
Security Engineer | DevSecOps | Pentester
Ali Yazdani
More than 10 years of experience in IT security.
Senior DevSecOps Engineer @ ScoutBee
- Perform vulnerability assessments and penetration tests.
- Perform security testing and code review as part of the SDLC pipeline to improve software security. (promoting the shift-left strategy and DevSecOps culture)
Security Researcher @ OWASP Foundation
- Contributing to OWASP MSTG (Mobile Security Testing Guide) project
- Leading the DevSecOps guideline project
Past Experiences
Senior Security Engineer @ NewStore
(Sep 2021 – Jul 2022)
- Perform vulnerability assessments and penetration tests.
- Perform security testing and code review as part of the SDLC pipeline to improve software security. (promoting the shift-left strategy and DevSecOps culture).
Lead Engineering DevSecOps @ Henkel
(Sep 2021 – Jan 2022)
Perform vulnerability assessments and penetration tests.
Perform security testing and code review as part of the SDLC pipeline to improve software security. (promoting the shift-left strategy and DevSecOps culture).
Senior Cyber Security Engineer @ Deposit Solutions GmbH
(Jul 2019 – Aug 2021)
- Perform vulnerability assessments and penetration tests.
- Implement a SIEM solution to monitor security-related activities.
- Perform security testing and code review as part of the SDLC pipeline to improve software security. (promoting the shift-left strategy and DevSecOps culture).
IT Security Team Lead @ MTN Irancell
(Jun 2018 – Apr 2019)
- Implement regular Vulnerability and Penetration Tests on IT Infrastructures.
- Review SRS documents to ensure the security requirements right implemented by the architecture team.
- Design and implement security monthly reporting system to centralize and visualize monthly security vendor reports.
- To identify potential areas where existing OS/DB security policies and procedures, and controls require change, or where new ones need to be developed, especially regarding future business expansion.
- To define and enforce IT infrastructure security checklists for new systems and existing systems considering the MTN Irancell standards and requirements.
IT Security Engineer @ MTN Irancell
(Nov 2015 – May 2018)
- Perform penetration test and vulnerability assessment on ITS systems.
- Check SRS documents and apply security policies and requirements in it.
- Technical forensic investigation on important security incidents and performing root cause analysis.
- Implement and develop health check toolkit to automate OS and DB security tools.
- Design and implement security monthly reporting system to centralize and visualize monthly security vendor reports.
…
For more information, please check my LinkedIn profile.