Aaron Nilsen

Profile

I'm an AppSec Engineer with a background in enterprise software development. I am proficient in explaining complex topics in simple language as some of my earliest jobs were teaching martial arts and computer science. I have a passion for continued learning and am working to broaden both my red and blue team skills. I also work to stay up to date on the latest exploit developments, specifically those that impact and involve software development teams.

Experience

Alliant Credit Union

Chicago, IL

Senior Application Security Engineer

March 2023 - Present

  • Conduct and Lead Pentests and report writing
  • Work with development teams to identify and fix vulnerabilities found by automated scans
  • Advise on architectural design of application features
  • .Net
  • SAST
  • Threat Modeling

Appliaction Security Engineer

Jun 2022 - March 2023

  • Conduct secure code reviews to ensure safety of source code.
  • Conduct Penetration tests of internal and external applications
  • Review SAST findings to determine severity and work with dev teams to mitigate risk
  • SAST
  • Burp
  • Kali
  • .Net

Sentry

Madison, WI

Application Security Analyst

Sept 2021 - Jun 2022

  • Onboard application to SAST, DAST, and SCA scanners
  • Prioritize vulnerabilities through DREAD method and present findings to developers and leadership
  • Evaluate exposure and determine remediation actions in response to incidents
  • Perform ad hoc Threat Analysis and Penetration Testing on web applications
  • Review features with development team in order to shift security left
  • Educate teams in secure coding practices
  • SAST
  • DAST
  • SCA
  • DREAD

Software Engineer

Jan 2017 - Nov 2021

  • Security Champion piloted Checkmarx SAST and performed Secure Code Reviews
  • Lead and directed decision making on architecture and design for subset of applications
  • Implemented Oauth2 PKCE login using Okta in Mobile App and Single Page Application
  • Built Java notification services, REST data services, and Insurance websites using Java Spring
  • Java
  • Spring
  • REST APIs
  • Oauth2
  • OIDC
  • SQL

University of Wisconsin - Madison

Madison, WI

Wisconsin Emerging Scholars Instructor

Sep 2015 - Dec 2016

  • Worked as a tutor and mentor with underrepresented students in the computer science program to help them build a strong foundation in CS fundamentals
  • Java

Epic Systems

Verona, WI

Software Development Intern

May 2016 - Aug 2016

  • Collaborated with Hospital Billing team to redesign hospital billing application UI in order to provide earnings comparison metrics
  • C#
  • .NET
  • SQL
  • REST APIs

Software Development Intern

May 2015 - Aug 2015

  • Collaborated with Interconnect team to dynamically create web APIs from SQL stored procedures using Roslyn compiler
  • C#
  • .NET
  • SQL
  • REST APIs

Education

Bachelor of Science in Computer Science

University of Wisconsin - Madison

Dec 2016

photo of me

Skills

    • Security Tools
    • Burp Suite
    • SAST
    • DAST
    • SCA
    • Rapid7/InsightAppSec
    • Checkmarx
    • Synopsys Coverity
    • Kali
      Security Concepts
    • Owasp top 10
    • Threat Modeling
    • STRIDE
    • DREAD
    • Penetration Testing
    • Secure Code Reviews
    • Secure Coding Methodology
    • OAuth2
    • OIDC
      Developer Tools
    • Git
    • Bitbucket
    • Azure DevOp
    • Jenkins
    • Artifactory
    • Swagger
      Programming/Scripting
    • Java
    • Spring
    • C#/.Net
    • Bash
    • SQL
    • JS
    • Python
    • Angular
    • Nativescript
      Misc
    • Unix based Terminal
    • REST APIs

Certifications

  • CompTIA Security+
  • Checkmarx Certified Engineer (CxCE)
  • Rapid7 InsightAppSec Specialist

Interests

  • Muay Thai
  • Book Collecting
  • Hiking
  • Home Lab