Resume

Oct 14, 2025

Toul

CISSP | GWAPT | AWS Security Specialist Cert New York, NY, toul@hey.com

Experience

May 2023 - PRESENT

TikTok, New York- Application Security Manager
  • Grew the team from 1 FTE and 1 Contractor to 7 FTEs
  • Managed team of 7 security analysts to deliver comprehensive application security audits across features to ensure compliance with Oracle
  • Developed and integrated a security-first development framework to decrease critical vulnerabilities in production assets by 53%
  • Collaborated with cross functional teams to refine the SAST and SCA for codebases supporting the TikTok application reducing vulnerabilities found by Oracle and Independent Security Investigators by 66%
  • Launched an in-house security training program for developers, engineers, and cloud engineers achieving a 93% participation rate and reducing critical vulnerabilities by 49%
  • Established a comprehensive application security program from initial risk assessments to full implementation to protect over 171 Million User accounts and records from data leakage
  • Collaborated with executive leadership to secure 5 M USD budget for obtaining security tools resulting in a 35% in improvement in overall application security maturity

July 2022 -June 2023

Nutrien, Colorado Sr. Application Security Engineer
  • Led the integration of security tools into CI/CD pipelines, resulting in a 33% reduction in vulnerabilities detected post-deployment
  • Directed the assessment and remediation of security flaws across 30+ critical applications improving security posture by 40% and preventing potential breaches.

December 2018 - July 2022

HP Inc, Texas- DevSecOps Engineer
  • Integrated security automation tools into CI/CD pipelines, enabling continuous vulnerability scanning and reducing deployment delays by 30%
  • Implemented infrastructure as code (IaC) security measures across cloud environments, decreasing misconfigurations by 40% and ensuring compliance with industry standards.
  • Optimized security testing within the SDLC by automating static and dynamic analysis, reducing time to detect vulnerabilities by 25%
  • Collaborated with development and operations teams to deploy a secure containerization strategy, reducing container vulnerabilities by 50%
  • Deployed cloud security posture management (CSPM) solutions, identifying and remediating 90% of cloud configuration issues within the first 3 months

For Recruiters