Alexander Terekhin

Senior Cloud Security Engineer at Form3
  • Claim this Profile
Contact Information
us****@****om
(386) 825-5501
Location
Portugal, PT
Languages
  • English Full professional proficiency
  • Russian Native or bilingual proficiency

Topline Score

Topline score feature will be out soon.

Bio

Generated by
Topline AI

You need to have a working account to view this content.
Join now
You need to have a working account to view this content.
Join now

Credentials

  • Cisco Certified Network Associate Routing and Switching (CCNA)
    Cisco
    Feb, 2015
    - Nov, 2024
  • Cisco Certified Network Associate Security (CCNA)
    Cisco
    Sep, 2017
    - Nov, 2024

Experience

  • Form3
    • United Kingdom
    • Financial Services
    • 200 - 300 Employee
    • Senior Cloud Security Engineer
      • Apr 2022 - Present

      - Threat modelling for projects - Information Security guidance for R&D teams - Implementing best security practices for public clouds - Cloud Security Posture Management - IAM for public clouds - Internal security tools development in Golang - Container security (images, infrastructure, runtime security) - Strategic research on overall security level improvement - Threat modelling for projects - Information Security guidance for R&D teams - Implementing best security practices for public clouds - Cloud Security Posture Management - IAM for public clouds - Internal security tools development in Golang - Container security (images, infrastructure, runtime security) - Strategic research on overall security level improvement

  • Defined.ai
    • United States
    • Information Technology & Services
    • 100 - 200 Employee
    • Senior DevSecOps
      • Jun 2021 - Apr 2022

      - DevSecOps culture cultivation - Secrets management process implementation - Security check pipelines development - Public cloud security management - SIEM configuration Working with technologies: - Azure cloud (VMs, AKS, DBs, etc) - Azure DevOps services (Boards, Repos, Pipelines) - Powershell - Terraform - Microsoft Defender for Cloud (security posture, DB, ACR, K8S vulnerability scanning) - Microsoft Sentinel (data sources configuration, analytics rules… Show more - DevSecOps culture cultivation - Secrets management process implementation - Security check pipelines development - Public cloud security management - SIEM configuration Working with technologies: - Azure cloud (VMs, AKS, DBs, etc) - Azure DevOps services (Boards, Repos, Pipelines) - Powershell - Terraform - Microsoft Defender for Cloud (security posture, DB, ACR, K8S vulnerability scanning) - Microsoft Sentinel (data sources configuration, analytics rules development based on KQL) Show less - DevSecOps culture cultivation - Secrets management process implementation - Security check pipelines development - Public cloud security management - SIEM configuration Working with technologies: - Azure cloud (VMs, AKS, DBs, etc) - Azure DevOps services (Boards, Repos, Pipelines) - Powershell - Terraform - Microsoft Defender for Cloud (security posture, DB, ACR, K8S vulnerability scanning) - Microsoft Sentinel (data sources configuration, analytics rules… Show more - DevSecOps culture cultivation - Secrets management process implementation - Security check pipelines development - Public cloud security management - SIEM configuration Working with technologies: - Azure cloud (VMs, AKS, DBs, etc) - Azure DevOps services (Boards, Repos, Pipelines) - Powershell - Terraform - Microsoft Defender for Cloud (security posture, DB, ACR, K8S vulnerability scanning) - Microsoft Sentinel (data sources configuration, analytics rules development based on KQL) Show less

  • SberMarket
    • Russian Federation
    • Technology, Information and Internet
    • 500 - 600 Employee
    • Senior DevSecOps
      • Dec 2020 - May 2021

      - DevSecOps Team leadership - Secrets management process implementation - Hashicorp Vault clusters installation (in K8S), configuration and maintenance - DevSecOps principles introduction - Software security requirements management according to OWASP ASVS - Gitlab pipelines development for security testing (SAST, DAST) - Terraform modules development - IaC automation for Gitlab, Vault, K8S configuration in public cloud - Secrets delivery to K8S using Hashicorp Vault -… Show more - DevSecOps Team leadership - Secrets management process implementation - Hashicorp Vault clusters installation (in K8S), configuration and maintenance - DevSecOps principles introduction - Software security requirements management according to OWASP ASVS - Gitlab pipelines development for security testing (SAST, DAST) - Terraform modules development - IaC automation for Gitlab, Vault, K8S configuration in public cloud - Secrets delivery to K8S using Hashicorp Vault - Mutating Webhooks, etc Achievements: - Hashicorp Vault clusters have been installed and fully configured inside K8S - Vault configuration has been automated using Terraform and Gitlab pipelines - Pipelines for SAST and DAST have been delivered and turned on for code repositories - Secrets management in K8S has been fully automated for application delivery using Banzai cloud solutions - New principles for DevSecOps have been provided to developers Show less - DevSecOps Team leadership - Secrets management process implementation - Hashicorp Vault clusters installation (in K8S), configuration and maintenance - DevSecOps principles introduction - Software security requirements management according to OWASP ASVS - Gitlab pipelines development for security testing (SAST, DAST) - Terraform modules development - IaC automation for Gitlab, Vault, K8S configuration in public cloud - Secrets delivery to K8S using Hashicorp Vault -… Show more - DevSecOps Team leadership - Secrets management process implementation - Hashicorp Vault clusters installation (in K8S), configuration and maintenance - DevSecOps principles introduction - Software security requirements management according to OWASP ASVS - Gitlab pipelines development for security testing (SAST, DAST) - Terraform modules development - IaC automation for Gitlab, Vault, K8S configuration in public cloud - Secrets delivery to K8S using Hashicorp Vault - Mutating Webhooks, etc Achievements: - Hashicorp Vault clusters have been installed and fully configured inside K8S - Vault configuration has been automated using Terraform and Gitlab pipelines - Pipelines for SAST and DAST have been delivered and turned on for code repositories - Secrets management in K8S has been fully automated for application delivery using Banzai cloud solutions - New principles for DevSecOps have been provided to developers Show less

  • Profee.Lab
    • Russian Federation
    • Strategic Management Services
    • 1 - 100 Employee
    • Information Technology Operations Manager
      • Aug 2016 - Nov 2020

      Responsible for: - IT systems operation (building private cloud on vSphere, global load balancing) - DevOps principles implementation (Scrum planning, daily events, automation, etc) - IT Operations department (10+ people) management - Hiring new specialists - change management introducing - business continuity management (incident management and disaster recovery planning) - new technologies research - improving performance of current systems - Information… Show more Responsible for: - IT systems operation (building private cloud on vSphere, global load balancing) - DevOps principles implementation (Scrum planning, daily events, automation, etc) - IT Operations department (10+ people) management - Hiring new specialists - change management introducing - business continuity management (incident management and disaster recovery planning) - new technologies research - improving performance of current systems - Information security strategy - vulnerability management - DevSecOps cultivation (implementing SAST for Java, JavaScript; SonarQube integration; NPM audit; Web application security) - Implementing IT security best practices - Maintaining PCI DSS certification Achievements: - private cloud made (all around - hardware, software, procedures) with built-in high-availability, high performance using vSphere - Deployment system integrated for in-house made Java applications (Teamcity, automation scripts) - 3 projects populated on private cloud (1 project natively in containers on Kubernetes) - DevSecOps initiative launched - PCI DSS certification achieved From technical perspective of view worked with: - developing CI/CD pipelines in Teamcity - Docker containers building (Java, Node.js) - Git working experience (Bitbucket server) - Kubernetes deployment pipelines developing - Hashicorp Vault implementation - SCM Puppet with Foreman usage Show less Responsible for: - IT systems operation (building private cloud on vSphere, global load balancing) - DevOps principles implementation (Scrum planning, daily events, automation, etc) - IT Operations department (10+ people) management - Hiring new specialists - change management introducing - business continuity management (incident management and disaster recovery planning) - new technologies research - improving performance of current systems - Information… Show more Responsible for: - IT systems operation (building private cloud on vSphere, global load balancing) - DevOps principles implementation (Scrum planning, daily events, automation, etc) - IT Operations department (10+ people) management - Hiring new specialists - change management introducing - business continuity management (incident management and disaster recovery planning) - new technologies research - improving performance of current systems - Information security strategy - vulnerability management - DevSecOps cultivation (implementing SAST for Java, JavaScript; SonarQube integration; NPM audit; Web application security) - Implementing IT security best practices - Maintaining PCI DSS certification Achievements: - private cloud made (all around - hardware, software, procedures) with built-in high-availability, high performance using vSphere - Deployment system integrated for in-house made Java applications (Teamcity, automation scripts) - 3 projects populated on private cloud (1 project natively in containers on Kubernetes) - DevSecOps initiative launched - PCI DSS certification achieved From technical perspective of view worked with: - developing CI/CD pipelines in Teamcity - Docker containers building (Java, Node.js) - Git working experience (Bitbucket server) - Kubernetes deployment pipelines developing - Hashicorp Vault implementation - SCM Puppet with Foreman usage Show less

  • Paysend
    • United Kingdom
    • Financial Services
    • 200 - 300 Employee
    • Information Security Manager
      • Jan 2014 - Jul 2016

      Responsible for: - information security strategy (for e-wallet system and payment card processing) - business continuity management - work planning - PCI DSS maintaining - information security policies development - internal audit Made a lot of work for building information security program in company and maintaining high level of security for payment e-wallet and payment cards processing systems including organizational, technical works Implemented internal… Show more Responsible for: - information security strategy (for e-wallet system and payment card processing) - business continuity management - work planning - PCI DSS maintaining - information security policies development - internal audit Made a lot of work for building information security program in company and maintaining high level of security for payment e-wallet and payment cards processing systems including organizational, technical works Implemented internal information security audit program Strong authentication system was created and right management process was introduced Vulnerability and incident management processes were implemented Change management process was applied Achieved Service Provider Level 1 PCI DSS certification and conducted yearly audits and mandatory works Show less Responsible for: - information security strategy (for e-wallet system and payment card processing) - business continuity management - work planning - PCI DSS maintaining - information security policies development - internal audit Made a lot of work for building information security program in company and maintaining high level of security for payment e-wallet and payment cards processing systems including organizational, technical works Implemented internal… Show more Responsible for: - information security strategy (for e-wallet system and payment card processing) - business continuity management - work planning - PCI DSS maintaining - information security policies development - internal audit Made a lot of work for building information security program in company and maintaining high level of security for payment e-wallet and payment cards processing systems including organizational, technical works Implemented internal information security audit program Strong authentication system was created and right management process was introduced Vulnerability and incident management processes were implemented Change management process was applied Achieved Service Provider Level 1 PCI DSS certification and conducted yearly audits and mandatory works Show less

  • LAMODA
    • United Kingdom
    • Retail Apparel and Fashion
    • 1 - 100 Employee
    • Information Technology Security Specialist
      • Sep 2013 - Jan 2014

      Responsible for: - information security systems administration - network security - implementation of dedicated Active Directory for InfoSec department (GPO, OS hardening) - network security scanning (Nessus) - internal systems security audit (wide range of systems including databases, python applications, CI/CD systems, warehouse systems, etc) - system rights audit, blackbox/graybox scanning, internal network penetration testing Achievements: - created separate AD… Show more Responsible for: - information security systems administration - network security - implementation of dedicated Active Directory for InfoSec department (GPO, OS hardening) - network security scanning (Nessus) - internal systems security audit (wide range of systems including databases, python applications, CI/CD systems, warehouse systems, etc) - system rights audit, blackbox/graybox scanning, internal network penetration testing Achievements: - created separate AD domain for InfoSec department - conducted internal security audits - some critical vulnerabilities found and fixed Show less Responsible for: - information security systems administration - network security - implementation of dedicated Active Directory for InfoSec department (GPO, OS hardening) - network security scanning (Nessus) - internal systems security audit (wide range of systems including databases, python applications, CI/CD systems, warehouse systems, etc) - system rights audit, blackbox/graybox scanning, internal network penetration testing Achievements: - created separate AD… Show more Responsible for: - information security systems administration - network security - implementation of dedicated Active Directory for InfoSec department (GPO, OS hardening) - network security scanning (Nessus) - internal systems security audit (wide range of systems including databases, python applications, CI/CD systems, warehouse systems, etc) - system rights audit, blackbox/graybox scanning, internal network penetration testing Achievements: - created separate AD domain for InfoSec department - conducted internal security audits - some critical vulnerabilities found and fixed Show less

  • Qiwi
    • Russian Federation
    • Financial Services
    • 700 & Above Employee
    • Information Technology Security Specialist
      • Aug 2011 - Aug 2013

      Responsible for: - information security systems administration - integration and administration of network security services (Cisco/Stonesoft-Forcepoint/Checkpoint firewalls, IPS, configuration of Dynamic ARP Inspection, 802.1X auth, port-security, etc) - Building authentication system (based on Microsoft Active Directory, connecting Linux hosts to AD using pam-ldap) - OS security hardening (AD domain hardening, GPO, RMS, SMB signing; Linux kernel hardening via sysctl) - network… Show more Responsible for: - information security systems administration - integration and administration of network security services (Cisco/Stonesoft-Forcepoint/Checkpoint firewalls, IPS, configuration of Dynamic ARP Inspection, 802.1X auth, port-security, etc) - Building authentication system (based on Microsoft Active Directory, connecting Linux hosts to AD using pam-ldap) - OS security hardening (AD domain hardening, GPO, RMS, SMB signing; Linux kernel hardening via sysctl) - network security scans (Nessus, Qualys) - developing configuration standards for Firewalls, IPS, web servers, hardware, etc - maintaining PCI DSS certification (collaboration with auditors, doing periodical activities needed by standard) Achievements: - new architecture with built-in security was implemented - security system created from the ground (firewalls, IPS, authentication implemented) - overall security level increase from inside and outside perimeter perspective - PCI DSS certification (service provider level 1) was achieved and maintained

    • Fraud Prevention Specialist
      • Feb 2010 - Aug 2011

      Fraud monitoring for different systems inside QIWI Ltd including e-commerce, kiosks fraud prevention. Participated in e-commerce Fraud prevention system creation. My duties were: current situation monitoring, detecting payment anomalies in processing, fraud schemes analysis, blacklisting and prevention. Also I used to: - create fraud prevention dashboards (for example current amount of payments, summary of anomalies, etc); - low-level work with database - writing SQL queries to… Show more Fraud monitoring for different systems inside QIWI Ltd including e-commerce, kiosks fraud prevention. Participated in e-commerce Fraud prevention system creation. My duties were: current situation monitoring, detecting payment anomalies in processing, fraud schemes analysis, blacklisting and prevention. Also I used to: - create fraud prevention dashboards (for example current amount of payments, summary of anomalies, etc); - low-level work with database - writing SQL queries to Oracle DB regarding different objects like payment kiosks, e-wallets, payment cards, etc; - creating and processing security checks to/from payment card Issuers

Education

  • National Research Nuclear University MEPhI (Moscow Engineering Physics Institute)
    Master of Technology - MTech, Computer and Information Systems Security/Information Assurance
    2006 - 2011
  • Национальный Исследовательский Ядерный Университет "МИФИ"
    Диплом специалиста по инженерной специальности, Безопасность компьютерных и информационных систем/защита информации
    2006 - 2011

Community

You need to have a working account to view this content. Click here to join now