As part of the role I am leading a team of security architects and automation engineers responsible on end-to-end technological governance of the company’s Secure Development Lifecycle (SDL)- Security activities planning as part of development organization product planning- Secure design and threat modelling for the products of various deployment types: on premise products, cloud and SaaS deployed products as well as complex hybrid solutions.- Support and configuration of security tools and scanners (SAST, DAST, CSA)- CI/CD integrations, pipeline optimization- Source control monitoring- Penetration testing planning and result analysis- Vulnerability handling - Incident response- Metrics, KPI and operational dashboard The team and I am providing technical support in compliance efforts: ISO 27001, PCI DSS, customers’ assessments and RFPs.In the position I led development of a few frameworks:- Risk based change management in complex SaaS systems- Security architecture design review for new microservices and infrastructure components- Dependencies analysis and CVE prioritization - DevOps pipelines optimization according to DevSecOps methodology

- Micro Focus Application Delivery Management Product Group Security Lead and Chief Security Architect As a part of the role I was covering security aspects in ADM portfolio ( including ALM/Quality Center, , LoadRunner products family, UFT products family, Silk products family, StarTeam and other products developed and supported in Micro Focus ADM organization) and providing continuous security governance to the product teams including design review, threat modeling, mentoring, incident response and other secure development aspects. Also held a significant part with the ISO 27034 and 27001 and SOC2 certification for the business group.In the last years I was building secure design and running threat modeling on the products of various deployment types: legacy on premise products, cloud and SaaS deployed products as well as complex hybrid solutions.The main part of my current role is studying different compliance requirements, analyzing gaps in the current product implementations and creating development requirements on top of the analysis. Most recent projects being FedRAMP and GDPR gap analysis.The latest projects include development, maintenance and adoption of organization frameworks and maturity models in following disciplines: SDL, Privacy and Cloud Security.

As part of the role I was covering all product security aspects in ADM portfolioand providing continuous security governance to the product teams including design review, mentoring, incident response and other secure development aspects. Also held a significant part with the ISO 27034 and 27001 and SOC 2 certifications for the business unit, covering end to end SDL implementation in the product development.I was building secure design and running threat modelling on the products of various deployment types: legacy on premise products, cloud (both AWS and Azure) and SaaS deployed products as well as complex hybrid solutions.The main part of the role was studying different compliancy requirements, analyzing gaps in the current product implementations and creating development requirements on top of the analysis – some of them: FedRAMP and GDPR gap analysis.The projects included development, maintenance and adoption of organization frameworks and maturity models in following disciplines: SDL, Privacy and Cloud Security.In the position I run a few technical researches in container security and secret management (Docker, Kubernetes, HashiCorp Vault). - Technical manager of HPE ALM/Quality Security Center of Excellence (SCoE) - defining security research priorities and techniques, reviewing penetration test results, collaborating on mitigation plan, running design and architecture reviews, providing incident response and supporting business requests ( RFP, audit requests, privacy assessment etc.)

System Architect in Application Lifecycle Management ( HPE Quality Center) department, responsible for product infrastructure, deployment, hardening, supported and recommended environments, the product security aspects ( penetration test results analysis, mitigation plan definition and implementation, incident response and business requests support ) , collaboration and later technical management of HPE ALM/QC Security Center of Excellence ( SCoE) team

Mercury Business Availability Center, Customer Oriented RnD team, technical lead for data collectors and monitoring tools.Supporting and resolving high-profile customer escalations, providing training for support, presales and professional services about product new features and troubleshooting.Team knowledge management and new employees mentoring.

QuickTest Professional department, Web package development. Technical lead for new technologies adoption and development of SapGui, Siebel packages in QTP.Research of new technologies, mentoring of new employees

Development of material specification for designing and production departments of heavy machinery concern AzovMash, development and supportof system for calculations of lifting machines load, development and support of system for rail constructions calculation and design.Research of new technologies and knowledge management