Top 3%
Alin C.

Security Engineer

Outsourcing
9 years
Brasov, ROMANIA
Contact us for this profile
i

Why I'm Top 3%

  • English language proficiency
  • 9 years of industry experience
  • Proficient with agile scrum methods
  • Familiar with security and data privacy
Learn how we hire

My experience

More

SkillValueNovember 2020 - Present

The overall mission is the increase of security posture of this organization. Responsibilities span on 4 areas: governance of data and internal security policies, threat intelligence, secure software development and deployment. Our strategy is to include security controls into every category and to always take security into consideration. Also, the purpose is to switch to a security by design mentality.

Part of responsibilities of this role are:
  • Synchronizing with the development team for hardening the web application.
  • Vulnerability assessments.
  • Penetration tests.
  • Advising regarding best practices in web development and general infrastructure and inclusion of various security tools into the project (SAST, DAST, SIEM).

SKILLS
  • Secure software development lifecycle
  • Team and application access control
  • - following a security maturity model
  • - advisory regarding security best practices
  • Discovery of web vulnerabilities
  • Discovery of infrastructure vulnerabilities
  • Vulnerability management
  • Secure software configuration
  • Architecture of security controls for detective and preventive specific attacks
  • Knowledge of general web attacks and how to respond to them
  • Patch management
  • Threat modeling
  • Management of security tools
  • Data governance
More

COMPANY SPECIALIZED IN LEGAL SERVICESOctober 2019 - Present

Security Engineer.
The security mission for this client is a complex one, with various security topics.
Part of the security services offered to the client includes concepts such as enablingsecurity by design into client’s product, scheduled vulnerability assessments, implementation and management of WAF and SIEM tools.

The accomplishment of such topics includes:
  • Integrating the Kiuwan static code analysis tool into the project and the analysis of its findings.
  • Close collaboration with the development team on decreasing the number of security vulnerabilities residing in the project’s code base.
  • Providing security by design strategy in collaboration with them team, being responsible of decreasing the overall risk the application may face. This process implies assessing current security risks of the application and breaking the application in security features, in order to decrease the natural risk these features have. Every new big feature must undergo a security assessment.
  • The Client has also enabled a recurrent vulnerability assessment. This process presumes configuration of various tools and interpretation of results. Validating the discovered security vulnerabilities was followed by explaining the risk to the development team, alongside the proof of concepts exploits when needed.
  • Doing internal and external penetration tests, resulting in exploit scenarios that the application might be vulnerable to.
  • Holding security awareness meetings with the development team, including explaining various security concepts.
More

Penetration Tester - IBM RomaniaJanuary 2018 - Present

Penetration Tester within a leading cloud platform and cognitive solutions company. Restlessly reinventing since 1911, it is the largest technology and consulting employer in the world, with more than 350,000 employees serving clients in 170 countries. For more than seven decades, IBM Research has defined the future of information technology with more than 3,000 researchers in 12 labs located across six continents.
  • Doing penetration tests on web application, mobile application and network infrastructure.
  • Administering DMZ area, being responsible of implementation and managing high availability (HAProxy, Keepalived) and monitoring (Zabbix) solutions.
  • Gathering experience in multiple communication protocols (HTTP, MQTT) and scripting languages (Bash, Python, LUA).
More

Penetration Tester - Eved EuropeJanuary 2014 - January 2018

Penetration Tester / C# Web Developer within a company specialized in developing software solutions, ranging from complex B2B web applications interacting with various 3rd party systems to small websites powered by modern CMS.
  • Finding security vulnerabilities in company's web application and fixing these issues.
  • Working closely with the team members during the development phase and performing security code reviews.
  • Contribution to various security solutions for the application, few examples being introducing a new modular permission system, implementing a safer login method and password storage (both in PHP and .NET). 
More

Application Packager - IBMJanuary 2013 - January 2014

Application Packager within a leading cloud platform and cognitive solutions company. Restlessly reinventing since 1911, it is the largest technology and consulting employer in the world, with more than 350,000 employees serving clients in 170 countries. For more than seven decades, IBM Research has defined the future of information technology with more than 3,000 researchers in 12 labs located across six continents.
  • Building silent installation packages in a MSI/MST format and performing initial installation testing on various Windows systems before handing off to the client for user acceptance testing. The benefit of this job was getting experience in diverse Windows operating systems and their components, as well as getting acquainted with Visual Basic Script (entry level).

My education and trainings

Master Studies in Cybersecurity, Faculty of Electrical Engineering and Computer Science, Applied Electronics - "Transilvania" University of Brasov.2018 - 2020

Bachelor's Degree in Electrical Engineering and Computer Science, Applied Electronics, Faculty of Electrical Engineering and Computer Science, Applied Electronics - "Transilvania" University of Brasov.2007 - 2011