About

David Ancheta-Nunez

Offensive Security Engineer | OSWE, OSWA, OSCP, GWAPT, GPEN

Sacramento, California

Interdepartmental liaison and advocate for Software Engineering & Offensive Security Teams. Elevating cybersecurity standards, one code line at a time. At the forefront of secure development, my cutting-edge penetration testing and training services are not just about protecting applications; they're about shaping the future of digital resilience.

Key Accomplishments:

Mentored and cross-trained blue teamers for regular cadence purple team activities
Crafted and ran developer organization wide tournament on secure development and the OWASP Top 10
Presented at Q2's Security Champion Program

Penetration TestingApplication SecurityAI SecurityWhiteBox AssessmentsSecure CodingDevSecOpsCloud SecurityThreat Modeling

View Services

Career

Professional Experience

Over 12 years of experience in software development and security.

2024 - Present

Sacramento, CA

RoseCross LLC

Founder & Offensive Security Engineer

Fortifying Futures: Mastering Security in Development, Testing, and Beyond. Providing enterprise-grade penetration testing and security consulting services.

•Full-stack security assessments across AI, Web, Mobile, Network, and Cloud
•Secure development consulting and training
•Threat modeling and security architecture reviews

September 2021 - Present

Remote

Q2

Offensive Security Engineer

Leading offensive security initiatives for Q2's online banking platform serving 450+ financial institutions.

•White Box Testing of Internal APIs and Web Applications
•Active engagement with Development Teams through Threat Modeling of new products and features
•Spearheaded PoC criteria and selection efforts leading to successful rollout of Secure Development Training Platform
•Networking & gathering of industry security professionals for Q2's Security Champion's Program
•Handles triaging, validation, and response of 3rd Party Pentest results for Online Banking Suite
•Participates in secure code reviews of FI developed extensions via Q2's Innovation Studio Program

September 2020 - September 2021

Remote

Q2

DevSecOps Engineer

Designed and implemented security automation tools and integrated security into the SDLC.

•Built out a process resulting in the reduction of critical container vulnerabilities 30% over 2 sprints
•Design and implement Security Automation tools for testing, monitoring, and reporting
•Trains engineers on the OWASP Top 10 and secure coding principles
•Ensures the integrity of Q2 software by training, implementing, and monitoring practices on Q2's SSDLC Policy

August 2017 - September 2020

Stockton, CA

San Joaquin County Office of Education (CodeStack)

Web Architect

Led development and architecture for California Department of Education projects.

•Spearheaded re-write of SEIS 2.0 Project
•Experience configuring and deploying code using Azure DevOps CI/CD Pipelines
•Full-stack development utilizing T-SQL, JavaScript (AngularJS and Angular), TypeScript, and C#
•Performed code reviews to assure software stability, cleanliness, and performance

September 2013 - August 2017

Stockton, CA

San Joaquin County Office of Education (CodeStack)

Web Developer

Development and maintenance of Special Education Information System (SEIS.org).

•Responsible for the Development and Maintenance of Special Education Information System
•ASP.NET WebForms/MVC/Web API Programming in C#
•Client-Side Programming (JavaScript/jQuery/AngularJS)
•SQL Server 2014 Programming

Credentials

Industry Certifications

Certified API Security Analyst (CASA)

APIsec University

Certified DevSecOps Professional (CDP)

Practical DevSecOps

Microsoft Certified: Azure Fundamentals

Microsoft

Education

Academic Background

ITT Technical Institute - Clovis, CA

Associate of Science Degree - Software Development Technology

Graduated with Highest Honors: June 2011

Alpha Beta Kappa National Honor SocietyGold Key Recipient

Reach Out

Contact Information

Phone

707-918-4168

Website

rosecross.sh

LinkedIn Profile