Samantha Chalker
Security Engineer & Penetration Tester
+1 (425) 224-6263

Security professional focused on developing applications to assist individuals and companies protect their data through information security. Brings a diverse background of education and practical experience to the job, and strives to further knowledge and personal growth through on-the-job experience.

Strong capacity to perform
Vulnerability Management
Threat Modeling
Application Architecture Assessment
Bug Bounty Program Management
JavaScript, Node.js, TypeScript
Security Testing Skills
Web Application and Web Service Penetration Testing
Mobile (iOS & Android) Application Penetration Testing
Manual Code Review of Applications for Vulnerabilities
Docker Security Review
X-Force Red Hacker
Jan. 2022 to Apr. 2024
  • Performed all-around application security penetration testing
  • Walked clients through vulnerabilities with expansive technical details
  • Taught colleagues and interns mobile application security testing
  • Helped with project management in areas that necessitated it
Senior Security Engineer
Sept. 2020 to Oct. 2021
  • Led the bug bounty practice and reformed criteria to meet researchers' needs
  • Advised on engineering architecture assessments from an application security perspective
  • Performed reviews on various aspects of frontend security as well as supply chain issues
  • Mentored junior colleagues on more advanced topics
Security Engineer (Penetration Tester, Contract)
Dec. 2019 to Aug. 2020
  • Performed penetration testing on web and mobile applications on internal & external features
  • Responded to bug bounty reports and re-tested reported issues after fixes were applied
  • Set guidelines internally for pentesting, that included links to resources
  • Followed up with developers on how to best remediate issues, or avoid pitfalls in the future
Redwood City, CA
Security Engineer
June 2018 to Apr. 2019

  • Performing penetration tests and security reviews
  • Running the vulnerability management program and responding to bug bounty reports
  • Assisting with identifying security weaknesses, misconfigurations and insecure code
  • Provided help with automating security tests to avoid accidental vulnerabilities, including deploying security static analysis tools in a CI/CD context

NCC Group
Sunnyvale, CA / New York City, NY / Remote
Security Consultant
Aug. 2015 to May 2018
  • Performed web application, web service, and mobile application penetration testing
  • Handled communication with clients and remediation of vulnerabilities
  • Trained fellow co-workers on testing applications involving binary protocols used by client-side JavaScript applications
  • Developed several internal tools to aid in penetration testing and one public tool, WSSiP
WSSiP (WebSocket/ Proxy)
Jan. 2017 to Current

Developed an application in Node.js using Electron, React and Material-UI framework to view and manipulate WebSocket messages between client & server and vice versa. Presented at Black Hat Arsenal US 2017. Currently undergoing a full rewrite as of 2023 and will include communication with other HTML5 communication protocols such as monitoring WebRTC.

Sept. 2018 to Current

Contributor to TournamentStreamHelper, an application made in a mix of Python 3 & Qt, with JavaScript for specific functionalities. Used for scoreboards and relevant information to be presented on a video game tournament livestream.