Sign in

Computer Science Security

Shrewsbury, Pennsylvania, 17361, United States
January 18, 2017

Contact this candidate
Sponsored by:
Post Jobs to
Multiple Job Boards &
Get more Candidates
Try it Free!
Start your 30-day
Free Trial

***** ****

***** ***** **** ****

Shrewsbury, PA 17361 USA



United States Citizen*****-****/3/8bb/6a4/

SENIOR WEB DEVELOPER - 13 years experience

Expertise in:

• Security


• Third-party integration

• High-volume, high-load, high-visibility websites Relevant Work Experience

August 2009 – January 2017

Senior Software Developer at NASDAQ


Informational web site for individual investors with social networking functionality

• Modernized and enhanced the site; all development now in C#.NET 4.5+

• Maintained and expanded upon the “Social Feed Ingestor”: a service that adds news articles and commentary to; involved heavy use of XML/XSLT 2.0, Web Services, and threaded / asynchronous coding

• Built and maintained a REST-ful JSON API using ASP.NET MVC 5 to facilitate data consistency between the main website, the NASDAQ mobile website

(, and the NASDAQ Mobile Applications

• Built, maintained, and streamlined user workflows for content managers and moderators

• Built outgoing feeds to allow selected content to be shared to other sites, e.g., Yahoo! News, Google News; used WCF toolkit (for RSS output) and JSON.NET (for JSON output)

• Developed the technical implementation for a internationalized portion of the site, including localization support (dates and numbers); this portion was translated into 5 additional languages

• Implemented numerous SEO improvements to the site including URL rewriting, URL normalization, canonical URLs, and AMP optimization

• Optimized and improved database calls and functionality (MS SQL Server)

• Integration of many third-party data sources and services, including EDGAR Online, Zacks stock analysis data, TipRanks Smart Portfolio, Backplane, JanRain Engage single-sign-on

• Led a compliance effort to eliminate potential XSS and other security vulnerabilities on the site, including designing helper libraries to increase the speed of vulnerability mitigation

• Replaced charts written in FLEX to Highcharts, an HTML5-compatible charting package

• Documented much of the site, including the code, as well as writing wiki pages for uncommonly-performed procedures and troubleshooting of problems

• Assisted with Disaster Recovery (DR) planning and implementation

• Assisted with server migration from Windows 2003 to Windows 2008 / 2012

• Built and maintained a WYSIWYG entry page for individual author/contributors

• Assisted with prototyping of current Nasdaq mobile applications using Phonegap

• Enhanced and modernized password storage to provide greater protection for users

• Performed technical feasibility study of mobile alerts providers (e.g., UrbanAirship) Project: Nasdaq Web Security Framework

A shared authentication & authorization solution for secure services

• Added modern security features to the Enrollment Console, a website for external customers to obtain a X.509 security certificate for use with protected areas of other company applications.

• Added modern security features and security hardening to NWSF Data, a public-facing web site for shared files and proprietary reports.

• Developed additional procedures, logging, and alerts for auditing to aid with downstream applications' regulatory compliance.

• Performed a full analysis of the system, updating existing documentation to modern company standards; updated configuration documentation to prevent misconfiguration of secure services

• Led a compliance effort in fixing potential XSS and other security vulnerabilities

• Expanded and enhanced a REST-ful API written in Microsoft ASP.NET WebAPI 2; led effort to migrate downstream applications to this API

• Unified non-audit logging using log4net

• Refactored and consolidated older code

• Assisted with server migration from Windows 2003 to Windows 2008 / 2012 Additional Projects

• Migration of source control systems for the group to Microsoft Team Foundation Server June 2004 – August 2009

Senior Application Developer at Experient, Inc. (previously ExpoExchange, LLC)

• Built highly customized registration applications for trade shows

• Primary Developer on all Registration projects integrated with CRM product ("ACRM")

• Responsible for primary development on 12-15 shows per year, secondary development on 40-50 shows per year (as needed)

• Trained many new hires; assisted in training staff at other locations

• Generalized repeatedly requested features for reuse across clients and software versions

• Advised project managers on how best to implement client requirements

• Designated a "Subject Matter Expert" in multiple areas

• Assisted other departments in maintenance and bug reports of their utilities

• Documented uncommonly used procedures for use throughout the company

• Performed User Acceptance Testing of new releases Detail of selected Work Experience

NASDAQ: Social Feed Ingestor & WYSIWYG entry page partners with many publications, web sites, and individuals to syndicate news content and commentary on its web site. The stories are either associated to publicly traded companies

(via the stock ticker symbol) or cover a related financial topic relevant to's audience. Many partners provide RSS feeds in order to facilitate this. The Social Feed Ingestor is tasked with monitoring these RSS feeds and downloading, formatting, and tagging the syndicated content, and storing it in a CMS back-end. The WYSIWYG page is for individual contributors for whom the process of setting up an RSS feed is too burdensome. The page uses TinyMCE for HTML editing, along with the proprietary MoxieManager add-on to allow authors to upload relevant images. Both products must be able to handle the wildly varying HTML found in content, associate stock tickers even if not tagged by the contributors, allow for updates to the story, and convert the contributors' taxonomies to the categorization. As time progressed, the system gained more functionality, e.g., adding links based on detected keywords; security hardening (preventing stored XSS attacks); disallowing contributors from gaming the site's SEO for their own gain; accepting tags from newer HTML standards; additional image processing

(generating captions for, determining width and height, etc.) Experient: Registration projects integrated with CRM product ("ACRM") Experient offered an additional service known as "Attendee CRM" which enables clients to build relationships with their customers (attendees to their events). I was responsible for extending Experient's registration products in order to integrate them.

• Extended and adapted Registration procedures to better load/save CRM records

• Documented and refined the client's complex business rules, producing documentation from existing undocumented implementation and suggesting improvements.

• Increased reliability of the interface code and extended functionality across all events

• Encouraged team-mates and co-workers to add to documentation and adhere to procedures

• Outstanding successes on events allowed for progression of business instead of damage control ("best show in five years")


Master of Science, Computer Science

Johns Hopkins University, May 2014

Bachelor of Science, Computer Science

Penn State University, August 2003

Other Skills and Interests

10 years experience with GNU/Linux (Ubuntu, Debian) Free Software Foundation Member since 2005

Junior-level Linux admin & development experience

Growing experience with Python, PHP, MySQL, Java, Ruby Experience with OWASP Top 10

Experience building and troubleshooting computer systems

Contact this candidate