Samantha Chalker
Security Engineer & Penetration Tester
+1 (347) 766-9369

Security professional focused on developing applications to assist individuals and companies protect their data through information security. Brings a diverse background of education and practical experience to the job, and strives to further knowledge and personal growth through on-the-job experience.

Strong capacity to perform
Vulnerability Management
Threat Modeling
Application Architecture Assessment
Bug Bounty Program Management
JavaScript, Node.js, TypeScript
Security Testing Skills
Web Application and Web Service Penetration Testing
Mobile (iOS & Android) Application Penetration Testing
Manual Code Review of Applications for Vulnerabilities
Docker Security Review
Senior Security Engineer
Sept. 2020 to Current
  • Led the bug bounty practice and reformed criteria to meet researchers' needs
  • Advised on engineering architecture assessments from an application security perspective
  • Performed reviews on various aspects of frontend security as well as supply chain issues
  • Mentored junior colleagues on more advanced topics
Security Engineer (Penetration Tester, Contract)
Dec. 2019 to Aug. 2020
  • Performed penetration testing on web and mobile applications on internal & external features
  • Responded to bug bounty reports and re-tested reported issues after fixes were applied
  • Set guidelines internally for pentesting, that included links to resources
  • Followed up with developers on how to best remediate issues, or avoid pitfalls in the future
Redwood City, CA
Security Engineer
June 2018 to Apr. 2019

  • Performing penetration tests and security reviews
  • Running the vulnerability management program and responding to bug bounty reports
  • Assisting with identifying security weaknesses, misconfigurations and insecure code
  • Provided help with automating security tests to avoid accidental vulnerabilities, including deploying security static analysis tools in a CI/CD context

NCC Group
Sunnyvale, CA / New York City, NY / Remote
Security Consultant
Aug. 2015 to May 2018
  • Performed web application, web service, and mobile application penetration testing
  • Handled communication with clients and remediation of vulnerabilities
  • Trained fellow co-workers on testing applications involving binary protocols used by client-side JavaScript applications
  • Developed several internal tools to aid in penetration testing and one public tool, WSSiP
WSSiP (WebSocket/ Proxy)
Jan. 2017 to Current

Developed an application in Node.js using Electron, React and Material-UI framework to view and manipulate WebSocket messages between client & server and vice versa. Presented at Black Hat Arsenal US 2017.

Meetup to Telegram Bot
Sept. 2018 to Current

Developed an automatic application hosted on AWS Lambda and called by CloudWatch to fetch events happening in a particular social group on, and then automatically post the day's events at 9am every day on the chat application Telegram.