engineer
Bottomline Technologies
Feb 2021 - Oct 2021 (8 months)
Coordinated with development teams to manage AppSec expectations and audit evidence, analyzed SAST/DAST results to eliminate false positives, performed manual penetration testing, and managed third-party pentest engagements.
Application Security Engineer
Minnesota Judicial Branch
Nov 2019 - Jan 2021 (1 year 2 months)
Onboarded F5 Silverline WAF and coordinated cross-functional launches, performed security assessments for web applications, verified remediations from third-party pentests, and supported phishing training rollout.
Application Security Analyst
MNIT
Jul 2018 - Nov 2019 (1 year 4 months)
Performed security testing and exploit demonstrations on proprietary web applications, produced remediation reports, and presented security awareness at new employee orientations.
Information Security Risk Analyst
Bremer Bank
Mar 2017 - Jul 2018 (1 year 4 months)
Ran Tenable compliance scans and tailored audit files to harden OS, managed IAM attestations and application password compliance, and led phishing awareness and annual training achieving 100% compliance for two years.
Software Test Engineer
Veritas
May 2002 - Apr 2011 (8 years 11 months)
Worked in Agile across the SDLC performing feature and regression testing, wrote test automation, participated in static code reviews, and acted as engineering liaison for partner programs.
Education
Degrees, certifications, and relevant coursework
University of Minnesota
Bachelor of Science, Computer Science
Completed a Bachelor of Science in Computer Science at the University of Minnesota, Institute of Technology.
University of Minnesota
Bachelor of Arts, Psychology
Completed a Bachelor of Arts in Psychology at the University of Minnesota, College of Liberal Arts.
Tech stack
Software and tools used professionally
Availability
Location
Authorized to work in
Job categories
Interested in hiring Tracy?
You can contact Tracy and 90k+ other talented remote workers on Himalayas.
Message TracyFind your dream job
Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!
