An experienced AppSec analyst for a various development teams, a reliable partner for colleagues, a sociable and cheerful fellow, and just a good man.A few facts about me:* I work primarily for pleasure and to satisfy internal goals* I try not to stand still and constantly improve myself as a specialist* I quickly complete any assigned work without losing the quality of the result* In my spare time I enjoy powerlifting and studying the pseudoscience of memology
-
Lead Application SecurityОоо "Сигма" Sep 2024 - Present -
Senior Application Security AnalystОоо "Сигма" Apr 2023 - Aug 2024Дополнительно выполняемые задачи / обязанности / навыки:- регламентация и улучшение процессов безопасной разработки- анализ open source ПО окружения / анализ доверия- автоматизация рутинных задач
-
Application Security AnalystОоо "Сигма" Sep 2022 - Mar 2023Внедрение SSDLC практик в команды разработки. Виды работ:- архитектурный контроль и контроль реализации требований по безопасности- анализ уязвимостей- обучение команд разработки (security champions)Анализ уязвимостей / триаж:- SAST (appScreener)- SCA (Dependency Track)- CA (Trivy)- DAST (ZAP)- MAST (Стингрей)
-
ExpertNw Echelon Oct 2019 - Sep 2022Saint Petersburg, RussiaWork in a testing lab (certification systems of FSTEC of Russia and the Russian Ministry of Defense). The main task is to conduct certification tests of information security tools and application software, that is, a complete security check of a software product (search for vulnerabilities, penetration testing, functional testing), analysis of product documentation (checking the compliance of the description with reality) and verification of the developer’s production.Performing the full range of tasks from deploying a stand with software, selecting and setting up testing tools, to direct automated and manual testing, analyzing and marking results and preparing reports.Types of testing performed and tools used: – functional testing– static analysis: sonarqube, svace+svacer, ak-vs2, console linters and analyzers (cppcheck, shellcheck, pylint and others)– fuzzing testing: afl, restler, radamsa– search for vulnerabilities : owasp zap / burp suite, scanner-vs, nessus, dependency check– penetration testing: kali linux, metasploitable, scapy, wireshark, scanner-vsAdditional tasks/skills:– development of scripts and development of testing tools (python, bash, js)– working with JSON RPC and REST API (Swagger)– using OWASP top 10 during pentesting– functional testing of virtualization tools, firewall, IDS/IPS, access control systems, web and desktop applications, antivirus tools– deployment and work with proxmox– development and analysis of documentation for secure software development systems (GOST 56939, best practices SSDLC)– work with documentation (development of programs and test methods, preparation of reporting documents and conclusions based on testing results, development of product documentation). Confident use of office tools to accurately display work results– conducting an internal audit of the information security management system in accordance with GOST 27000
Denis Pavlov Education Details
-
4.6 -
4.7
Frequently Asked Questions about Denis Pavlov
What company does Denis Pavlov work for?
Denis Pavlov works for Ооо "сигма"
What is Denis Pavlov's role at the current company?
Denis Pavlov's current role is AppSec Expert.
What schools did Denis Pavlov attend?
Denis Pavlov attended Университет Итмо, Университет Итмо.
Not the Denis Pavlov you were looking for?
-
1gmail.com -
-
Denis Pavlov
Technical Director & Founder (Wastewater Treatment And Reuse) – Transnational Ecological ProjectMoscow -
Free Chrome Extension
Find emails, phones & company data instantly
Aero Online
Your AI prospecting assistant
Select data to include:
0 records × $0.02 per record
Download 750 million emails and 100 million phone numbers
Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.
Start your free trial