Summary
Overview
Work History
Education
Skills
Websites
Certification
Related Experience
Work Availability
Software
Interests
Languages
Quote
Timeline
0a
Robert M 🪴

Robert M 🪴

Senior Product Security Engineer
North Carolina

Summary

Senior product security professional. Skilled in automation. Background working in small business and enterprise environments. Experienced Linux user (Gentoo, Arch, Debian, Alpine). Deep experience with Docker containers, Python, and shell scripting. Experience with Java8, Ant, Javascript, InfluxDB, Grafana, Telegraf, Jenkins, Azure Devops, Gitlab, Terraform, Pulumi, Packer, and AWS. Experience with threat modeling (Rapid Threat Model Prototype) and manual code reviews.

Overview

18
18
years of professional experience
10
10
Certification

Work History

Senior Product Security Engineer

Anywhere Real Estate
Madison, NJ
03.2024 - Current
  • Design and execute product security roadmap comprised of multiple projects of various complexity in AWS [lambda, sqs, dynamodb, ecr, ecs fargate] and Azure using python3 and docker
  • Architect, design, implement turnkey product security product integrations for Fortune 1000 development org (Quick Service Test Q1 ‘25, Arch v2 [Event Driven Architecture] Phase 3 Q2 ‘25)
  • Onboard new fully automated SAST/IAC tooling: Semgrep, Veracode (org fully licensed)
  • Lead, mentor, manage and assign day to day tasks to two team members (analyst and engineer)
  • Within scope and bandwidth, engage with teams on flaw findings, architecture reviews, threat modeling, manual code reviews and mitigation strategies
  • R&D Semgrep AI Generated scanning packs with Mistral AI flaws enrichment and reporting outputs
  • Rebrand: Realogy to Anywhere [June 2022].

Product Security Engineer

Anywhere Real Estate
Madison, NJ
08.2021 - 02.2024
  • Code contributing member of a Product Security Team creating, supporting, maintaining a next-gen automated security capability and assist development and engineering teams to deliver quickly and securely. Sole product security engineer until July 2023 supporting 400 developers.
  • Created, implemented, and designed (multiple areas) automated application security toolsets with specialized reporting (Confluence) comprised of proprietary and opensource SAST and SCA tooling serving 400 developers (100 FTE, 300 outsourced), 100 product teams, 4000+ repositories for fortune 1000.
  • Designed and coded False Positive/Mitigation feature that works across proprietary and currently implemented open source security tools while maintaining audit trail.
  • Designed and created docker images to allow security tooling to work in any pipeline and with different language stacks and versions.
  • Implemented/coded new SAST/SCA/IaC tool wrappers with custom reporting via Veracode Pipeline, OWASP Dependency Checker, Bandit, Gosec, Cloud Optix/Checkov [both deprecated] into product security containers.
  • Created and drove policies for development, releases, PR’s, build pipelines, and general project direction as lead engineer for product security code and containers.
  • Designed, led, and implemented creation of full automation engine to automatically onboard 1400+ repos eliminating months of manual onboarding (2023).
  • Designed, created and coded first iteration of Code Groundhog: an inventory data collection system designed to combat code sprawl across multiple corporate entities. Grabs various metadatas and pushes graphical data to confluence using pandas and plotly.
  • Worked in limited capacity with teams in application security capacity on flaw findings, remediation, and mitigation strategies, limited threat modeling using Rapid Threat Modeling Protocol.
  • Improved unit testing coverage to 95% of all written code and improved QA testing.
  • Provide leadership and mentoring for associate and engineer on the team.
  • Rebrand: Realogy to Anywhere [June 2022].

DevSecOps Engineer

M.H. Corbin
Raleigh, NC
03.2021 - 08.2021
  • Title adjustment from QA Engineer.
  • Set up and piloted Wazuh SIEM.
  • Provided application security for various applications, including flagship and greenfield projects.

QA Engineer

M.H. Corbin
Raleigh, NC
09.2019 - 03.2021
  • Supported the development of new products in the Intelligent Transportation Systems, Traffic Management, and Connected Vehicle marketplace including applications developed on IoT devices/cloud-hosted systems.
  • Key point of contact for cybersecurity compliance in projects requiring security documentation and review. Additionally, lead contact for multiple pilot projects across the United States.
  • Researched and implemented security measures for CVE violations found in testing.
  • Tested & Peer Reviewed WorkZone Application (Typescript/React) via manual testing and Burpsuite.
  • Setup from scratch Jenkins for CI/CD with separate build node and SonarQube for SAST.
  • Setup and implemented Grafana, InfluxDB, and Telegraf for multiple connected vehicle monitoring.
  • Converted company Subversion repo’s to Git/Github to improve global collaboration with other engineers and save money on internal server support costs without loss of commit history.
  • Primary support for DriveOhio US33 project involving connected vehicle testing from Roadside Units using SAE J2735, US DOT 4.1 spec, GNSS and Aerolink for encryption and cert processing.
  • Technical Documentation: Manual, Guides, Wiki Creation (Word, Teams, Madcap Flare).
  • Python3 including test simulations for complex Ohio I90 corridor project (lead development engineer), ‘multi-thread’ [python] imaging application for manufacturing.
  • Java Apprentice upgrading licensing, Utils, and UI improvements. Added to or wrote Junit tests.
  • Docker Containers with NGINX (customized for use in non-traditional IoT application uses (RS232/GPIO/RS423, tcpdump for tracing TIM/MAP/SPAT/RTCM) including customized builds for the companies first containerized software (amd64 and arm64).
  • Kubernetes POC (for use in non-traditional application use in US33 project, POC was rejected).
  • Linux (Gentoo, Alpine, Debian, Ubuntu, Kali) knowledge (creating services for software) and shell scripting provided simple ways to update/upgrade/manage multi environments that were immature or limited due to the nature of the IoT and/or edge computing devices.
  • Manual and some automated testing of Connect:ITS software, equipment, containers, scripts, code.
  • AWS apprentice managing two EC2 instances for Metiri product and GPS software (nTrip Caster).

IT Analyst I

Wake Technical Community College
Raleigh, NC
07.2016 - 08.2019
  • Investigated and resolved malware tickets using MBAM, Sophos, ClamAV, Sysinternals, and CCleaner.
  • Performed software packaging for PC/Mac (scripting and loading into Kace), setup and deployment of license servers; work with Docker for Desktop (Adapt Learning College Bench Mark Project).
  • Created and developed processes to be used internally by desktop/helpdesk support.
  • Highlights of Accomplishments: Created a custom Gentoo server for (LAMP) web-based data collection programs internally.
  • Provided previously unoffered forensic data recovery for clients.
  • Constructed Self Extracting Executables (PowerShell 5 scripts) for team members.
  • Provided interim management services for staff including an achievements program.

Operations Manager and Web Developer

Stepp Services Inc.
Raleigh, NC
06.2008 - 07.2016
  • Created and maintained company mobile responsive website: html5, css3, php5, mysql (self taught).
  • Developed custom PHP coded e-commerce site within a three-week deadline to obtain client.
  • Managed seven direct reports and provided IT services, marketing, sales.
  • Promoted from Associate to Operations Manager in August 2012.

Education

Bachelor of Science - Cybersecurity and Information Assurance

Western Governors University
02.2019

Skills

  • Security Engineering
  • Product Security
  • SAST
  • SCA
  • IAC
  • Security Tooling
  • Veracode
  • Bandit
  • Gosec
  • Semgrep OSS
  • Azure Devops
  • AWS Code Build
  • Gitlab Runners
  • Jenkins
  • Grafana
  • Confluence
  • Java
  • Scala
  • Typescript
  • Python
  • AWS
  • ECR
  • ECS Fargate
  • Lambda
  • Eventbridge
  • IAM
  • SQS
  • Transfer Families
  • Python3
  • Bash
  • Javascript
  • PHP
  • Burpsuite
  • Postman
  • OOP
  • Design patterns
  • TUI
  • CLI
  • Rest api
  • Flask
  • Unittesting
  • Boto3
  • Docker
  • Terraform
  • Pulumi
  • Packer
  • QA
  • Fuzzing
  • Zap
  • Selenium

Websites

Certification

  • SANS GIAC Cloud Security Architecture and Design (GCAD), 2025-12-01, 2029-12-01
  • SANS GIAC Web Application Defender (GWEB), 2024-10-01, 2028-10-01
  • SANS GIAC Cloud Security Automation (GCSA), 2022-07-01, 2026-07-01
  • ISC2 Systems Security Certified Practitioner (SSCP), 2019-01-01, Present
  • ISC2 Certified Cloud Security Professional (CCSP), 2019-04-01, Present
  • Axelos ITIL Foundations, 2018-04-01, Present
  • CompTIA Security+, 2017-12-01, Present
  • CompTIA Project+, 2018-06-01, Present

Related Experience

  • Senior Product Security Engineer, Anywhere Real Estate, Madison, NJ, True, 2024-03-01, Present, Rebrand: Realogy to Anywhere [2022-06-01]. Title Promotion: Engineer to Sr. Engineer [2024-03-01]., Design and execute product security roadmap comprised of multiple projects of various complexity in AWS [lambda, sqs, dynamodb, ecr, ecs fargate] and Azure using python3 and docker, Architect, design, implement turnkey product security product integrations for Fortune 1000 development org (Quick Service Test Q1 ‘25, Arch v2 [Event Driven Architecture] Phase 3 Q2 ‘25), Onboard new fully automated SAST/IAC tooling: Semgrep, Veracode (org fully licensed), Lead, mentor, manage and assign day to day tasks to two team members (analyst and engineer), Within scope and bandwidth, engage with teams on flaw findings, architecture reviews, threat modeling, manual code reviews and mitigation strategies, R&D Semgrep AI Generated scanning packs with Mistral AI flaws enrichment and reporting outputs
  • Product Security Engineer, Anywhere Real Estate, Madison, NJ, True, 2021-08-01, 2024-02-01, Rebrand: Realogy to Anywhere [2022-06-01]. Title realignment: Analyst to Engineer [2022-06-01]. Code contributing member of a Product Security Team creating, supporting, maintaining a next-gen automated security capability and assist development and engineering teams to deliver quickly and securely. Sole product security engineer until July 2023 supporting 400 developers., Created, implemented, and designed (multiple areas) automated application security toolsets with specialized reporting (Confluence) comprised of proprietary and opensource SAST and SCA tooling serving 400 developers (100 FTE, 300 outsourced), 100 product teams, 4000+ repositories for fortune 1000., Designed and coded False Positive/Mitigation feature that works across proprietary and currently implemented open source security tools while maintaining audit trail, Designed and created docker images to allow security tooling to work in any pipeline and with different language stacks and versions, Implemented/coded new SAST/SCA/IaC tool wrappers with custom reporting via Veracode Pipeline, OWASP Dependency Checker, Bandit, Gosec, Cloud Optix/Checkov [both deprecated] into product security containers, Created and drove policies for development, releases, PR’s, build pipelines, and general project direction as lead engineer for product security code and containers, Designed, led, and implemented creation of full automation engine to automatically onboard 1400+ repos eliminating months of manual onboarding (2023), Designed, created and coded first iteration of Code Groundhog: an inventory data collection system designed to combat code sprawl across multiple corporate entities. Grabs various metadatas and pushes graphical data to confluence using pandas and plotly, Worked in limited capacity with teams in application security capacity on flaw findings, remediation, and mitigation strategies, limited threat modeling using Rapid Threat Modeling Protocol, Improved unit testing coverage to 95% of all written code and improved QA testing, Provide leadership and mentoring for associate and engineer on the team
  • DevSecOps Engineer, M.H. Corbin, Raleigh, NC, 2021-03-01, 2021-08-01, Title adjustment from QA Engineer, Set up and piloted Wazuh SIEM, Provided application security for various applications, including flagship and greenfield projects
  • QA Engineer, M.H. Corbin, Raleigh, NC, 2019-09-01, 2021-03-01, Supported the development of new products in the Intelligent Transportation Systems, Traffic Management, and Connected Vehicle marketplace including applications developed on IoT devices/cloud-hosted systems., Key point of contact for cybersecurity compliance in projects requiring security documentation and review. Additionally, lead contact for multiple pilot projects across the United States, Researched and implemented security measures for CVE violations found in testing, Tested & Peer Reviewed WorkZone Application (Typescript/React) via manual testing and Burpsuite, Setup from scratch Jenkins for CI/CD with separate build node and SonarQube for SAST, Setup and implemented Grafana, InfluxDB, and Telegraf for multiple connected vehicle monitoring, Converted company Subversion repo’s to Git/Github to improve global collaboration with other engineers and save money on internal server support costs without loss of commit history, Primary support for DriveOhio US33 project involving connected vehicle testing from Roadside Units using SAE J2735, US DOT 4.1 spec, GNSS and Aerolink for encryption and cert processing, Technical Documentation: Manual, Guides, Wiki Creation (Word, Teams, Madcap Flare), Python3 including test simulations for complex Ohio I90 corridor project (lead development engineer), ‘multi-thread’ [python] imaging application for manufacturing, Java Apprentice upgrading licensing, Utils, and UI improvements. Added to or wrote Junit tests, Docker Containers with NGINX (customized for use in non-traditional IoT application uses (RS232/GPIO/RS423, tcpdump for tracing TIM/MAP/SPAT/RTCM) including customized builds for the companies first containerized software (amd64 and arm64), Kubernetes POC (for use in non-traditional application use in US33 project, POC was rejected), Linux (Gentoo, Alpine, Debian, Ubuntu, Kali) knowledge (creating services for software) and shell scripting provided simple ways to update/upgrade/manage multi environments that were immature or limited due to the nature of the IoT and/or edge computing devices, Manual and some automated testing of Connect:ITS software, equipment, containers, scripts, code, AWS apprentice managing two EC2 instances for Metiri product and GPS software (nTrip Caster)
  • IT Analyst I, Wake Technical Community College, Raleigh, NC, 2016-07-01, 2019-08-01, Investigated and resolved malware tickets using MBAM, Sophos, ClamAV, Sysinternals, and CCleaner, Performed software packaging for PC/Mac (scripting and loading into Kace), setup and deployment of license servers; work with Docker for Desktop (Adapt Learning College Bench Mark Project), Created and developed processes to be used internally by desktop/helpdesk support, Highlights of Accomplishments:, Created a custom Gentoo server for (LAMP) web-based data collection programs internally, Provided previously unoffered forensic data recovery for clients., Constructed Self Extracting Executables (PowerShell 5 scripts) for team members, Provided interim management services for staff including an achievements program
  • Operations Manager and Web Developer, Stepp Services Inc., Raleigh, NC, 2008-06-01, 2016-07-01, Created and maintained company mobile responsive website: html5, css3, php5, mysql (self taught), Developed custom PHP coded e-commerce site within a three-week deadline to obtain client, Managed seven direct reports and provided IT services, marketing, sales, Promoted from Associate to Operations Manager in August 2012

Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Software

Python

Interests

Kayaking

Writing

Bass fishing

Guitar

Motorcycling

Languages

English
Native or Bilingual

Quote

🪴 Observing as my roots crack your system 🪴
Robert M

Timeline

Senior Product Security Engineer

Anywhere Real Estate
03.2024 - Current

Product Security Engineer

Anywhere Real Estate
08.2021 - 02.2024

DevSecOps Engineer

M.H. Corbin
03.2021 - 08.2021

QA Engineer

M.H. Corbin
09.2019 - 03.2021

IT Analyst I

Wake Technical Community College
07.2016 - 08.2019

Operations Manager and Web Developer

Stepp Services Inc.
06.2008 - 07.2016

Bachelor of Science - Cybersecurity and Information Assurance

Western Governors University

Similar Profiles

CREATE PROFILE
Robert M 🪴Senior Product Security Engineer
Profile created at MyPerfectResume.com