DEBORAH QUAYE
Springfield
Summary
Seasoned Application Security Engineer with 5 years of experience securing enterprise applications, APIs, and cloud-native systems. Skilled in integrating security within the SDLC and collaborating with engineering teams to deliver secure software. Expertise in SAST, SCA, DAST, IaC, and container security testing, with a focus on secure code reviews, API security, and vulnerability management, particularly in AWS, Azure, and Kubernetes environments.
Overview
7
7
years of professional experience
1
1
Certification
Work History
APPLICATION SECURITY ENGINEER
IBM
Chicago
07.2023 - 02.2026
- Integrated and managed SAST, SCA, DAST, and container and tools in Azure DevOps CI/CD pipelines to automate security testing and enforce security gates.
- Managed vulnerability remediation for application findings by prioritizing risk, defining plans, tracking progress, and validating fixes to enhance overall security posture.
- Guided development teams to remediate SAST/DAST vulnerability findings, improving resolution time by 80%.
- Conducted threat modeling sessions for new features and services, producing clear security requirements and design recommendations.
- Performed adversarial testing on LLM-enabled applications using automated and manual techniques to identify prompt injection, jailbreak, and data exposure risks.
- Implemented GitHub Advanced Security for secrets detection and code scanning, enforcing workflows to strengthen code security.
- Partnered with AI/ML engineering teams to implement guardrails and security controls (input/output validation, access controls and monitoring) across all AI workflows aligning with NIST AI RMF.
- Hardened azure platform and posture management and using Entra ID, Defender for Cloud, Azure Policy, Purview and IaC (Terraform/Bicep).
- Developed automated AppSec dashboards and KPIs to track MTTR, SLA adherence, and risk trends, offering stakeholders and engineers visibility into security status.
- Supported software supply-chain governance using Sonatype IQ and helped teams adopt SBOM-driven compliance practices.
SECURITY ENGINEER (APPSEC & PEN TEST)
Visa
San Francisco
09.2021 - 06.2023
- Perform manual penetration tests on web/mobile applications using Burp Suite to identify and exploit OWASP Top 10 vulnerabilities (SQLi, XSS, CSRF, IDOR/BOLA).
- Implemented and maintained a Dynamic Application Security Testing (DAST) using Acunetix, improving runtime visibility across 20+ web and mobile applications.
- Embedded automated SAST, SCA and IaC scanning tools into CI/CD pipeline and optimized scan configurations to reduce false positives.
- Onboarded 100+ developers to Checkmarx ONE, supported IDE integrations, and guided SAST vulnerability remediation, enhancing secure coding practices across the organization.
- Collaborated with engineering team to triage and prioritize findings from SAST, DAST, SCA, and container scanning tools, driving remediation efforts to ensure timely closure within SLAs.
- Correlates vulnerability data with Splunk security logs to identify high-risk patterns.
- Contributed bug bounty program by validating researcher findings and coordinating responsible disclosure fixes.
- Presented detailed security reports and remediation guidance to engineering teams and executive leadership, facilitating informed decision-making and prioritization of security initiatives.
- Authored onboarding playbooks that accelerated security tool adoption and reduced implementation friction for developers.
- Participated in incident response activities such as initial triage, containment steps, and documentation of security events.
SOFTWARE ENGINEER (SECURITY)
Geisinger Healthcare
Danville
10.2018 - 08.2021
- Automated SAST and dependency scanning in Jenkins pipelines, enabling earlier detection of security issues in the SDLC.
- Hardened AWS application deployments by tuning IAM roles, encryption policies, and secret rotation, reducing infrastructure misconfigurations by 75%.
- Performed API security testing for vendor integrations and exposed services.
- Configured and maintained Nessus and Qualys for automated, continuous vulnerability discovery.
- Developed Python, JavaScript, and PowerShell scripts to automate configuration validation and enhance secure deployment workflows.
- Participated in code reviews to identify logic flaws and ensure adherence to secure coding standards.
- Collaborated with dev and infra teams to prioritize remediation by business impact.
- Worked with dev and infra teams to prioritize remediation by business impact.
- Contributed to the development of web and API applications, focusing on performance, reliability, and implementing defensive security controls.
- Engineered automated Jira workflows to ingest vulnerability data, streamlining remediation cycles and maintaining SLA compliance.
Education
Bachelor of Science - Applied Science & Technology
Alcorn State University
Lorman, MS05-2015
Skills
- Remediation verification
- Vulnerability assessment
- Application hardening
- Security compliance
- Incident response
- Code quality assurance
- DAST implementation
- Threat modeling
- SAST management
- Risk prioritization
- Agile methodology
Certification
- CISSP
- CSSLP
- CEH
- AWS SAA
- AZ-500
- Security+
Timeline
APPLICATION SECURITY ENGINEER
IBM
07.2023 - 02.2026
SECURITY ENGINEER (APPSEC & PEN TEST)
Visa
09.2021 - 06.2023
SOFTWARE ENGINEER (SECURITY)
Geisinger Healthcare
10.2018 - 08.2021
Bachelor of Science - Applied Science & Technology
Alcorn State University