Anthony Nimfa

Experience

• 

  Prerogative commercial venture

  Apr 2013 - Jun 2013

  Information Technology Help Desk

  Identified and solved technical issues using various diagnostics tools and tactics.Managed customers’ expectations of support and technology functions to provide a user experience.

• 

  Nimet

  Feb 2016 - Sept 2016

  Application Security Engineer

  Conducted manual code reviews and SAST and DAST scans against applications and reported findings to theengineering team.• Performed penetration testing and vulnerability assessments to identify weaknesses.• Conducted vulnerability assessments and manual code reviews against web and mobile.• Worked closely with development teams to address security concerns during the design phase of projects.• Performed malware analysis and reverse engineering to uncover attack payloads, tactics, techniques, andprocedures. Show less

• 

  Federal Aiport Authority of Nigeria

  Apr 2018 - Mar 2019

  Junior Application Security Engineer

  • Conducted end-to-end security reviews for different applications and took part in bug bounty sessions• Assisted in developing, testing, and implementing security strategies, tools, and controls to mitigate risks.• Performed malware analysis and reverse engineering to uncover attack payloads, tactics, techniques, andprocedures.• Worked closely with development teams to address security concerns during the design phase of projects.• Conducted manual code reviews and SAST and DAST scans against applications and reported findings tomanagement.• Performed penetration testing and vulnerability assessments to identify weaknesses.• Worked closely with development teams to address security concerns during the design phase of projects. Show less

• 

  Mr JayAutos

  Aug 2022 - Jun 2023

  Application Security Engineer

  • Collaborated with cross-functional teams to investigate and remediate security incidents.• Perform architecture reviews and threat modeling using STRIDE methodology to identify threats.• Conducted manual code reviews and SAST and DAST scans against applications and provided mitigations to theengineering team.• Conducted thorough vulnerability assessments, manual code reviews, and penetration testing aligned withOWASP Top 10 and SANS Top 25, identifying and mitigating vulnerabilities in web, web services, and mobileapplication technologies.• Conducted end-to-end security reviews for different applications and took part in bug bounty sessions• Assisted in developing, testing, and implementing security strategies, tools, and controls to mitigate risks.• Executed penetration testing and vulnerability assessments to identify weaknesses and provide actionablerecommendations for remediation Show less

• 

  TCW

  Sept 2023 - Feb 2024

  Senior Application Security Engineer

  • Performed threat modeling using STRIDE methodology to identify and mitigate threats.• Conducted manual code reviews, SAST and DAST scans against applications and provided mitigations toengineering teams.• Reviewed the architecture of software applications and their integration with both on-premises and cloudinfrastructures.• Conducted vulnerability assessments and manual code reviews for web and mobile applications, identifyingOWASP Top 10 risks, DoD-inspired flaws, and business logic vulnerabilities.• Executed penetration testing and vulnerability assessments to identify weaknesses and provide actionablerecommendations for remediation.• Performed malware analysis and reverse engineering to uncover attack payloads, tactics, techniques, andprocedures.• Worked closely with development teams to address security concerns during the design phase of projects. Show less

• 

  Ventura Foods

  Feb 2024 - May 2024

  Senior Application Security Engineer

  Conducted end-to-end security assessments on both the legacy of emerging and future web applications.Conducted architecture review of software applications and their intersections with both on-prem and cloudinfrastructure.● Built both offensive and defensive security tools to detect, engage, and destroy advanced persistent threatsfrom rogue states and cross organizations.● Conducted vulnerability assessments, manual code reviews against web and mobile. I tested for OWASP top10, DOD -inspired flaws, and business logic-specific security flaws.● Conducted threat modeling and architecture reviews to identify vulnerabilities and risks in application design.● Performed manual web application testing using Burp Suite Pro and custom scripts tailored to specificsecurity tasks.● Performed malware analysis and reverse engineering of attack payload, tactics, and procedures.● Designed secure and scalable architectures for critical applications, embedding security at the beginning ofthe software development lifecycle (SDLC).● Performed vulnerability assessments, threat analysis, and penetration tests, including manual and automatedcode reviews, to identify and mitigate application risks. Show less

• 

  Confidential

  Mar 2024 - Aug 2024

  PCI DSS consultant

  •Collaborates with cross-functional teams to ensure compliance with PCI DSS standards and adherence to best practices.•Assists in conducting thorough risk assessments and gap analyses to identify areas of non-compliance with PCI DSS requirements.•Conducts research and analysis on emerging trends and updates in GRC regulations, contributing to the development of informed strategies and recommendations.•Contributes to the development and implementation of corrective action plans to remediate PCI DSS violations and enhance security controls.•Provides ongoing support and guidance to clients on maintaining PCI DSS compliance, addressing emerging security threats, and optimizing security controls. Show less

• 

  SONIFI Solutions, Inc.

  Jul 2024 - now

  Senior Application Security Engineer

  Designed and implemented secure software architecture for web applications, APIs, and endpoints based onengineering requirements, business cases, vendor partnerships, and use cases for 3rd party applications.• Performed architecture reviews and threat modeling using STRIDE methodology to identify threats.• Conducted manual code reviews, SAST, and DAST scans against applications and provided mitigations toengineering teams.• Conducted end-to-end security review for different applications and participated in bug bounty sessions.• Conducted comprehensive security assessments of third-party applications, analyzing vulnerabilities andimplementing mitigation strategies.• Developed and implemented standardized processes for evaluating the security posture of external softwarevendors and their products.• Performed dependency decomposition and analysis of software bill of material to identify potential threats fromupstream and downstream dependencies, vendors, and 3rd party applications.• Led the integration of security tools and technologies to enhance third-party application security and streamlineassessment procedures.• Executed penetration testing and vulnerability assessments to identify weaknesses and provide actionablerecommendations for remediation. Show less