SECURITY ONLY WORK EXPERIENCE
Staff Engineer & Individual Contributor - FlexAI
Our product ensures AI Workloads as a Service
- Security management and liaising for validation of SOC2, GDPR, etc.
Senior Offensive Security Engineer - Form3 (UK)
Our product is one of the most resilient, multi-cloud, high volume transactions platform in FinTech. It spans 3 clouds (AWS, GCP & Azure ) using Go, Kubernetes and Infrastructure as Code, with more than 60 internal services/middlewares/gateways and third-party integrations. Customers using our APIs: Loyds banking Group, Mastercard, Barclays, Stripe, JP Morgan, Nationwide, GoCardless, etc.
Part of the small offensive security team. Overall my mission is to create new ways to consistently feed the risk framework of Form3 with novel and relevant vulnerabilities.
Direct responsibilities as Senior Offensive Security Engineer:
- Provide expertise on Go, AppSec, CloudSec and Kubernetes for our infrastructure, products and services
- Scale, improve and revamp our team's internal processes and vulnerabilities capture workflow
- Ongoing review, pentesting of all services/middlewares, our 3 clouds subscriptions (AWS, Azure, GCP) and third party integrations (FeedzAI, Microsoft Copilot, etc.)
- Create new and original reliable Go tooling for automation and discovery, exposing new areas for novel vulnerabilities
- Research on new topics, vulnerabilities, bypasses, attack paths, TTP (Tactics Techniques and Procedures) relevant to our platform
- Bring Go and Test Driven experience, as well as my security background during implementation (i.e. threat modelling)
Freelance for UK/US companies (Security, Architecture, Development, Infra)
As a freelance, I offered concrete and extensive hands-on experience at various levels.
Candy (US) from Jan / November 2022
Working with Candy on their NFT Go platform that offers a first and second marketplace, and gamification of sports items
- SecOps: build from scratch an encrypted delivery pipeline to locally integrate real production data for developers
- Handle surface and perimeter security of the deployed platform and product
Improbable (UK) from May / November 2021
Working with Improbable to implement collectively a brand new and modern Go orchestration platform for the multi-players industry
- Initial security assets assessment and inventory of the product: perimeter, ratio of obsolete sowftares, cryptography used, etc.
Contractor Technical Lead - Rockside (Development, Design, Ethereum, Blockchain, Security, Infra & Architecture)
Security
- Defining a sound yet simple security model for the infrastructure and our operational side of it
- Security audits of our various component notably our wallet before ANSSI review
- Regularly teaching development security practices and performing continuous audit our codebases and infrastructure
Contractor Technical Lead - Edulib (Design, Development, Security, Infra, Scalability)
- Technical and security audit: backend code, infrastructure, development practices, tooling, etc.
- Expose, document and explain current scalabilty and security issues with ad hoc threat modeling
- Put in place new security procedures as well as small iterative and agile processes for the reduced technical team and the transition period
- Port internal Edulib services to a newly created standardized and more secured AWS infrastructure by reducing its surface
Contractor Technical Lead - Hivebrite (Design, Development, Security, Infra & Middleware)
- Initial security assessment with swift follow up actions taken to ensure a baseline security for our non production environments
- Leading the security external review and implementing security controls for the Hivebrite platform
- Security compliance point of contact and continuous liaison for our customers (Microsoft, etc.) regarding standardization and compliance: ISO, GDPR
- Starting a SecOps team: threat modeling, audits, continuous security, tools and processes, version upgrade of key components
Security Lead - CyberSecurity firm WALLIX
- Lead implementor and architect of the open source project for secure defaults in AWS: awless (on AWS internals) won Stackshare top 50 developers tools 2017, InfoWorld Bossie Awards 2017 category best cloud computing software
- Engineering and cryptography with the implementation of the Golang SDK for the DataPeps an end-to-end encryption WALLIX product
- Full audits of internal products: WALLIX Bastion, DataPeps server, etc.