Veronica Thompson

Experience

• 

  CorVel Corporation

  Aug 2016 - Apr 2021

  Cloud Security Engineer

  - Implemented robust cloud security onboarding procedures, ensuring seamless integration of new applications and services while adhering to stringent security standards. - Conducted comprehensive cloud environment mapping to identify and assess security risks, resulting in a clear understanding of potential vulnerabilities and effective mitigation strategies.- Orchestrated the integration of security controls into cloud infrastructure, enhancing resilience against threats and ensuring compliance with industry regulations and best practices.- Streamlined cloud security governance by mapping security frameworks and controls to industry standards, providing clarity and alignment for stakeholders across the organization.- Spearheaded cloud security education initiatives, equipping teams with the knowledge and tools to navigate securely within cloud environments, fostering a culture of proactive risk management and continuous improvement. Show less

• 

  Santander Consumer USA

  Apr 2021 - now

  Application Security Engineer

  - Orchestrated a DevSecOps initiative, automating Application Security Testing across 450+ active applications.- Spearheaded the shift-left strategy, enabling developers to preemptively identify and resolve issues during code development, resulting in significant cost savings.- Established the Secure Code initiative to enforce coding standards, identifying and rectifying non-compliant practices before production deployment.- Implemented Secure by Design principles into SDLC, embedding security requirements from inception.- Assessed program maturity using OWASP guidelines, achieving substantial benchmarks for both Application Security and DevSecOps Automation.- Enhanced security scanning coverage by 91% for high-risk applications through the Application Security Program.- Automated 8800 scans as part of DevSecOps Automation efforts.- Mitigated 6000 high-security issues in 2022 through robust Vulnerability Management practices.- Utilized tools such as Kali Linux, shell scripts, Synk, and Burp Suite for comprehensive application security assessments.- Collaborated with application developers to mitigate code vulnerabilities identified through static and dynamic analysis.- Provided daily Incident Response updates across InfoSec teams.- Documented vulnerabilities and established processes for team-wide comprehension and success.- Designed and implemented Secure Design Review, Threat Modeling, and Manual Code Review processes.- Delivered technical training to developers on secure software practices.- Implemented Web Application Firewall (WAF) to monitor and filter malicious HTTP/S traffic aimed at applications. Show less