Experience

R-Vision

• Software Development

• Head of Application Security

  • Oct 2020 - Present

  SCA integrations Writing custom programs for automations of security checks Integration of DefectDojo Organization of fuzzing testing (jsfuzz, hongfuzz, cargofuzz, afl) Validate and review reports of automation testings GitLab CI/CD pipelines Organization work of application security team into company Integration of SemGrep to pipeline, some customizations of rules SCA integrations Writing custom programs for automations of security checks Integration of DefectDojo Organization of fuzzing testing (jsfuzz, hongfuzz, cargofuzz, afl) Validate and review reports of automation testings GitLab CI/CD pipelines Organization work of application security team into company Integration of SemGrep to pipeline, some customizations of rules



Timebook Ltd

• Russian Federation
• Technology, Information and Internet
• 1 - 100 Employee

• IT Security Specialist

  • 2017 - Oct 2020

  nformation systems compliance for 152 Russian Federal Law "Personal Data" (development and writing of policies, regulations and instructions) Reconstruction of network (integration Firewall, IPS, dividing the network into vlans, organization of IPSec and remote access) some administration of Linux Servers (iptables, user management, auditd) install and setting open source HIDS monitor system (ELK based). In this case HIDS used OpenSCAP for Vulnerability monitoring. integration and support of OWASP ZAP security tests for regression tests. (using python API). Review and checking alerts of reports. Review and meet of web application architecture with Team Leads Pentesting of company web application consulting CISO about integration of GDPO Compliance. Integration DefectDojo to LDAP and with scan scripts Writing and edit Dockerfiles and docker-compose.yml files for automation of tests Setup and setting SonarQube Show less



ООО Лаборатория информационных систем

• Russian Federation
• IT Services and IT Consulting
• 1 - 100 Employee

• IT Security

  • Oct 2014 - 2017

  development documentation of 152 Russian Federal Law "Personal data" and other regulatory requirements for Personal data and security of Goverment information systems audit of complience of the customers development of threats model and technical specification integration and setting of security tools for customers development documentation of 152 Russian Federal Law "Personal data" and other regulatory requirements for Personal data and security of Goverment information systems audit of complience of the customers development of threats model and technical specification integration and setting of security tools for customers



ОАО "АКБ САРОВБИЗНЕСБАНК"

• Специалист по информационной безопасности

  • Nov 2013 - Oct 2014

  поддержание системы защиты банка, разработка и внедрение организационных мер, проведение расследований инцидентов информационной безопасности, проведение внутренних проверок, инструктаж пользователей в области информационной безопасности, разработка документации по информационной безопасности в соответствии с требования ЦБ РФ (СТО БР ИББС, 382-П) поддержание системы защиты банка, разработка и внедрение организационных мер, проведение расследований инцидентов информационной безопасности, проведение внутренних проверок, инструктаж пользователей в области информационной безопасности, разработка документации по информационной безопасности в соответствии с требования ЦБ РФ (СТО БР ИББС, 382-П)