Hard Skills

- **Automation Frameworks:** Selenium, Playwright, Cypress, RestAssured, Cucumber, Robot Framework

- **Security Testing:** Penetration testing, vulnerability assessment, security API testing

- **Tools & Technologies:** Jenkins, GitLab CI, Kubernetes, Docker, OWASP ZAP, Burp Suite, SonarQube

- **Languages:** Java, Python, JavaScript, Bash

- **Security Standards & Protocols:** TLS/SSL, OAuth 2.0, SAML, JWT, OWASP Top Ten, CIS Controls

- **DevSecOps:** Integration of security tests into CI/CD pipelines, container security, Secrets management

Soft Skills

- Analytical thinking and problem-solving

- Cross-team collaboration, especially with security and development teams

- Effective communication of technical risks

- Agile methodologies and continuous improvement mindset

- Adaptability to evolving security threats and testing tools

*Senior QA Automation Engineer – Cybersecurity*

*SecureTech Solutions, San Francisco, CA*

June 2022 – Present

- Led the development of an automated testing framework using Cypress and custom security API scripts that reduced manual testing efforts by 40%.

- Integrated security vulnerability scans within CI/CD pipelines using OWASP ZAP, enabling early detection of security flaws.

- Collaborated with the security team to develop automated penetration tests and compliance validation scripts aligned with NIST cybersecurity frameworks.

- Provided mentorship to junior QA engineers, fostering a security-first mindset during testing phases.

*QA Automation Engineer – Cybersecurity*

*Cybershield Inc., New York, NY*

August 2018 – May 2022

- Designed and implemented automation suites for web and API security testing utilizing RestAssured and Python scripts, improving defect detection rate by 35%.

- Conducted vulnerability assessments using Burp Suite and integrated findings into automated reports for rapid remediation.

- Participated in security risk assessments and developed test cases that simulated real-world attack scenarios to evaluate defensive mechanisms.

- Worked closely with developers to incorporate static code analysis security metrics via SonarQube, ensuring code adheres to best practices.

*Junior QA Tester – Cybersecurity Applications*

*SecureCode Labs, Austin, TX*

June 2016 – July 2018

- Supported manual testing activities for security protocols in enterprise web applications.

- Assisted in automating repetitive test cases using Selenium WebDriver with Java, reducing regression testing cycle time.

- Maintained documentation of security test procedures and created security anomaly reports for the security team.

**Bachelor of Science in Computer Science**

University of California, Berkeley

*Graduated: 2016*

- Certified Ethical Hacker (CEH) – EC-Council

- Offensive Security Certified Professional (OSCP)

- Certified DevSecOps Engineer – DevOps Institute

- ISO/IEC 27001 Lead Implementer

Continuous Security Validation Framework Implementation

Designed a comprehensive automation framework integrating dynamic and static vulnerability scans across multiple environments. This project reduced security validation time from weekly to daily, enabling rapid deployment cycles.

Security API Automation Suite for Payment Gateway

Developed a suite of API tests for a payment gateway API, with integrated security checks for JWT token validation, OAuth flows, and endpoint vulnerability assessments. This significantly improved the detection of API security flaws before production release.

- Automation: Selenium, Playwright, Cucumber, Robot Framework

- Security: OWASP ZAP, Burp Suite, Nikto, Wireshark

- CI/CD: Jenkins, GitLab CI/CD, Azure DevOps

- Containerization & Orchestration: Docker, Kubernetes

- Security Standards & Protocols: TLS/SSL, OAuth 2.0, SAML, JWT

- English (Native)

- Spanish (Fluent)

*References available upon request*