I joined the team of the newly created DevSecOps department. My responsibilities included integrating security tools into the development process and implementing the DevSecOps concept. I advised teams on building secure development processes and implementing information security tools in terms of AppSec. In addition, the responsibilities of my team included auditing the infrastructure of product teams and participating in code reviews.As a result, various security tools were introduced into the development processes of product teams using internal Gitlab-actions of the company: SonarQube, bandit, trufflehog, trivy, grype and etc. I piloted a Checkmarx SAST implementation and set up its integration with GitLab and Jira. Some projects have been penetration tested using Burp Suite and Kali Linux. Using the identified vulnerabilities in projects, our team held meetups within the company with examples of exploitation. Participated in the investigation of information security incidents.DevSecOps, Incident Response, SSDLC, SAST, IAST, SCA, Pentest, Burp Suite, Kali Linux, OWASP, SonarQube, Vulnerability management, Python, C#

I was hired as a DevSecOps engineer for a company that specialized in building DevOps and DevSecOps processes for third party clients. After a year of work, a small information security department was formed and I was appointed its head. My responsibilities included both engineering and administrative functions. I participated in the creation of S-SDLC stands with an emphasis on various information security solutions (SAST, SCA, Vulnerability management, Container security and etc). Gained experience with tools for building a development pipeline (Docker, GitLab, Kubernetes, Ansible, HashiCorp Vault, Apache Kafka). In addition, I developed regulatory documentation for client companies: the concept of DevSecOps, Incident Response, Incident Recovery, Disaster Recovery.My administrative activities included: the formation of technical specifications and commercial proposals for client companies, the successful licensing of the company's activities for working with cryptographic information protection tools in the Federal Security Service of the Russian Federation, conducting training seminars in large retail companies, preparing and conducting presentations in the field of DevSecOps and security K8s. As a result, projects were successfully implemented in various areas: retail, finance and etc.DevSecOps, S-SDLC, Docker, K8s, SAST (Checkmarx, PT Application Inspector), SCA, Astra Linux, Ansible, Apache Kafka, GitLab, Vault, DefectDojo, Pre-sale, DoD Enterprise DevSecOps

The company was engaged in processing and this was my first experience with PCI DSS requirements. As the only information security specialist in the company, my responsibilities included ensuring compliance with PCI DSS requirements and maintaining the overall level of information security in the company. I have trained employees on topics such as: general security (like phishing, red team tricks), OWASP Top 10, examples of secure development. Started implementing the DevSecOps concept. My responsibilities included: keeping up to date and developing policies and procedures to comply with PCI DSS requirements, conducting an internal audit of the company for compliance with PD protection requirements (similar to GDPR), finalizing internal projects to protect against fraud (Antifraud), setting up an ELK stack to build monitoring systems using IDS, administration of information security tools (Nessus, Suricata, Wazuh).As a result, I developed and implemented regulatory policies and procedures for the protection of personal data, successfully passed audits for compliance with PCI DSS requirements, and improved the monitoring system in terms of information security.Python, Debian, CentOS, (Elasticsearch + Logstash + Kibana), Suricata, Wazuh, Gitlab, Nessus, OWASP top10, Compliance PCI DSS, Antifraud, Audit, Incident Response, Incident Recovery, Disaster Recovery, DevSecOps

It was my first experience in the field of information security. After working in the federal data center, I was transferred to the company's head office. My department was responsible for the coordinated work of all information security departments of the FKU "Nalog-service" of the Federal Tax Service of the Russian Federation in 11 time zones throughout the country. During my work, I gained rich experience in working with the regulatory documentation of Russian regulators such as the Federal Security Service, Roskomnadzor and the Federal Service for Technical and Export Control. In addition, I participated in the investigation of information security incidents, audited offices for compliance with personal data protection requirements (similar to GDPR), administered cryptographic information protection tools, adapted CIS Benchmarks recommendations for internal services, automated work with reports and Active Directory using PowerShell.

While still a student, I was hired as a full-time QA engineer. The 1C-KSU company specialized in the implementation of corporate information systems on the 1C-enterprise platform and is a subsidiary of 1C. My responsibilities included administration of test servers based on Windows OS, testing new infobase configurations and developing automated testing scenarios using the 1C programming language and PowerShell. As a result, the use of my scripts has reduced the testing time for new releases by more than 5 times.