Samantha Chalker
Security Engineer & Penetration Tester
Summary

Security professional focused on developing applications to assist individuals and companies protect their data through information security. Brings a diverse background of education and practical experience to the job, and strives to further knowledge and personal growth through on-the-job experience.

Contact
+1 (425) 224-6263
Skills
Strong capacity to perform: Vulnerability Management, Threat Modeling, Application Architecture Assessment, Bug Bounty Program Management
Languages: Go, Java, Python, PHP, JavaScript, Node.js, TypeScript
Security Testing Skills: Web Application and Web Service Penetration Testing, Mobile (iOS & Android) Application Penetration Testing, Manual Code Review of Applications for Vulnerabilities, Docker Security Review
Projects
WSSiP (WebSocket/Socket.io Proxy)
Jan. 2017 to Current

Developed an application in Node.js using Electron, React and Material-UI framework to view and manipulate WebSocket messages between client & server and vice versa. Presented at Black Hat Arsenal US 2017.

Meetup to Telegram Bot
Sept. 2018 to Current

Developed an automatic application hosted on AWS Lambda and called by CloudWatch to fetch events happening in a particular social group on Meetup.com, and then automatically post the day's events at 9am every day on the chat application Telegram.

Employment
Twitter
Remote
Security Engineer (Penetration Tester, Contract) · 
Dec. 2019 to Current
  • Performed penetration testing on web and mobile applications on internal & external features
  • Responded to bug bounty reports and re-tested reported issues after fixes were applied
  • Set guidelines internally for pentesting, that included links to resources
  • Followed up with developers on how to best remediate issues, or avoid pitfalls in the future
Wealthfront
Redwood City, CA
Security Engineer · 
June 2018 to Apr. 2019

  • Performing penetration tests and security reviews
  • Running the vulnerability management program and responding to bug bounty reports
  • Assisting with identifying security weaknesses, misconfigurations and insecure code
  • Provided help with automating security tests to avoid accidental vulnerabilities, including deploying security static analysis tools in a CI/CD context

NCC Group
Sunnyvale, CA / New York City, NY / Remote
Security Consultant · 
Aug. 2015 to May 2018
  • Performed web application, web service, and mobile application penetration testing
  • Handled communication with clients and remediation of vulnerabilities
  • Trained fellow co-workers on testing applications involving binary protocols used by client-side JavaScript applications
  • Developed several internal tools to aid in penetration testing and one public tool, WSSiP