Martin Yeboah
Chicago,IL
Summary
Seasoned Application Security Engineer with over 15 years of experience in penetration testing, application security, DevSecOps, cloud security, and threat modeling. Proven expertise in securing web, mobile, API, and cloud applications while integrating security into CI/CD pipelines. Strong background in LLM security testing, vulnerability management, and risk assessments. Passionate about enhancing security postures, mentoring teams, and aligning security strategies with business objectives.
Overview
11
11
years of professional experience
1
1
Certification
Work History
Snr Lead Application Security Engineer/Penetration Tester
Fannie Mae
11.2021 - Current
- Work closely with the DevSecOps team to define security requirements and scope security efforts.
- Collaborate with developers to implement secure coding practices and improve application security.
- Conduct risk assessments, threat modeling (MITRE ATT&CK, STRIDE, DREAD), and LLM security testing to evaluate AI-driven risks.
- Lead CI/CD pipeline security scanning, integrating DAST, SAST, and SCA tools for automated testing.
- Assist development teams with vulnerability mitigation and remediation strategies while providing security advisory on best practices.
- Conduct developer training sessions on secure coding, vulnerability mitigation, and security awareness.
- Contribute to the development and enhancement of the Application Security Program, ensuring robust security policies, standards, and best practices are followed across teams.
- Implement API security best practices, securing microservices using OAuth, OpenID, and API Gateway security mechanisms.
- Strengthen Zero Trust Architecture (ZTA) principles across cloud and on-prem environments.
Technical Manager, Application Security/Penetration Tester
KPMG Global Services
07.2019 - 03.2021
- Led penetration testing engagements across web applications, networks, and mobile platforms for major clients, including Visa, Meta (Facebook), Verizon, City National Bank, and Advent Health.
- Spearheaded red teaming exercises to simulate adversarial attacks and enhance security defenses.
- Developed LLM security testing frameworks to identify AI-related vulnerabilities.
- Built application security programs, aligning security controls with business goals.
- Integrated SAST, SCA, and DAST into GitLab CI/CD pipelines while conducting threat modeling using MITRE ATT&CK to map attack techniques and improve security strategies.
- Trained teams on secure coding practices, achieving a 65% reduction in common vulnerabilities.
- Engage with non-technical audiences and articulate
scoping/pricing conversations, testing processes and
techniques, as well as report read-outs.
Sr Pentration Tester/Appliation Security
Bank of the West
11.2018 - 03.2019
- Performed web and mobile penetration testing, identifying and mitigating security risks in cloud applications.
- Assisted developers with vulnerability remediation and implementing best practices.
- Led risk assessments and network security testing, ensuring compliance with security standards.
- Integrated threat modeling (STRIDE, DREAD) to proactively address security risks.
- Managed the DAST onboarding of 120 applications using WhiteHat Sentinel.
- Implemented security controls for Kubernetes clusters and cloud-native applications, reinforcing container security best practices
Vulnerability Management/Penetration Tester
AIG Insurance
07.2014 - 11.2018
- Conducted penetration testing on web applications, networks, and cloud environments to identify and remediate security vulnerabilities.
- Led vulnerability management efforts, ensuring the timely remediation of identified risks and working closely with developers to implement security patches.
- Performed risk assessments and endpoint security testing, ensuring the security of enterprise infrastructure.
- Utilized MITRE ATT&CK framework for penetration testing and security assessments, mapping threats to defensive strategies.
- Developed custom open-source security tools for vulnerability detection and attack simulation.
Education
Bachelor of Science - Computer Science
Regent University
01-2009
No Degree - Diploma Network Engineering, Microsoft Technologie
NIIT
04-2010
Skills
- Application Security: SAST, DAST, SCA, IAST, MAST, Secure Code Review, API Security, Cloud Security, Zero Trust Architecture (ZTA)
- Penetration Testing: Web, Mobile, Cloud, Thick Client, Wireless, Social Engineering
- LLM Security Testing: Identifying vulnerabilities in Large Language Models, adversarial attacks, prompt injection security
- Threat Modeling: STRIDE, DREAD, MITRE ATT&CK, Microsoft Threat Modeling Tool, IriusRisk
- Programming & Scripting: Python, PowerShell, Automation for Security Testing
- Cloud Security: AWS (EC2, S3, RDS, Lambda), Azure AD, Cloud Security Auditing, Kubernetes Security
- DevSecOps & CI/CD: GitLab, Jenkins, UCD, GitHub, Jira, Security Automation
- Risk & Compliance: CMMC, PCI DSS, HIPAA, GDPR, NIST CSF, ISO 27001
Certification
- Certified Information Systems Security Professional (CISSP)
- Certified Secure Software Lifecycle Professional (CSSLP)
- Certified Information Security Manager (CISM)
- Certified Ethical Hacker (CEH)
- Certified OffSec Web Expert (OSWE)
- GIAC Penetration Tester (GPEN)
- Certified Expert Penetration Tester (CEPT)
- CompTIA Security+
- AWS Certified Solutions Architect
- AZ-305 Azure Solutions Architect
- AZ-500 Azure security Engineer
Timeline
Snr Lead Application Security Engineer/Penetration Tester
Fannie Mae
11.2021 - Current
Technical Manager, Application Security/Penetration Tester
KPMG Global Services
07.2019 - 03.2021
Sr Pentration Tester/Appliation Security
Bank of the West
11.2018 - 03.2019
Vulnerability Management/Penetration Tester
AIG Insurance
07.2014 - 11.2018
Bachelor of Science - Computer Science
Regent University
No Degree - Diploma Network Engineering, Microsoft Technologie
NIIT
Similar Profiles
Sivananda Reddy DhoneSivananda Reddy Dhone
Product Owner at Fannie MaeProduct Owner at Fannie Mae
VENKAT CHITTEPUVENKAT CHITTEPU
Sr. Product Manager - Finance Technology at Fannie MaeSr. Product Manager - Finance Technology at Fannie Mae
Brett SmithBrett Smith
Capital Markets and Treasury CFO at Fannie MaeCapital Markets and Treasury CFO at Fannie Mae
Candace GalbraithCandace Galbraith
Operational Risk Analyst – Single-Family Operational Risk at Fannie MaeOperational Risk Analyst – Single-Family Operational Risk at Fannie Mae
Tsvetelin PenevTsvetelin Penev
Back Server at The Peninsula HotelBack Server at The Peninsula Hotel