- Design of a system for distributed network/application scanning based on containerization, postgres, clickhouse, kafka;- Development of core service with Go (gin, gorm, k8s): a scanner containers orchestration service with REST API;- Development of a Java transformer micro-service (WAF virtual patching) to convert the scanner findings to ModSecurity rules;- (in progress) Development of integration tests based on karate+OpenAPI specification

Realized projects:- designing, deployment, support of centralized and managed system of access to prod/dev environment via ssh (forked Teleport)- designing, deployment, support of centralized and managed system of access to privileged web resources via mTLS (forked Pomerium)- designing, deployment, support of centralized and managed system of access to logsRoles and responsibilities:- leading of team of Cloud platform (4 engineers)- leading of team of infrastructure security team (4-7 engineers)- designing secure enterprise systems- development of secure tools

Realized projects:- securing external partners web services integration with IAM system (Ory stack, OpenResty custom Lua scripts) for SSO- managing the automation and implementation of business unit Secure SDLC (GitLab, DefectDojo) to reduce application risksRoles and responsibilities:- leading of team of Secure SDLC automation- designing secure integration of external clients- incident-based security planning and mitigation planning with CISO- interviewing candidates for business unit security positions- improving web security

Realized projects:- IT forensics analysis of data leak incident for malefactor identification- hardening authentication/authorization of software architecture in conjunction with a development team- development of a distributed system based on AWS ES2 nodes (terraform/python AWS API) with TCP-packets exit-node randomization to performing less detectable scans and brute forces: auto deployment from scratchRoles and responsibilities:- reviewing and fixing the security of systems in conjunction with a development team- incident-based security planning and mitigation planning with CISO of two business units- interviewing candidates for business unit security positions- improving infrastructure and web security

Realized projects:- over 30 penetration tests for compliance with PCI/DSS and Central Bank requirements- IT forensics analysis to mitigate malefactor intrusion effects- deploying ElastiFlow in external client's infrastructure for malicious network activity investigating- hardening anti-fraud system (Intellinx) for compliance with PCI/DSS- external clients' applications code review and SAST (android/iOS applications, web applications)Roles and responsibilities:- perform penetration tests to identify security issues and risks, and consulting mitigation plans- evaluate and recommend new and emerging security products and technologies- performing pilot projects of WAF (Imperva, PTAF)

Realized projects:- two ISO 27000 compliance audits (risk assessments)- about 5 penetration tests for external clients- over 20 projects of security audit for compliance with "Federal Law on the protection of personal data" (GDPR-like) based on threat modeling; designing and implementing an appropriate security system (FW appliance, VPN appliance, PKI systems with tokens, AV); develop and interpret security policies and procedures- implementing Symantec Backup solution to backup financial information in remote VDS with local "one-touch" self-destruction system in case of alert- designing and implementing a system of digital rights protection based on MS RMS to secure intellectual property of the external client- development of threats scoring system for automated generation of documents (threat model, security controls for actual threats) based on target system actors and IT assets (PHP, MySQL, JS)Roles and responsibilities:- designing and implementation of security systems for external clients

Realized projects:- over 10 projects of security audits for compliance with "Federal Law on the protection of personal data" (GDPR-like) based on threat modeling; designing and implementing an appropriate security system- about 5 projects of security audits for compliance with "Federal Law on the protection of confidential data"Roles and responsibilities:- designing and implementation of security systems for external clients

Realized projects:- development of an automated self-update mechanism for the rich client using any type of connection (Ethernet, dial-up) to minimize the participation of pharmacies employee (Visual FoxPro, Perl)- developing embedded editor of scanned drug licenses for warehouse employees to increasing speed of processing of incoming drugs- implementing developed pharmacy soft in the whole region (over 100 drug stores) including network deploymentRoles and responsibilities:- development of pharmacy applications (Visual FoxPro/SQL, C++ WinApi, Perl)- development of analytics interfaces for managers- managing group of 3 developers to implement client-side in pharmacies

Roles and responsibilities:- troubleshooting network issues of users- montage of networks