Joe McLaughlin
Denver
Summary
Security engineer with 7 years of experience in information security. Led hundreds of penetration tests and manual audits of web and mobile applications across diverse industries. Skilled at quickly learning new technologies and programming languages, researching their security implications, and identifying vulnerabilities within them.
Overview
10
10
years of professional experience
Work History
Senior Security Engineer
Bank of America
12.2023 - Current
- Technical Lead for Bank of America’s Threat Modeling workstream, overseeing a team of 20+ security engineers conducting threat assessments for new applications and major application changes.
- Lead and execute code-assisted and non-code-assisted penetration tests of web and mobile applications, leveraging proprietary and open-source tools.
- Identify and validate critical web and mobile application vulnerabilities, including remote code execution, SQL injection, IDORs, and complex business logic flaws.
- Deliver detailed technical reports to engineers, developers, and application leads, clearly communicating findings, risk severity, and recommended remediation actions.
- Lead a large-scale refresh of the internal vulnerability database to improve accuracy, consistency, and data quality.
Manager, Senior Security Consultant
NCC Group
09.2021 - 12.2023
- Managed and mentored a team of four consultants, supporting day-to-day operations, testing efforts, professional development, and engagement execution.
- Led and collaborated on penetration testing engagements for client web and mobile applications using Burp Suite Pro, manual testing techniques, and automated tools to uncover high-impact vulnerabilities such as SQL injection, XSS, authentication/authorization flaws, information disclosure, and complex edge-case issues.
- Developed in-depth threat models and security configuration review reports by assessing client infrastructure through documentation reviews and interviews with engineering teams.
- Produced high-quality written deliverables and presented findings to client security teams and engineers, including proof-of-concepts, demonstrated impact, and clear remediation guidance.
Senior Security Consultant
Deloitte
01.2020 - 09.2021
- Deliver web, mobile, thick, and thin engagements of client applications and work with client security teams and engineers to remediate issues.
- Deliver internal and external network security engagements using a variety of custom and public tools to assess client infrastructure.
- Built Web, API, and iOS documentation and testing methodologies for other consultants to utilize on engagements.
- Assisted junior consultants in testing barriers that would come from difficult engagements and mentor them in best practices.
Senior Security Consultant
Booz Allen Hamilton
09.2018 - 01.2020
- Assist clients in digital forensic and incident response investigations to identify root cause of breach or attack.
- Reverse engineer malware to log and identify common techniques and procedures used to evade anti virus software and EDR.
- Work closely with commercial clients immediately after compromise of network to remove threat actors and attack path, loss of data and potential exposure.
- Provide clients with 'table top' exercises to assist in quickly mitigating future attacks as well as assisted in building run-books for clients to use.
Security Analyst
Morningstar, Inc.
06.2016 - 09.2018
- Investigated security threats to Morningstar’s network and external infrastructure working with other analysts acting as our Security Operations Center.
- Performed log analysis and SIEM monitoring of events fired on servers or employee workstations.
- Conducted and built phishing assessments on employees to test security awareness.
- Acted as a security champion for engineering teams, understanding their product and assist them in best security practices.
Education
Bachelor of Arts - Informatics
University of Iowa
Iowa City, Iowa05.2016
Skills
- Python - Experienced
- JavaScript - Experienced
- Java - Skillful
- GoLang - Skillful
Timeline
Senior Security Engineer
Bank of America
12.2023 - Current
Manager, Senior Security Consultant
NCC Group
09.2021 - 12.2023
Senior Security Consultant
Deloitte
01.2020 - 09.2021
Senior Security Consultant
Booz Allen Hamilton
09.2018 - 01.2020
Security Analyst
Morningstar, Inc.
06.2016 - 09.2018
Bachelor of Arts - Informatics
University of Iowa