Jeremiah McCann

Developed features and bug-fixes on the Rails app via Scrum. Interviewed developer candidates. - Helped stand-up a new video editing app with a Hotwire - Implemented an audio-only interview in the Angular app - Drove TDD practices in RSpec. - Redesigned authorization via Cancancan - Fixed timezone issues - Implemented interview scheduling via third party REST API - Spear-headed code health & conventions for a legacy application via code reviews and Rubocop - Reviewed security critical logic as security SME

Developed features and bug-fixes on the Ruby on Rails app via Scrum. Practiced BDD via RSpec. Performed peer code reviews. Interviewed software engineer candidates. Performed on-call duties. Designed and implemented REST APIs with OpenAPI. Redesigned authorization using CanCanCan & polymorphic roles. Helped implement full text search with Elasticsearch. Implemented redesign of bug bounty sign-up flow. Helped to keep dev docs consistent and healthy. Regularly reviewed critical logic as a security SME.

Analyzed log data and security alerts to track intrusions and to develop new analysis tools, security alerts and logs. Leveraged Google and open source infrastructure to triage and track incidents. Used many sources of logs, NIDS data and alert sources to correlate intrusion information and dispatch between end users, endpoint technicians or incident response teams. Developed tools for data interface and alerting. Reverse engineered possible malicious Javascript, documents, flash apps and binaries.

Provided confidentiality, availability and integrity for the Air Force CERT and Air Force wide highly available intrusion detection network at three data centers. Engineered, secured and restructured public facing DMZ with redundant, hardened BIND servers and file server.

Upgraded an internal application from Ruby on Rails 2.1 to 3.0. Developed libraries and programs to gather, import, export, persist, automate, correlate and reference different scanning application output. Probed and examined new applications and application tiered infrastructure for unknown vulnerabilities, especially at the web and web infrastructure levels.

As technical lead, implemented Defense in Depth via boundary protection, vulnerability assessment, and intrusion detection/first response for Yokota Air Base.