About Me!

Security Engineer | DevSecOps | Pentester

Ali Yazdani

More than 10 years of experience in IT security.

Senior Security Engineer @ NewStore

  • Perform vulnerability assessments and penetration tests.
  • Perform security testing and code review as part of the SDLC pipeline to improve software security. (promoting the shift-left strategy and DevSecOps culture).

Security Researcher @ OWASP Foundation

  • Contributing to OWASP MSTG (Mobile Security Testing Guide) project
  • Leading the DevSecOps guideline project

Past Experiences

Lead Engineering DevSecOps @ Henkel
(Sep 2021 – Jan 2022)

Perform vulnerability assessments and penetration tests.
Perform security testing and code review as part of the SDLC pipeline to improve software security. (promoting the shift-left strategy and DevSecOps culture).

Senior Cyber Security Engineer @ Deposit Solutions GmbH
(Jul 2019 – Aug 2021)

  • Perform vulnerability assessments and penetration tests.
  • Implement a SIEM solution to monitor security-related activities.
  • Perform security testing and code review as part of the SDLC pipeline to improve software security. (promoting the shift-left strategy and DevSecOps culture).

IT Security Team Lead @ MTN Irancell
(Jun 2018 – Apr 2019)

  • Implement regular Vulnerability and Penetration Tests on IT Infrastructures.
  • Review SRS documents to ensure the security requirements right implemented by the architecture team.
  • Design and implement security monthly reporting system to centralize and visualize monthly security vendor reports.
  • To identify potential areas where existing OS/DB security policies and procedures, and controls require change, or where new ones need to be developed, especially regarding future business expansion.
  • To define and enforce IT infrastructure security checklists for new systems and existing systems considering the MTN Irancell standards and requirements.

IT Security Engineer @ MTN Irancell
(Nov 2015 – May 2018)

  • Perform penetration test and vulnerability assessment on ITS systems.
  • Check SRS documents and apply security policies and requirements in it.
  • Technical forensic investigation on important security incidents and performing root cause analysis.
  • Implement and develop health check toolkit to automate OS and DB security tools.
  • Design and implement security monthly reporting system to centralize and visualize monthly security vendor reports.

For more information, please check my LinkedIn profile.