Software Development Security Engineer
Resume:
Christelle Nader
Cedar, Park, TX +1-210-***-**** ***************@*******.*** linkedin.com/in/christelle-nader-a1a691220
APPLICATION SECURITY ENGINEER
PROFESSIONAL SUMMARY
Cybersecurity professional with 5+ years of experience in threat intelligence, vulnerability management, penetration testing, and secure software development. Proven ability to deliver impactful security strategies by leveraging automation, machine learning, and modern threat modeling frameworks. Adept at building scalable, secure solutions and coaching teams in high-stakes environments to proactively mitigate evolving cyber threats.
AREAS OF EXPERTISE
Technical Skills: Cyber Threat Intelligence Threat Modeling Diamond Model Kill Chain Threat Sharing (ISACs, MISP) Secure Coding Penetration Testing Vulnerability Management Incident Response MITRE ATT&CK STIX DevSecOps
Tools & Technologies: Python C#/C++ .NET Git React SQL Databases Maltego Recorded Future Mandiant Feedly VirusTotal Metasploit Nessus Qualys Wiz CrowdStrike Falcon Tenable Tanium Horizon3.ai
Competencies: Scrum Servant Leadership Strategic Thinking Global Collaboration Communication Excellence Change Management Growth Mindset Executive Presence People Development Cross-Cultural Awareness
PROFESSIONAL EXPERIENCE
Cyber Security Consultant Ernst & Young Austin, TX 07/2022 – 05/2025
Cyber Threat Intelligence
Designed and implemented a tailored Cyber Threat Intelligence (CTI) program based on cross-functional interviews, regulatory requirements, and cybersecurity standards, enhancing client-specific threat detection and response.
Enhanced threat intelligence capabilities by developing Priority Intelligence Requirements and producing threat reports that guided strategic mitigation investments, using tools like Recorded Future, Mandiant, Feedly, VirusTotal, Maltego, and ISACs.
Improved CTI program maturity and structure by authoring the CTI lifecycle guide, product catalog, program charter, and team interaction models, leveraging frameworks such as the Cyber Kill Chain and MITRE ATT&CK.
Utilized Python-based automation scripts to analyze threat data efficiently, improving response times and decision-making accuracy.
Delivered customized CTI training sessions to junior consultants, strengthening team knowledge and capability in threat operations.
Penetration Testing and Vulnerability Assessment
Recommended customized security measures for client firewalls after conducting thorough configuration reviews using Nmap, Zmap, and Zgrab, ensuring alignment with industry standards.
Executed passive reconnaissance and internal/external testing phases with Wireshark, Tcpdump, Nessus, and Tenable to uncover system gaps and develop strategic remediation roadmaps.
Identified and remediated vulnerabilities, ensuring compliance with security requirements through comprehensive penetration testing using Metasploit, John the Ripper, and Hashcat.
Streamlined Horizon3.ai NodeZero testing operations by developing Python and H3-CLI scripts, enhancing automation and repeatability of assessments.
Conducted assessments using Kali Linux and other specialized penetration testing OSs, aligning activities with regulatory compliance and best practices.
Application Security
Identified and remediated application vulnerabilities by leveraging SAST and DAST tools including Burp Suite, Qualys, and Fortify, strengthening software resilience.
Developed and implemented secure coding practices with tools like HashiCorp Vault and AWS Secrets Manager to ensure confidentiality and secure credential management.
Conducted in-depth software security testing—including penetration testing—to validate application compliance with organizational security policies and industry benchmarks.
Automation and Scripting
Streamlined cybersecurity processes and improved efficiency by developing automation scripts for penetration testing, threat detection, and vulnerability management using Python, PowerShell, and libraries like scikit-learn, pandas, TensorFlow, and Keras.
Used Jupyter and Anaconda to develop and deploy ML models for threat detection and prediction, enhancing proactive cybersecurity strategies.
Led internal innovation initiatives focused on scripting and automation across vulnerability management, threat intelligence, and offensive security, utilizing platforms such as Qualys, CrowdStrike Falcon, Wiz, and Tanium.
Web Development and IAM Security
Developed both front-end and back-end components for an IAM solution using React, NodeJS, SQL, and Python, ensuring secure integration and efficient access management.
Implemented security controls to prevent unauthorized access, using Python-based protections and aligning code with OWASP Top 10 and NIST guidelines.
Used Git for source control and streamlined version management across project iterations.
Delivered scalable, compliant IAM architecture designs that supported client-specific data protection requirements.
Cybersecurity Strategy and Transformation
Developed and implemented cybersecurity strategies, policies, and procedures to safeguard internal infrastructure and customer environments, strengthening overall cyber resilience.
Conducted comprehensive cybersecurity assessments, including gap analyses and roadmaps, across organizational, product, and cloud environments, enhancing preparedness and security posture.
Delivered executive-level reports and briefings with actionable insights using cyber risk quantification, improving strategic decisions at the leadership level.
Facilitated workshops for boards and senior leadership to embed product security and DevSecOps into the development lifecycle, increasing awareness and integration of secure practices.
Created and facilitated tabletop exercises to evaluate application edge-case readiness, driving improved incident response planning.
Mentored junior consultants and supported capability development through custom training on threat intelligence and security best practices.
Influenced cross-functional teams to adopt secure development practices, establishing strong collaborative relationships and fostering a culture of security.
Graduate Research Assistant Cyber Center for Security and Analytics, UTSA San Antonio, TX 09/2020 – 05/2022
Delivered NSF-funded workshop on Zeek and Internet-scale IoT analysis; published multiple peer-reviewed research articles.
Applied ML techniques using Python libraries to fingerprint and analyze IoT threats behind NAT environments.
Conducted academic research, authored seven publications, and contributed to data-driven cyber threat research initiatives.
Back-End Developer Intern Growth Technology LLC Lebanon 02/2020 – 04/2020
Built Smart Home Solar Control Panel database architecture using MS SQL Server and MongoDB.
Applied Agile methodologies to deliver modular, scalable features in Angular Dart framework.
Software Developer Intern INDEVCO Group Lebanon 06/2019 – 08/2019
Developed desktop and web applications in C#/C++ for internal command chain systems.
Created data models and performed database filtering and reporting.
EDUCATION & CERTIFICATIONS
Master of Science in Information Systems, Cyber Security University of Texas at San Antonio San Antonio, TX
Bachelor of Science in Computer Science Notre Dame University Louaize, Zouk Mosbeh, Lebanon
GIAC Penetration Tester (GPEN) GIAC Cyber Threat Intelligence (GCTI) SANS
PUBLICATIONS
A survey of methods supporting cyber situational awareness in the context of smart cities, Journal of Big Data, 2020
Revisiting IoT Fingerprinting behind a NAT, IEEE Conference, 2021
An attentive interpretable approach for identifying and quantifying malware-infected internet-scale IoT bots behind a NAT, ACM Conference, 2022
Identifying IoT Devices Behind a NAT by Using Empirical Data and Learning Methods, Doctoral Dissertation, UTSA, 2022
A Comprehensive Survey of Recent Internet Measurement Techniques for Cyber Security, Computers & Security, 2023
An Internet-Scale Data-Driven Approach for Exploring Cyber Threats Amid Global Conflicts, IEEE Internet of Things Magazine, 2024
Exploring Internet-Scale Data-Driven Intelligence: Empirical Analysis of the Russo-Ukrainian Conflict, IEEE ICC Workshops, 2024
Contact this candidate