London, England, United Kingdom
Jojo is a Security Engineer with a strong foundation in Application Security (AppSec) and a growing focus on Threat Detection & Response (TDR). With experience in secure development, vulnerability management, and security architecture, she is now expanding her expertise to threat detection, attack analysis, and security monitoring. She holds an MSc in Information Security and has a broad range of knowledge, including network security, cloud security, and risk management. She is self-driven, curious, and thrives on solving complex security challenges. Passionate about automation and efficiency, she enjoys building scalable, automated security solutions to enhance security workflows and detection capabilities.
- Develop and deploy security services using FastAPI, Docker, Kubernetes, and Helm. - Adjust vulnerability severity levels by incorporating public API data for accurate triage and reset SLAs based on updated severity assessments. - Enhance stability of a Kubernetes service to ensure daily data sync from Jira tickets to the vulnerability management dashboard. - Write unit tests with pytest to validate security service functionality. - Lead the organisation-wide implementation of a comprehensive threat modelling program. - Manage and deliver security code training for engineers, improving secure coding practices and reducing vulnerabilities. - Design and implement data pipelines utilising Kafka for real-time streaming, Snowflake for scalable data storage, and Airflow for efficient workflow orchestration. - Collaborate with cross-functional teams to integrate secure coding best practices into workflows across the organisation.
Responsibilities including - Experience of security toolings such as SCA (Snyk), Security awareness training (Secure code warrior), IaC code scanning(CheckOV) - Work cross teams to automate workflows. Such as write synthetic tests in Datadog, automate user's passcode reset flow - Review HackerOne bug bounty reports and help fixing them internally - Identify the current security gaps, draft solutions and controls.
• Member of the infrastructure team, using Azure DevOps, Terraform, AWS, Jira, and Confluence in daily activities.
• The lead of vulnerability management by using Snyk and CheckOv. Working closely with software engineers for vulnerabilities remediation. • Risk assessment: Security compliance audit based on ISO27000 series, IISP and NIST and gave the best practice solutions align with the client’s unique situation. • Application Security: Extensive experience in conducting code scanning, Azure DevOps, AWS. Also familiar with Infrastructure as Code security scanning (Terraform scanning), maturity security assessment based on OWSAP SAMM framework (SSDLC). Deep understanding of OWASP Top 10. • Experience in working for one of the biggest impact projects in the UK as a security engineer. Pushed and implemented the disaster recovery solution for one of their products. Helped build the AWS WAF rules for the client. • Communication and Leadership: Built a good relationship with a couple of the security testing vendors and partnered with them. Lead the team to have a comprehensive understanding of their products. Take ownership of work and push it forward.
Worked within Deloitte Risk Advisory practice, helping UK Smart Metering clients of their cyber security challenges. She is also part of Deloitte UK's Cyber Health team.
Work as an information security consultant for Royal Holloway in InforSec EU 2018. My responsibility was introduce Msc information security course modules and outline to visitors and answer any queries about Royal Holloway.