Profiles search

Chuck Nelson

Application Security Architect | SAST | DAST | API Security | SCA | DevSecOps
Denver, CO, United States

Details

Education: BS

Systems Analysis

California State University, Northridge
Experience: * Promoted secure software development lifecycle practices thru the CI/CD pipeline toolchains by incorporating SAST/DAST and Open Source scanning solutions

* Stood up a 'Security Champions' Program that embedded security knowledgeable resources in development teams that applied CWE, CVSS and OWASP recommendations

* Participated in oversight of the secure software development lifecycle vulnerability management workflow which included tracking remediation results and reporting SSDLC metrics to management

2021 : Present

Zions Bancorporation

CyberSecurity Architect

* Implement technology tooling and processes to support information security initiatives like threat analysis, risk management, mitigation techniques and vulnerability assessments

* Partner with product managers, devops, developer teams and corporate security governance to ensure compliance with multiple frameworks like Sarbanes Oxley and PCI DSS Security Standards

* Collaborate with cloud infrastructure and application development teams to advance their ability to take ownership of secure software development lifecycle techniques following OWASP 'Top Ten'/CIS benchmarks for CI/CD pipeline construction, configuration hardening, etc

2019 : 2021

Frontdoor, Inc.

Senior Security Engineer

• Performed security architecture design reviews to ensure confidentiality, integrity and availability requirements are met for both on-premise and Oracle Cloud Infrastructure migrations

• Worked with internal customer teams to help prioritize and validate urgent mitigation of identified tech stack vulnerabilities and security enhancement requests.

• Authored security standards for internal customer cloud migrations, Java EE containers, source code depot servers, encryption et.al.

2016 : 2019

Oracle

IT Senior Principal Security Analyst/Architect

• Conducted security assessment reviews using network/web app vulnerability scanner findings and configuration hardening best practices (CIS Benchmarks)

• Handled first line security responder escalations of cyber threats using network and host-based indicators of compromise

• Performed security vendor evaluations for web application testing, database firewalls and advanced malware detection engines.

• Assisted third party and internal IT audit compliance initiatives for regulatory environments (PCI, HIPAA)

2009 : 2015

Oracle

IT Senior Security Lead
Company: Zions Bancorporation
Years of Experience: 15
Spoken Language: English

Skills

API Testing, Application Security Assessments, Architecture, Business Analysis, CISSP, Cloud Computing, Compliance PCI, Cybersecurity, dast, Databases, Data Center, Disaster Recovery, Enterprise Architecture, Enterprise Software, Firewalls, HIPAA, Incident Response, Information Security, Integration, Java Enterprise Edition, NIST, Penetration Testing, Risk Assessment, sast, SCA, Security, Security Audits, Security Incident Response, Security Information and Event Management (SIEM), Security Operations, SOA, Solution Architecture, Threat & Vulnerability Management, Unix, Virtualization, Vulnerability Management, WebLogic

About

Dynamic detailed-oriented Cyber Security architect. Strongly passionate in all fields including: Vulnerability Analysis, Threat Modeling, AppSec, Incident Response, coordinating improvements to security architecture policies and procedures.



(I work for Zions where the views/articles/etc expressed on LinkedIn are my own and do not necessarily reflect the views of my employer)