tucker@dev ~
~/tucker > whoami

Tucker Clark

senior red team operator · security engineer

Senior Red Team Operator and Security Engineer with 5+ years of experience in red team operations and penetration testing across networks, cloud, and web applications. 2+ years leading consulting projects and technical teams with a background in AI, data science, and software engineering.

tuckerclark91@gmail.com+1 (423) 290-8213
What I'm Working On
Continuous Red Team Labin progress

Building a self-hosted attack simulation environment with automated detections, replayable scenarios, and weekly control validation runs.

LLM App Security Playbookresearch

Documenting practical offensive test cases for prompt injection, tool abuse, data exfiltration, and weak authorization patterns in agentic workflows.

WAF Evasion Test Corpusactive

Expanding payload libraries and benchmarking bypass behavior across rule sets to track defensive drift over time.

Experience
TikTok · Senior Penetration Tester2025-present

Scaled continuous automated penetration testing across 4 tenancies (~137K hosts), integrated findings into SOC and BAS pipelines, and led PCI DSS testing across 200K+ hosts.

Google (Mandiant) · Senior Red Team Consultant2022-2025

Launched Mandiant's first LLM penetration testing service line, emulated advanced threat actor TTPs, and co-authored AI red teaming research published in M-TRENDS 2024.

Tennessee Valley Authority · Cybersecurity Analyst2020-2022

Ran BAS programs, managed a government vulnerability disclosure program via HackerOne, and automated mobile risk analysis for 3,880 users and applications.

Independent Projects
Automated Red Team Pipelinesecurity

Personal lab for continuous attack simulation, detection validation, and report generation across cloud and internal environments.

WAF Validation Harnesstooling

Payload testing framework for measuring allow/block behavior by vulnerability class and tracking baseline control effectiveness over time.

AI Security Testbedai

Independent environment for evaluating prompt injection, data leakage, and abuse scenarios in LLM-backed applications.

Skills & Certifications
Red TeamingPenetration TestingEDR EvasionC2 InfrastructureAI/ML SecurityPythonJavaScriptCSSC++OSWAOSWPMandiant CRTPNPTCISA RVA/HVALinux
Education

B.S. in Computer Science (Data Science), University of Tennessee at Chattanooga (May 2020). Teaching Assistant for Intro to Machine Learning; recipient of NSF S-STEM scholarship and UTC Freshman Mathematics Award.