Andrei A. Email and Phone Number

Application Security Assessment Security in CI/CD pipelinesSecure Code ReviewAPI Security Assessment Experience with Application Security Enterprise SolutionsWorking in Cloud environments (GCP, AWS and Azure)Vulnerability management for applications (Web, Mobile, API)SAST, DAST, SCA, IAC SecurityDevelopment Automations in SSDLCRisk assessment in applications (Web, Mobile)Support with Secure Development Standards and GuidelinesDocumentation of procedures and technical materials

Capitani Group a next-generation global technology consulting company that helps enterprises reimagine their businesses for the digital age.It has been supporting its clients in developing solutions with innovation and cybersecurity specialized.With a presence in Brazil & Latam, USA, Europe and Australia, the group is recognized for the quality and commitment of its professionals in the projects it works on.

• DevSecOps• CI/CD (Azure DevOps, Jenkins, Bitrise)• TAM - Technical Account Manager• SSDLC - Helping Introduce Security in SDLC process. (Software Development Life Cycle)• Security awareness• Source Code Review • Vulnerability Management• Vulnerability Risk Assessment • AppSec• SAST, DAST, SCA, IAC Security• Pentest• Web Application Analysis• Checkmarx | Acunetix | Burp Suite• Log Analysis• Agile methodology | SCRUM• Advanced Technical Support• Data Protection• Secure Coding Best Practices• Web Application Risk Assessment• Threat Modeling

• Introduction of SAST, DAST, SCA, IAC Security tools on CI/CD Pipelines.• Participation in Application Architecture meetings for greater understanding of the functionalities, features and design patterns of applications..• Assessment and validation of vulnerabilities and alerts coming from almost discovery sources such as SAST, DAST, CSIRT, Pentest, Bug Bounty, WAF.• Exploitation of vulnerabilities found in security tools such as SAST, DAST or Pentest. demo via proof-of-concept.• Expertise in the implementation of Security on the Development pipelines of large Companies.• Already work on tickets related to technical problems, analyzing the health of the environment to have the best usability.• I worked on ticket analysis in On-Premises environments, Log analysis and advanced problems investigation.• Vulnerability management and validation/post-exploitation for identified vulnerabilities in Web Applications.• Experience with Agile methodology (SCRUM), Completion of tasks and projects in agreed time.

• Azure DevOps CI/CD Secure pipelines• SAST, DAST, SCA• Development tools for automations• Penetration Testing• API Security assesment• Automated dashboards for KPI's• PowerBI• Checkmarx• Acunetix• Burp Suite• Assessment and validation of vulnerabilities and alerts coming from almost discovery sources such as SAST, DAST, CSIRT, Pentest.• I worked on ticket analysis in On-Premises environments, Log analysis and advanced problems investigation.• Vulnerability management and validation/post-exploitation for identified vulnerabilities in Web Applications.• Experience with Agile methodology (SCRUM), Completion of tasks and projects in agreed time• Exploitation of vulnerabilities found in security tools such as SAST, DAST or Pentest. demo via proof-of-concept.

Crowdsourced security company that safeguards organizations' assets from sophisticated threat actors before they can strike—by uniting our customers with trusted hackers via our AI-powered platform to take back control and stay ahead of attackers.

HackerOne empowers the world to build a safer internet. As the world’s trusted hacker-powered security platform, HackerOne gives organizations access to the largest community of hackers on the planet. Armed with the most robust database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organizations across all industries and attack surfaces.

The program is intended to give security researchers terms and conditions for conducting vulnerability discovery activities directed at publicly accessible Department of Defense (DoD) information systems¹, including web properties, and submitting discovered vulnerabilities to DoD. If questions arise, please take no action until that action is discussed with the VDP lead at the Department of Defense Cyber Crime Center (DC3).Position: 14th 2018 Rankhttps://hackerone.com/deptofdefense/thanks/2018