Application Security Lead - Arctiq (April 2023 - Present)
Leading the Application Security division focused around operationalizing and automating DevSecOps best practises for enterprise customers.
DevSecOps Engineer - Arctiq (February 2022 - March 2023)
- Developed the end-to-end SDLC flow for integrating application security
- Adapted the GitFlow to account for AppSec scanning during the development and.deployment phases through pre commit configurations
- Increased visibility through Azure DevOps ticketing integration to notify the appropriate party based on the content of the issue at hand
- Participated through an APM tool migration from New Relic to Dynatrace measuring RedHat OpenShift application performance
- Used Terraform to create the necessary configurations within Dynatrace to ensure a smooth migration of all alerts and notification policies
- Developed a GitHub Actions pipeline to encapsulate governance and automation to Dynatrace configuration for application and SRE team’s. The pipeline was responsible to validate the terraform Dynatrace configuration, collect required approvals, and push the configuration to the Dynatrace production tenant
- Using terraform and Python, created custom configuration within Dynatrace to collect response time metrics per method/URI and visualize in a dashboard. Python was used to automate the terraform script created based on the hundreds of methods/URI’s in-scope
- Participated in numerous pre-sales events, RFP responses, and client negotiations to continue the company growth
- Focused on building the application security practise within Arctiq through partnering with key vendors, enhancing internal sales team AppSec competence and being the go to person for any AppSec related questions
Risk Consulting - Cyber Security - EY (January 2020 - February 2022)
- Participated in a Customer Authentication Modernization project for one ofthe Big 5 Canadian banks to identify and implement a new cloud hosted authentication solution (Okta/Auth0/Transmit) through performing a current state assessment, designing the future state, and developing a PoC based on Bank's use cases
- Developed custom registration/login pages using Angular and integrated the Okta API to achieve a PKCE authentication flow and presented the result to key executives for further evaluation of the solution
- Created, implemented, and presented a detailed architecture diagram and PoC of a FIDO2 authentication flow using WebAuthN to educate the client on the security benefits of going to a password less state• Matured a DEMO for a potential client by showcasing Okta's Federation capabilities through integrating a third party IdP with Okta through a SAML authentication flow, which resulted in a successful signing of a CIAM strategy engagement
- Successfully managed a team of off-shore and on-shore resources to develop an internal iOS application served as a DEMO to potential clients focused around customer authentication and identity verification• Reduced the number of application vulnerabilities identified by Fortify from 9000 to 2000 (by 78%), which allowed us to operationalize/automate application security scanning within their SDLC through quality gates
- Participated in a high profile CyberArk integration and onboarding project for a company in the Insurance industry by developing CyberArk PSM connectors using AutoIt for various database clients and internal custom Java applications
Information Security Analyst - TD (May 2018-December 2019)
- Replaced 3 incomplete access model procedures to decrease processing times and access footprint for application support teams
- Remediated issues raised by internal audit to ensure compliance with external (SOX) and internal cybersecurity regulations
- Provided risk analysis and access verification for production change requests to ensure smooth application deployments or upgrades
- Assisted in CyberArk implementation and account onboarding to ensure the security of people and service accounts of critical systems
- Developed 4 new intake forms through Confluence/ConfiForms to increase provisioning efficiency and decrease ticket turnover time
.png)
