Resume

Sign in

Security Engineer

Location:
Chicago, Illinois, United States
Posted:
October 14, 2016

Contact this candidate

Cyber/Information/System/Network/Application Security Engineer

Deyu Xian

E-mail: acw2bf@r.postjobfree.com

SUMMARY

Over 17 years experience in the security industry. Broad knowledge of system, software, and networking technologies to provide a powerful combination of analysis, implementation, and support of security systems. Expert in threat analysis and control, penetration testing and defense. As a project lead and engineer supervised and participated in 1000+ security projects, my last job in past 6 years Involves :

* Penetration test

* Network/System Vulnerability & Penetration Assessment

* Source Code Security (Python/PHP/Java/.Net)

* Mobile(Android/iOS/Sybian) Application,Web Application top10 OWASP security

* Application Security Quality Assurance

* Risk Management & Corporate Risk Advisors & Threat Control

* Digital Forensics & Attack track

* Incident Response

* PCI DSS

OBJECTIVE

To find a job in threat and vulnerability management, issue resolution, penetration testing and defense,POC, network/system security,threat control, development content filtering and SPAM prevention, Spam control Identity and Access Management, Implement and Operate Security Controls, troubleshoots, incident response, and solution design.

PROFESSIONAL

EXPERIENCE

05/2010 – 08/2016

Ultrapower Software Corp.

Senior Security Engineer

Responsibility for protecting over 300+ online systems with 3800+ servers.200+ website, serval hundred service interface. One of the systems has more than 10 billion users and 3 million simultaneous accesses in one second. Build security strategy, Security Operations, policy development, incident response, analysis Vulnerability and Threat Management, analysis, risk control, track attacker, troubleshoots, design defense system or features, SDLC

As the leader of the enterprise for the information security program. I found over 100 application vulnerabilities in one year (2012)

03/2008 – 05/2010

Pioneer

Manager/Technical Lead

Start-up my own business. Provide professional system & network security services.

08/2003 – 02/2008

Bankunion Tech Company

Manager of the operation and maintenance department

Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy. risk management, IT systems security, solution design Assisted in the development of access-controls, separation of duties, and roles. Conducted technical risk evaluation of hardware, software, and installed systems and networks. Assisted with testing of installed systems to ensure protection strategies are properly implemented and working as intended. Assisted in incident response and recommend corrective actions. Communicated with personnel about potential threats to the work environment. Participated in forensic recovery and analysis. Participated in development and maintenance of global information security policy.

11/1999 – 08/2003

Peking Jadebird Corp.

Security Engineer, Development

In charge of security emergency Incident Response, penetration testing, development of firewall /ids, design and creating the automated penetration testing tools.

EDUCATION

07/1997-07/1999

Shandong Agriculture University

EXEMPLARY

PROJECTS

05/2010 – 09/2016

Fetion project

This system have 10 billion users and 3 million simultaneous access in one second, I am responsible for threat and vulnerability management, risk control, penetration testing. Solution design, SDLC, developing security requirements Spam control, and making security work-flow and standard

08/2014-05/2016

Vulnerability automated discovery and alters tools

creator,designer, development, Use my code to find &analysis high risk, and send alter to my team .This system can show the risk status in real time from many dimensions before the assets was damaged.

07/2014

Anti-fraud components

inventor and creator, designer, the feature can find fraud malicious access and block identified bad guys, phone Numbers or userid ETC.

06/2014

Security baseline check system

creator,designer, programmer, this tools can check very quickly for baseline security status over thousands servers, and give advice that how to control the risk guidance and advice related to all information security issue

02/2014-05/2014

Cyber space threats automated analysis system

creator,designer, development,analysis new threat from Cyber space attack or hacker team

01/2014

Cyber threat alert tools

Tools inventor and creator,designer, programmer

12/2011-06/2016

High risk vulnerabilities auto check tools(POCs)

Creator,designer, programmer, developing exploit code,use this tools to check the new vulnerable weather or not effects the business system,

07/2013-12/2013

Malicious URL remote identified system

inventor and creator,identified malicious URL in the website or other content, can use in many other safety system or components

02/2012-05/2012

Vulnerability management system

Designer,programmer, a website for Vulnerability and Threat Management making work-flow to deal with vulnerable, automation of tasks

01/2012

Malicious device identification SDK

inventor and creator,design,automatic identification malicious access and online device.

06/2011-12/2011

Fast precision IP library

inventor and creator,IP physical address always change in China .this system can very quickly identification the real physical address of IP even it changed

05/2011-06/2012

Malicious URL fast identification system

inventor and creator .project manager,this system can auto identification malicious URL in the content that in the mail /website /sms or other business system in offline device

06/2010-07/2011

Specific keywords online fast detection system

creator, designer, programmer, fast identification/filter malicious content message in the mail /website /sms/messages/IM or other content system

05/2010-05/2015

Over 100+ website penteration test

Use fiddler,burpsuite,Ethereal, tcpdump,nmap,,wireshark, Kali Linux,nc,metasploit,nikto,nessus,sqlmap,awvs,vim, web,xss,webshell,wireless hack,APP, Kismet, Netsparker, WebInspect, AppScan, Nexpose, Core Impact and manual techniques to exploit vulnerabilities, ever wrote many POCs code

04/2009 – 04/2010

Security service for Shandong mobile communication company

Threat and Vulnerability management,threat control, penetration test. solution design

02/2008 – 05/2009

National Sports Game

Threat and Vulnerability Management,Threat solution valuation,penetration test

04/2009 –

ACID2009

core technical of china CTF team,defense solution design, threat control,network package analysis,log analysis, Malware analysis

12/2008 –

Gansu Telecom Corp.

Vulnerability assessment,Risk analysis,solution design,PCI.

08/2009

Olympic China

Solution Design,risk analysis defense, Implement and Operate Security Controls

PATENTS

Malicious URL identification method and system (CN 201210163298)

A method and device for generating cipher code (CN 201210195551)

Pending:

fast IP library construction method and system

video automated identification method and system

identifying and track malicious device method and system

User abnormal behavior recognition method and system

Method and device for predicting safety risk

SKILLS

Skill Name

Skill Level

Experience

OS:Unix,Linux,FreeBSD,windows Linux

Expert

18years

OS:sco unix,HPUX, AIX, Solaris,qnux,

Beginner

2 years

Security tools – fiddler,burpsuite,Ethereal, tcpdump,nmap,,wireshark, Kali Linux ntop,wiresharp,nc,metasploit,nmap,nikto,nessus,sqlmap,awvs,vim, web,xss,webshell,wireless hack,APP, Kismet, Netsparker, WebInspect, AppScan, Nexpose, Core Impact and manual techniques to exploit vulnerabilities

Expert

16 years

Team manager,project manager

Beginner

8 years

Penetration Testing – red team

Expert

15 years

programepython,HTML,XML,PHP,Nodejs,javascript,perl,lua,ruby,shell,delphi,vb,java,asp,c#,batch

Intermediate

5 years

Framwork 27001,27002,ITSEC,CC,17799,SOX,PCI,WASC,OWASP,etc

Expert

12 years

Apache,DNS,http,squid,smb,Asterisk, DHCP, Exim, Munin,sendmail, Postfix, SAMBA, SSH,ftp

Expert

12 years

Network (router,switch,firewall,gateway,vpn,proxy,UTM,SOC,IDS,IPS,F5,ACLs,TAC+/Tacacs,dhcpWAN/LAN)

Intermediate

10 years

Andirod security,ios security

Beginner

2 years

Cloud base

Intermediate

15 year

DB database MySQL,PgSQL,sqlserver,oracle,redis,SQLite,PostgreSQL

Beginner

3 year

IOT security

Beginner

2 year

Microsoft Office

Expert

16 years



Contact this candidate