I now work for the Secure Code Review team at Wells Fargo as a Information Security Engineer. Before that I worked at CenturyLink (formerly Qwest) as a Staff Security Engineer under Risk Management / Information Security. During the 10 years prior to this, I worked as the tech lead on an Application Security team in (then) Qwest's IT division.
Before even that, I spent 3+ years as an independent contractor consulting on C++ and Java development, and 17 years at (then) AT&T (now Alcatel-Lucent) Bell Labs where I was a DMTS. (Told you I was a dinosaur! Ask me about piggyback twistor memory someday and how I used it to stay warm in the labs.)
I currently am working on the OWASPI ESAPI for Java project and most of my time is spent on ESAPI's crypto system. After years of swearing that I'd never program in C++ again, lo and behold, I find myself working working on the new ESAPI for C++ project. I really *must* be a masochist.
Lastly, co-mentoring a student with John Melton for the Google Summer of Code 2012. The student's GSoC project is to develop a SOAP web service to interface with the OWASP AppSensor engine.