Bydgoszcz, Kujawsko-pomorskie, Poland
Experienced Application Security Engineer specializing in secure software development practices. Proficient in integrating security into the development process, ensuring robust protection against vulnerabilities throughout the application's lifecycle. My Experience: • Secure Development Lifecycle (SDL): Integrating security measures into the development process, fostering a proactive approach to application security. • Security-Centric Development Culture: Cultivating a culture of secure development, including threat modeling and security testing. • Compliance Orientation: Skilled in adhering to industry standards, such as ISO 27001, to ensure security and compliance requirements are met. • Security Integration: Implementing security gates into CI/CD pipelines using tools like SAST, SCA, DAST. • Educational Programs: Designing and delivering specialized security educational programs tailored for both developers and business stakeholders. • Ethical Hacking: Experienced in ethical hacking, familiar with and working with Kali Linux and related penetration testing tools. • Authentication and Authorization: Crafting robust user authentication and authorization solutions, including OpenID and OAuth. • Cryptography and Network Security: Possessing a deep understanding of cryptography and network security, ensuring data protection and integrity. • Full Stack Development Experience: Practical experience in full-stack development (.NET + JS) • Cloud Security: Expertise in securing cloud environments, particularly in the Azure environment. As an Application Security Engineer, I specialize in fortifying application security, identifying and mitigating risks, and promoting a security-focused mindset within organizations.
- collaborated with development teams and solution architects in planning sessions, providing requirements and recommendations for implementing industry best security practices. - conducted threat modeling of new and existing architectural solutions using STRIDE methodology and OWASP TOP 10 list, ensuring a high level of protection against major security threats. - effectively addressed vulnerabilities identified by automated vulnerability scanners integrated into CI/CD pipelines, such as SAST Checkmarx, SCA Snyk, and DAST OWASP ZAP - performed manual code audits for various security issues such as XSS, weak cryptography, misconfiguration issues, and others. - participated in addressing vulnerabilities identified in external penetration test reports, ensuring prompt resolution of incidents. - conducted manual penetration tests of the core product, utilizing a wide range of tools provided by the Kali Linux OS, and engaged in learning activities on platforms such as TryHackMe and HackTheBox. - worked with Azure cloud environment, Docker, and Kubernetes technologies. Participated in the implementation of the DefectDojo tool for security team processes, developing accompanying documentation for organizing and managing this tool, ensuring more effective product security management.