About Me

Experience

Security Engineer | August 2022 - Present

• Regularly lead threat modelling sessions with development teams to help assess threats across various systems including MFEs, APIs, and AWS-based architectures, come up with mitigations, and help the business prioritise findings when teams reach out to me
• Worked on Akamai WAF & CDN
  • Analysed on a daily basis all traffic routed through our reverse proxy before hitting our backend servers for several websites and took action against any malicious traffic by blocking or stopping bots from scraping by analysing at different times throughout the day
  • Made sure to follow our allowlisting process for non-prod and production environments
  • Occasionally had to allowlist using client lists to allow third party suppliers to enter our website so that they are not blocked
• Set up web application scans using Tenable to test several websites and track vulnerabilities over time
• Wrote Terraform to set up AWS services, including Cognito
  • Addressed our inconsistent authentication for service-to-service communication as a boilerplate
  • Made sure to follow our security standards so that the boilerplate incorporated them all and could be reused across teams
• Regularly coordinate with development teams on our in-house SAST tool comprising of Semgrep, Checkov, and GitLeaks findings, which uses a range of open-source tools to catch security issues early in the development lifecycle

Certifications

• ISO/IEC 27001 Foundation
• Certified in Cybersecurity (CC) by ISC2

Interests

Outside of work, I enjoy crafting and watching movies. I'm always looking for new creative projects and love testing my knowledge in a pub quiz.