DevOps - 22119 Outstaffing

Posted more than 30 days ago
Specialization: DevOps
Open to offers now
Ukraine
Kyiv, Kharkiv, Lviv, Odesa, Dnipro
More than 5 years
Intermediate
Considering options
Full-time office work
Part-time work
Remote work (full-time)
Freelance (one-time projects)
Relocate
6+ years experienced Penetration Tester and Security Engineer.

6+ years experienced Penetration Tester and Security Engineer.

 

DevOps and SecDevOps skills with the orientation to the security.

Advanced knowledge of Linux administration, Web-servers administration, LAMP stack, Penetration testing techniques and methodologies.

Fluent use of vulnerability scanners, Linux and Windows scanners, network traffic monitoring tools. Good knowledge of cloud services like AWS and Azure, Elastic stack skills.

Experienced in security testing of technologies related to cryptocurrencies: blockchain, smart contracts, tokens, bridges.

Use logical and methodical approach to achieving tasks and objectives; able to build and implement sophisticated plans; determined and decisive; use initiative to meet and resolve challenges.

Mother tongue – Ukrainian.

Fluent Russian, fluent English.

Programming Languages/ Technologies

§ Python

§ Bash

§ Php

§ Javascript

§ JavaEE

§ Ruby

§ C

§ C++

§ SaaS/SOA/RIA Research & Development

§ SIEM

§ Technical Documentation/Penetration Testing Reports/Proposals

 

RDBMS

§ My SQL

§ PostgreSQL

§ SQLite

 

Methodologies

§ OWASP

§ NIST

 

Operating Systems

§ Microsoft Windows 95/ 98/ 2000/ XP/ 2003 Server/ Vista / 7/8/10

§ Kali Linux

§ Ubuntu

§ CentOS

 

 

Virtualization environments

§ VMWare

§ VirtualBox

§ OpenStack

 

Hardware

§ Network technologies

§ Different technological device

Application/Web Servers

§ Nginx

§ Php-fpm

§ Tomcat

§ IIS

§ Apache

§ Redis

§ Active Directory

§ DNS

§ DHCP

§ SNMP

§ SMB

 

Development Tools

§ Ansible (basic)

§ AWS/Kubernetes

§ Azure

§ Docker

§ Jenkins

§ GitLab

§ Git

§ CI/CD

§ Openshift

 

Testing Tools

§ Nmap

§ Nikto

§ Burp Suite

§ OWASP ZAP

§ Nessus

§ Wireshark

§ Maltego

§ Sqlmap

§ Gobuster

§ Metasploit

§ Cloudflare

 

Other technologies

§ Blockchain

§ Smart contracts

§ Bridges for cryptocurrencies

 

Experience
Security Engineer
SMM company
December 2020

Administration of the website on AWS Kubernetes, which uses nginx, php-fpm, mysql. Control of resources in use and it’s optimization. Azure deployment


- testing security of the website

- optimizing mysql

- configuring dns records for main domain and subdomains

- controlling memory flows

- configuring


4 team members

Nginx, php-fpm, mysql, redis, DNS, Kubernetes, Jenkins, Zabbix


Penetration Tester
Estonian company
October 2020 - December 2020

During a penetration test of cryptocurrency website, a critical vulnerability was found. This vulnerability allowed to get all confidential information about the users, including emails, wallets and balances, etc. knowing user ID. The vulnerability was amplified with the fact that it was easy to generate all possible IDs with own written script. Our team helped to fix this vulnerability as soon as it was found.


- analyze the system and prepare scope of work

- gather information about the system

- check used services and their versions

- find exploits for these services

- test api and requests to the server

- get access to the database

- prepare a detailed report on found vulnerabilities including executive summary, risk level of each vulnerability and recommendations on how to fix them.

Curl, Burp Suite, Requests interception, modification, injections of malicious code, own written bash script to brute force user ID values.


Security Engineer
Australian company
July 2020 - August 2020

An enterprise company requested DDoS protection and full security audit of the website on AWS managed with Kubernetes. At the time of DDoS attacks Kubernetes scaled used resources up to 8 servers. However, even this scaling did not help agains the attacks. So our team has configured proper security rules, managed WAF and firewall and has written own solution. After this complex approach any attack could not harm the system.


- external threat modeling

- information gathering

- testing AWS security groups

- identity and access management

- test data protection

- internal threat modeling

- web app code review

- communication with client's security engineer

- generating a report with executive summary, risk level of each vulnerability and recommendations on how to fix them


AWS, Kubernetes, Openshift, Cloudflare, WAF, firewall, own solution written in php.


Security Engineer
Canadian company
December 2019 - June 2020

A website of an e-commerce company.


- external threat modeling

- information gathering

- analyzing logs

- performance monitoring

- testing production environments

- identity and access management

- test data protection

 internal threat modeling

- communication with client's security engineer

- generating a report with executive summary, risk level of each vulnerability and recommendations on how to fix them


Cloudflare, WAF, firewall, own solution written in php, Zabbix, Burp Suite.


System Administrator
Estonian software development company
2019 - 2019

An internal network of a software development company.


- analyzing internal network traffic

- security testing of devices in the network

- analyzing logs

- performance monitoring

- testing production environments

- test data protection

 communication with client's security engineer

 generating a report with executive summary, risk level of each vulnerability and recommendations on how to fix them


WAF, firewall, Zabbix, Burp Suite, Nmap, Wireshark.


Site Reliability Engineer
German company
November 2018 - April 2019

A website of an e-commerce company.


- recovery of the website after an attack

- analyzing logs

- performance monitoring

- automation of the main system processes

- handling system errors

- testing production environments

- identity and access management

- test data protection

- communication with client's security engineer

- generating a report with executive summary, risk level of each vulnerability and recommendations on how to fix them


Firewall, Zabbix, Burp Suite, Nmap.


Similar candidates
Open to offers now
Ukraine
Kyiv, Kharkiv, Lviv, Odesa, Dnipro
More than 5 years
Intermediate
Considering options
Full-time office work
Part-time work
Remote work (full-time)
Freelance (one-time projects)
Relocate
We use cookies
accept