Joshua Tucker
Application Security Engineer
I’m an Application Security Engineer focused on building secure, scalable software systems by embedding security directly into the development lifecycle.
I specialize in identifying and mitigating application-level risk through threat modeling, secure code review, and security automation, with an emphasis on practical, developer-friendly solutions. My work centers on reducing real-world vulnerabilities, improving signal quality, and eliminating friction between security and engineering teams.
With a strong software engineering background, I approach security as a systems problem—designing tools, workflows, and controls that help teams ship secure code confidently and efficiently. I’m particularly interested in secure SDLC design, AppSec tooling, and solving complex security challenges at scale.
Application Security Skills
Application Security Domains
- Secure SDLC Design & Developer Enablement
- Threat Modeling & Application Risk Analysis
- Secure Code Review (Manual & Automated)
- Vulnerability Triage & False Positive Reduction
- Software Supply Chain Security (SCA)
Engineering & Automation
- Go (Golang) – Internal Tooling, SDKs, CLIs
- Security Automation & Policy-as-Code
- CI/CD Security (GitHub Actions)
- Security Data Correlation & Workflow Automation
- API & Web Application Security
Platforms & Tooling
- Snyk, ArmorCode
- GitHub Security & GitGuardian
- Custom SAST, SCA, and Secrets Detection Pipelines
- Container Security & Image Scanning
- OWASP Top 10, CWE
Professional Experience
Application Security Engineer — Teradata
May 2025 – Present · Remote
Designing and building internal Application Security tooling in Go to automate vulnerability triage, release branch attestation, and policy enforcement across large-scale repositories. Developed a reusable AppSec SDK and CLI tooling to correlate findings from SAST, SCA, secrets detection, and container scanning platforms. Integrated security checks into CI/CD pipelines using GitHub Actions, reduced false positives, improved signal quality, and enabled scalable secure development practices through documentation and cross-team training.
Software Development Mentor — GrowthMentor
Jun 2023 – Present · Part-time · Remote
Mentoring engineers on software development fundamentals, system design, and career growth, with a strong emphasis on secure coding practices, automation, and real-world engineering workflows.
Web Platform Engineer — DM Cantor
Jul 2023 – Nov 2024 · Contract · Phoenix, AZ
Led application security and performance hardening for public-facing legal platforms handling sensitive client data. Implemented authentication and access control mechanisms, performed secure code reviews, remediated OWASP Top 10 vulnerabilities, and improved overall security posture through dependency management, configuration hardening, and secure deployment practices.
Technical Advisor — Gyde Marketing
Feb 2022 – Jun 2023 · Full-time · Hybrid
Designed and implemented the company’s core technical platform with a focus on secure architecture, scalability, and automation. Built custom automation frameworks, implemented authentication and authorization flows, and developed secure client and freelancer portals with strong data isolation and GDPR-aligned protections.
Senior Developer — Driven Dental Implant Marketing
Feb 2021 – Feb 2022 · Full-time · Remote
Led development teams building high-traffic web applications. Improved performance and reliability, spearheaded secure website launches including DNS and subdomain architectures, and automated lead processing workflows using JavaScript.
Head Developer — The Sher Agency
Feb 2020 – Jan 2021 · Contract · Hybrid
Managed multiple enterprise client platforms end-to-end while leading a team of developers. Built and maintained enterprise WordPress applications using advanced PHP and custom architectures, established development standards, and improved delivery capacity and quality.
Get In Touch
Interested in discussing security opportunities or collaboration?
Email:
Quick Links:
The Recycle Bin is empty. Empty for kicks?