Seasoned security pro with 14+ years. Expert in Secure SDLC, collaboration, and cutting-edge measures, ensuring high-quality, secure software.
Aktualisiert am 05.05.2024
Profil
Freiberufler / Selbstständiger
Remote-Arbeit
Verfügbar ab: 20.05.2024
Verfügbar zu: 100%
davon vor Ort: 50%
IT-Sicherheitsarchitektur
DevSecOps
Security Engineer
Python ? Terraform Security/ IaC
Secure SDLC
Qualys. ? PCI-DSS
Threat Modelling
Product Security
Risikomanagement
Infrastructure security
zero trust
AWS
Cloud Security
Secure coding
NIST standards
ISO 27001 ? ASP.NET
secure SDLC

Einsatzorte

Einsatzorte

Deutschland
möglich

Projekte

Projekte

3 years 1 month
2021-01 - 2024-01

End-to-End product security

Lead Security Engineer
Lead Security Engineer

I am currently responsible for End-to-End product security of over 150 applications in Service Delivery platform and to define the IT security strategy for ongoing developments

  • Elevating security for 150+ applications, from design to operations, with industry-best practices integrated into the CI/CD pipeline.
  • Review Architecture designs, early stage and late-stage designs, identifying potential security issues
  • Serving as the primary point of contact for all applications, establishing a self-service Secure Software Development advisory, inclusive of Threat Modelling.
  • Identify and drive risk mitigation of (emerging tactical) Information Security Risk across the Portfolio
  • Embedding Secure-by-Design and Secure Development Life Cycle principles to maximize Portfolio/Platform autonomy
  • Understand and clearly identify Cyber risk within an agile development environment, highlighting risks to Cyber for inclusion in the Risk Register (Archer) and to inform prioritization of Cyber Backlog items.
  • Support 'Business Enabling Platforms' Tech leads on their (emerging) Cyber issues starting from regular cyber risks to Architectural reviews.
  • Guiding development initiatives on specific security questions by taking the lead on finding technical Cyber solutions

on request
11 months
2020-03 - 2021-01

E-Commerce platform

DevSecOps Architect
DevSecOps Architect
  • Identified and closed security gaps in the CI/CD pipeline, incorporating essential security tools (SAST, DAST, IAST, OSS, Docker, Kubernetes Sensor).
  • Transformed DevOps into a DevSecOps culture
  • Enforced Secure Coding Standards (ASVS), Threat Analysis as well as Secure Code Review.
  • Promoted a "Secure by Default" culture.
  • Automated processes with Python scripting.
  • Conducted Third-Party Security reviews and managed Azure Security Center.
Rexel
11 months
2019-05 - 2020-03

Assessed cybersecurity implications

Security Architect
Security Architect
  • Assessed cybersecurity implications of new applications and infrastructure enhancements.
  • Conducted threat analyses of application architecture and identified security risks.
  • Guided development teams on security issues.
  • Supported Tech Leads on emerging cyber issues in encryption, authentication, authorization, patching frequency and API security.
Heathrow Airport Holdings Limited
2 years 1 month
2017-04 - 2019-04

Led diverse security teams

Security Officer
Security Officer
  • Led diverse security teams to enhance overall security.
  • Coordinated Product Security, Web Application Scanning, Penetration Testing, SDLC, Vulnerability Management, and Risk Assessment.
  • Reviewed security reports and made recommendations.
  • Enhanced security architecture and design.
  • Promoted PKI-based certificate management.
Lloyd?s Register
11 months
2016-05 - 2017-03

Introduced security in Agile DevOps

Programmer Analyst
Programmer Analyst

At FIS (a Fortune 500 company works in Banking domain), I have worked in its Risk as A Service line of business which works as cloud source security services to Banking Sector. Being a part of its Red Team, I have,

  • Introduced security in Agile DevOps.
  • Led a product security team.
  • Conducted secure coding training.
  • Performed Vulnerability Management, Penetration Tests, and Risk assessments for different Banking Clients.
  • Conducted Secure Code Reviews by HP Fortify, Checkmarx.
  • Managed open-source tools and inventories.
  • Ensured PCI DSS compliance.
  • Worked with Security Analysts and Production Support to monitor security tools in CI/CD pipeline.
  • Ensure PCI DSS compliance and security in the in-house developed applications and tools.

FIS (Fidelity Information Services)
7 months
2015-11 - 2016-05

Conducted security audits

Consultant
Consultant
  • Conducted security audits for World?s largest telecom giant.
  • Analyzed data from 1500+ systems to find security gaps.
  • Presented security analyses to the CISO.
Aujas Networks
1 year 6 months
2014-06 - 2015-11

Improved Data Center security

Consultant- Cyber & Data Security in State Data Center
Consultant- Cyber & Data Security in State Data Center
  • Improved Data Center security by 60% through employee training. 
  • Implemented secure coding practices and regular web app scans. 
  • Advised on security enhancements in architecture, infrastructure, and cryptography. 
  • Established measures like Windows Firewall, Application Control, Secure Coding, Database & Disk Encryption, Web Server & Windows Hardening. 
  • Standardized key management, identity, and network security. 
  • Conducted regular security tests for ongoing vigilance.
National Institute for Smart Government

Aus- und Weiterbildung

Aus- und Weiterbildung

1 year 9 months
2011-09 - 2013-05

Masters in advanced computer science

Computer Security: MSc, University of Manchester, UK
Computer Security: MSc
University of Manchester, UK

Position

Position

Kompetenzen

Kompetenzen

Top-Skills

IT-Sicherheitsarchitektur DevSecOps Security Engineer Python ? Terraform Security/ IaC Secure SDLC Qualys. ? PCI-DSS Threat Modelling Product Security Risikomanagement Infrastructure security zero trust AWS Cloud Security Secure coding NIST standards ISO 27001 ? ASP.NET secure SDLC

Produkte / Standards / Erfahrungen / Methoden

Profile

  • With over 14 years of experience, I'm a dedicated security professional proficient in Security Architecture, DevSecOps, Application Security, Red Teaming, Infrastructure Security, Risk Management, and Security Governance. I excel in translating security needs into practical solutions, promoting secure coding practices, and balancing security, usability, and performance. My expertise encompasses software architecture, threat mitigation, and enhancing code quality while implementing Secure Software Development Life Cycle (SDLC) practices. I have a proven record of collaborating with cross-functional teams to fortify overall security.
  • My commitment to staying current with industry trends and best practices ensures the adoption of cutting-edge security measures. I've consistently enhanced security while embracing agile methodologies, delivering secure and high-quality software.


AREAS OF EXPERTISE

  • DevSecOps Engineer
  • Application Security
  • Threat Modelling
  • Web Application Scan, Penetration Testing
  • Secure Code Review
  • Secure SDLC
  • Docker & Kubernetes Security
  • OWASP and Secure Coding Standard
  • Knowledge on Nessus, Nexpose, Metasploit, Qualys.
  • ASP.NET, C#, Java, Python
  • Security Architecture Review
  • Product Security
  • Risk Management
  • Network Infrastructure Security
  • Azure, AWS security configuration
  • Zero Trust
  • Secure Coding Training
  • Cloud Security
  • PCI-DSS, NIST standards, ISO 27001
  • Terraform Security/ IaC

Einsatzorte

Einsatzorte

Deutschland
möglich

Projekte

Projekte

3 years 1 month
2021-01 - 2024-01

End-to-End product security

Lead Security Engineer
Lead Security Engineer

I am currently responsible for End-to-End product security of over 150 applications in Service Delivery platform and to define the IT security strategy for ongoing developments

  • Elevating security for 150+ applications, from design to operations, with industry-best practices integrated into the CI/CD pipeline.
  • Review Architecture designs, early stage and late-stage designs, identifying potential security issues
  • Serving as the primary point of contact for all applications, establishing a self-service Secure Software Development advisory, inclusive of Threat Modelling.
  • Identify and drive risk mitigation of (emerging tactical) Information Security Risk across the Portfolio
  • Embedding Secure-by-Design and Secure Development Life Cycle principles to maximize Portfolio/Platform autonomy
  • Understand and clearly identify Cyber risk within an agile development environment, highlighting risks to Cyber for inclusion in the Risk Register (Archer) and to inform prioritization of Cyber Backlog items.
  • Support 'Business Enabling Platforms' Tech leads on their (emerging) Cyber issues starting from regular cyber risks to Architectural reviews.
  • Guiding development initiatives on specific security questions by taking the lead on finding technical Cyber solutions

on request
11 months
2020-03 - 2021-01

E-Commerce platform

DevSecOps Architect
DevSecOps Architect
  • Identified and closed security gaps in the CI/CD pipeline, incorporating essential security tools (SAST, DAST, IAST, OSS, Docker, Kubernetes Sensor).
  • Transformed DevOps into a DevSecOps culture
  • Enforced Secure Coding Standards (ASVS), Threat Analysis as well as Secure Code Review.
  • Promoted a "Secure by Default" culture.
  • Automated processes with Python scripting.
  • Conducted Third-Party Security reviews and managed Azure Security Center.
Rexel
11 months
2019-05 - 2020-03

Assessed cybersecurity implications

Security Architect
Security Architect
  • Assessed cybersecurity implications of new applications and infrastructure enhancements.
  • Conducted threat analyses of application architecture and identified security risks.
  • Guided development teams on security issues.
  • Supported Tech Leads on emerging cyber issues in encryption, authentication, authorization, patching frequency and API security.
Heathrow Airport Holdings Limited
2 years 1 month
2017-04 - 2019-04

Led diverse security teams

Security Officer
Security Officer
  • Led diverse security teams to enhance overall security.
  • Coordinated Product Security, Web Application Scanning, Penetration Testing, SDLC, Vulnerability Management, and Risk Assessment.
  • Reviewed security reports and made recommendations.
  • Enhanced security architecture and design.
  • Promoted PKI-based certificate management.
Lloyd?s Register
11 months
2016-05 - 2017-03

Introduced security in Agile DevOps

Programmer Analyst
Programmer Analyst

At FIS (a Fortune 500 company works in Banking domain), I have worked in its Risk as A Service line of business which works as cloud source security services to Banking Sector. Being a part of its Red Team, I have,

  • Introduced security in Agile DevOps.
  • Led a product security team.
  • Conducted secure coding training.
  • Performed Vulnerability Management, Penetration Tests, and Risk assessments for different Banking Clients.
  • Conducted Secure Code Reviews by HP Fortify, Checkmarx.
  • Managed open-source tools and inventories.
  • Ensured PCI DSS compliance.
  • Worked with Security Analysts and Production Support to monitor security tools in CI/CD pipeline.
  • Ensure PCI DSS compliance and security in the in-house developed applications and tools.

FIS (Fidelity Information Services)
7 months
2015-11 - 2016-05

Conducted security audits

Consultant
Consultant
  • Conducted security audits for World?s largest telecom giant.
  • Analyzed data from 1500+ systems to find security gaps.
  • Presented security analyses to the CISO.
Aujas Networks
1 year 6 months
2014-06 - 2015-11

Improved Data Center security

Consultant- Cyber & Data Security in State Data Center
Consultant- Cyber & Data Security in State Data Center
  • Improved Data Center security by 60% through employee training. 
  • Implemented secure coding practices and regular web app scans. 
  • Advised on security enhancements in architecture, infrastructure, and cryptography. 
  • Established measures like Windows Firewall, Application Control, Secure Coding, Database & Disk Encryption, Web Server & Windows Hardening. 
  • Standardized key management, identity, and network security. 
  • Conducted regular security tests for ongoing vigilance.
National Institute for Smart Government

Aus- und Weiterbildung

Aus- und Weiterbildung

1 year 9 months
2011-09 - 2013-05

Masters in advanced computer science

Computer Security: MSc, University of Manchester, UK
Computer Security: MSc
University of Manchester, UK

Position

Position

Kompetenzen

Kompetenzen

Top-Skills

IT-Sicherheitsarchitektur DevSecOps Security Engineer Python ? Terraform Security/ IaC Secure SDLC Qualys. ? PCI-DSS Threat Modelling Product Security Risikomanagement Infrastructure security zero trust AWS Cloud Security Secure coding NIST standards ISO 27001 ? ASP.NET secure SDLC

Produkte / Standards / Erfahrungen / Methoden

Profile

  • With over 14 years of experience, I'm a dedicated security professional proficient in Security Architecture, DevSecOps, Application Security, Red Teaming, Infrastructure Security, Risk Management, and Security Governance. I excel in translating security needs into practical solutions, promoting secure coding practices, and balancing security, usability, and performance. My expertise encompasses software architecture, threat mitigation, and enhancing code quality while implementing Secure Software Development Life Cycle (SDLC) practices. I have a proven record of collaborating with cross-functional teams to fortify overall security.
  • My commitment to staying current with industry trends and best practices ensures the adoption of cutting-edge security measures. I've consistently enhanced security while embracing agile methodologies, delivering secure and high-quality software.


AREAS OF EXPERTISE

  • DevSecOps Engineer
  • Application Security
  • Threat Modelling
  • Web Application Scan, Penetration Testing
  • Secure Code Review
  • Secure SDLC
  • Docker & Kubernetes Security
  • OWASP and Secure Coding Standard
  • Knowledge on Nessus, Nexpose, Metasploit, Qualys.
  • ASP.NET, C#, Java, Python
  • Security Architecture Review
  • Product Security
  • Risk Management
  • Network Infrastructure Security
  • Azure, AWS security configuration
  • Zero Trust
  • Secure Coding Training
  • Cloud Security
  • PCI-DSS, NIST standards, ISO 27001
  • Terraform Security/ IaC

Vertrauen Sie auf Randstad

Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung

Fragen?

Rufen Sie uns an +49 89 500316-300 oder schreiben Sie uns:

Das Freelancer-Portal

Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.