Application Security Engineer with 4+ Years Experience
Resume:
Iddrisu Bachokun Abdul Razak
+1-312-***-**** *******************@*****.*** Providence, RI
PROFESSIONAL SUMMARY
Highly motivated Application Security Engineer with over 4 years of hands-on experience securing applications across cloud environment. Skilled in secure SDLC implementation, vulnerability management, and threat modelling to identify and mitigate software risks. Proven success collaborating with development and DevOps teams to embed security into CI/CD pipelines and reduce vulnerabilities across enterprise systems. Strong technical expertise in OWASP Top 10, code review, penetration testing, and DevSecOps automation. Passionate about delivering secure, resilient, and compliant software systems aligned with NIST 800-53 and ISO 27001 standards. CORE COMPETENCIES
Application Security Secure SDLC Threat Modeling Code Review Penetration Testing Vulnerability Assessment DevSecOps Cloud Security (AWS, Azure) Security Architecture Static & Dynamic Analysis Incident Response Risk Assessment Compliance (OWASP, NIST, ISO 27001) Scripting (Python, Bash) SIEM (Splunk, Zscaler) Container Security (Docker)
PROFESSIONAL EXPERIENCE
Simvic IT Consulting LLC – Providence, Rhode Island Feb 2022 – Present Security application engineer
• Conducted static and dynamic application security testing (SAST/DAST) using OWASP ZAP, Burp Suite, and Tenable Nessus.
• Performed threat modeling, risk assessments, and secure code reviews during the SDLC to ensure early vulnerability detection.
• Designed and deployed Splunk SIEM dashboards to monitor application logs and detect anomalies in real time.
• Supported incident response and root cause analysis, remediating critical vulnerabilities within defined SLA targets.
• Conducted API and microservices security assessments in alignment with OWASP Top 10 and industry best practices.
• Automated vulnerability reporting using Python scripts, reducing manual workload by 25%.
• Authored and maintained application security policies, standards, and procedures to support compliance and audits.
• Delivered developer training sessions on secure coding, authentication, and input validation best practices. JRC Global Limited – Asawase, Ghana
IT Support & Security Technician Aug 2019 – Jul 2021 Application Security Engineer
• Performed vulnerability scanning and patch management to maintain secure IT infrastructure across 100+ endpoints.
• Managed Active Directory and access controls, enforcing least privilege principles.
• Supported incident response and network investigations using Wireshark and Nmap.
• Configured VPN, firewall, and IDS/IPS systems, securing remote connectivity.
• Established IT security policies and standard operating procedures.
• Monitored network performance and implemented remediation measures to prevent downtime.
• Supported compliance audits by maintaining documentation of system configurations and controls.
• Led IT security awareness and phishing simulation programs, improving awareness by 25%.
• Implemented data backup and recovery procedures, achieving 99.9% backup success rate.
• Provided application and system support with 98% SLA adherence on service requests. EDUCATION
• Bachelor of Science in Physics
Kwame Nkrumah University of Science and Technology, Kumasi, Ghana
• Relevant Coursework: Secure Application Development, Network Security, Cryptography, Penetration Testing, Software Engineering
CERTIFICATIONS
• Machine Learning with Python (Udemy)
• SQL for Data Science (Udemy)
• Microsoft Excel for Data Analysis
• Certified Ethical Hacker (CEH) – in progress
• OWASP Top 10 Certificate – in progress
PROJECTS
• Secure Chat Application (Python, Flask): Developed an end-to-end encrypted chat app with AES encryption and secure session management. Conducted scans using Bandit and OWASP ZAP.
• Vulnerability Assessment Lab: Built a sandbox lab to simulate XSS, SQLi, and CSRF vulnerabilities, and documented remediation strategies.
TECHNICAL SKILLS
• Security Tools: Burp Suite, OWASP ZAP, Nikto, Nessus, Nmap, Hydra, Wireshark, Splunk, Tenable
• DevSecOps Tools: Git, GitHub, Jenkins, Docker
• Operating Systems: Windows, Linux, Metasploit, Android
• Concepts: Secure SDLC, Threat Modeling, Code Review, Incident Response, Intrusion Analysis
Contact this candidate