DEBORAH QUAYE
Joliet,MT
Summary
Organized and dedicated Application Security Engineer with a strong cloud security background and 4 years of experience. Specializing in penetration testing, vulnerability assessment, and security integration across Azure and AWS cloud environments. Proficient in implementing SAST, DAST, SCA, and securing CI/CD pipelines, with expertise in addressing OWASP Top 10 vulnerabilities. Proven track record of identifying, assessing, and remediating vulnerabilities, while collaborating with development teams to integrate security best practices throughout the software development lifecycle. Committed to driving a security-first approach to ensure comprehensive application and cloud infrastructure security
Overview
8
8
years of professional experience
1
1
Certification
Work History
Application Security Engineer/Penetration Tester
Commonwealth of PA
07.2019 - 06.2024
- Executed penetration tests on web applications, APIs, and network infrastructure using tools like Burp Suite, OWASP ZAP, and Nmap to detect and exploit vulnerabilities
- Crafted detailed reports with exploit, impact analysis, and recommend actionable remediation steps for stakeholders and clients
- Develop and maintain scripts for automated testing and assessment of security risks
- Actively track, report, and remediate security issues identified during testing
- Collaborated with development team to ensure security is integrated into the software development cycle (SDLC)
- Conducted threat modeling and risk assessment for new and existing products using a framework such as STRIDE & DREAD
- Evaluate the effectiveness of security controls and recommend enhancements to improve the client's security posture
- Assisted in implementing DevSecOps practices, conduct code review, cloud migration & monitor Kubernetes security maturity
- Operated and maintained application security tools such as SAST (Veracode, CheckMarx), and DAST (Burp Suite, Invicti) including tasks such as creating and maintaining user accounts, and application scan profiles
- Worked closely with the development team to review source code, triage security vulnerabilities generated by Checkmarx, Burp Suite, OWASP ZAP, and eliminate false positives
- Hand-on experience with web application vulnerabilities (SQL Injection, XSS, CSRF, Privilege escalation, etc.)
- Conducted monthly and quarterly security training and awareness sessions for stakeholders and clients' staff
- Contributed to developing and enforcing application security policies, ensuring compliance with industry regulations (OWASP Top 10, PCI-DSS, ISO 27001) and internal security standards across multi-cloud environments
- Investigated and responded to security incidents, providing detailed analysis, and implementing preventive measures
- Remained current with the latest security threats, vulnerabilities, and industry best practices
Cloud Security Engineer (DevSecOps)
Geisinger Healthcare
02.2018 - 03.2019
- Built and managed CI/CD pipelines using Jenkins, and GitHub Actions, integrating security tools like SonarQube, CheckMarx (SAST), OWASP ZAP (DAST), and Snyk (SCA) to detect and mitigate vulnerabilities
- Assisted in implementing container security best practices in Docker and Kubernetes, leveraging Aqua Trivy, and Clair for vulnerability scanning and remediation ensuring hardened deployments
- Managed and automated infrastructure security configuration and compliance (IaC) using Terraform, and Ansible
- Created and managed IAM policies, roles and permissions across multi-cloud environments, to enforce least privilege access
- Implemented and managed cloud-native security controls such as (AWS WAF, CloudWatch, CloudTrail, KMS, SSO, Azure Sentinel, Azure Policy, Defender for Endpoint), Secret management (Hashicorp Vault, Key Vault) and Prisma cloud for CSPM
- Used Jira to track issues, ticketing tools; assigned tasks, and agile methodology including Splunk for logs and incident response
Security Analyst
UMMC-Cancer Institute
03.2016 - 01.2018
- Managed network vulnerabilities using Nessus, Rapid7 InsightVM, and Qualys
- Identifying gaps in vulnerability management and enhancing the vulnerability assessment procedures
- Analyze and interpret security scan results, identify vulnerabilities, and risks, and validate reported false positives
- Generates detailed vulnerability assessment reports and metrics with recommendations to the team and senior management
- Provided insight on best security practices and ensure compliance with HIPAA, NIST, SOC 2, and OWAPS Top 10
Education
Bachelor of Applied Science & Technology -
Alcorn State University
Lorman, MSSkills
- Penetration Testing
- Application Security
- Security Tools
- Programming & Scripting
- DevSecOps Tool
- Cloud Security
- Framework & Standard
- Incident Response
Websites
Certification
- CompTIA Security +
- Azure Security Engineer Associate - Microsoft
- Certified Solution Architect Associate - AWS
- Certified Ethical Hacker (CEH) - EC Council in progress
Timeline
Application Security Engineer/Penetration Tester
Commonwealth of PA
07.2019 - 06.2024
Cloud Security Engineer (DevSecOps)
Geisinger Healthcare
02.2018 - 03.2019
Security Analyst
UMMC-Cancer Institute
03.2016 - 01.2018
- CompTIA Security +
- Azure Security Engineer Associate - Microsoft
- Certified Solution Architect Associate - AWS
- Certified Ethical Hacker (CEH) - EC Council in progress
Bachelor of Applied Science & Technology -
Alcorn State University
Similar Profiles
Yvette LeonardYvette Leonard
Caseworker at Commonwealth of PACaseworker at Commonwealth of PA
Katelyn GleixnerKatelyn Gleixner
Sales Associates at Commonwealth of PaSales Associates at Commonwealth of Pa
BRENDA E MITCHELLBRENDA E MITCHELL
Medical Assistant Program Technician at Commonwealth of paMedical Assistant Program Technician at Commonwealth of pa