4. Security & Compliance

Provides cyber intelligence operations for reconnaissance, risk mitigation, and stealth tactics in security assessment and threat analysis.

Scans container and dependency vulnerabilities using Trivy, prioritizing severity for pre-release security checks.

Expert in PERMISOS SyV system for validating, marking, and ensuring consistency of sensitive information alerts.

Conducts comprehensive security and code quality audits across 21 phases, including automated security scanning, GitHub analysis, and remediation.

Automates identification and removal of prohibited language from Git commit history to ensure security compliance and prevent data leaks.

Securely manages Terraform secrets including credentials and keys via Google Secret Manager, preventing state exposure and enforcing encryption.

Performs security audits on Java codebases to identify vulnerabilities and ensure compliance with OWASP Top 10 standards.

Conducts forensic analysis of enterprise codebases for security, compliance, performance, and architecture across multi-platform environments.

Confirms core principles, guardrails, and project context to ensure MacroFlow sessions operate within defined safety and compliance boundaries.

Validates UI components for WCAG 2.2 Level AA compliance, covering color contrast, keyboard navigation, screen reader support, and ARIA attributes.

Enforces dependency security scanning and SBOM generation for package management, covering OWASP checks and supply chain security.

Scans codebases for accidentally committed secrets, validates .gitignore patterns, and ensures proper .env templates exist.

Validates Claude Code skills against best practices, checking YAML frontmatter, SKILL.md structure, and description quality.

Performs static code analysis to detect security vulnerabilities, enforce coding standards, and identify quality issues through pattern matching and custom rules.

Automates IP whitelist management for Provider Nexus API clients using TypeScript scripts interacting with admin API endpoints.

Performs comprehensive checks to ensure website compliance with accessibility standards such as WCAG.

Provides security vulnerability assessment, threat modeling, and security best practice implementation for robust system protection.

Manages identity and access control systems including authentication, authorization, and secret management for secure application deployment.

Validates digital interfaces, documents, and dashboards against WCAG and Section 508 standards to identify and remediate accessibility barriers.

Assesses privacy and compliance risks in data handling practices for pilot initiatives, ensuring regulatory adherence.

Assesses system designs and data flows for security vulnerabilities and compliance, including threat modeling and policy alignment (Zero-Trust, Duke Verified).

Evaluates pilot workflows and deliverables for ethical alignment, fairness, bias, data privacy, and societal impact to ensure responsible execution.

Reviews pilot documentation and outputs for alignment with Duke policies, organizational guidelines, and regulatory requirements.

Simulates failure scenarios using the Saboteur Method to proactively identify security vulnerabilities in critical systems and features.