Sign in

Security Engineer

Chicago, Illinois, United States
October 14, 2016

Contact this candidate

Cyber/Information/System/Network/Application Security Engineer

Deyu Xian



Over 17 years experience in the security industry. Broad knowledge of system, software, and networking technologies to provide a powerful combination of analysis, implementation, and support of security systems. Expert in threat analysis and control, penetration testing and defense. As a project lead and engineer supervised and participated in 1000+ security projects, my last job in past 6 years Involves :

* Penetration test

* Network/System Vulnerability & Penetration Assessment

* Source Code Security (Python/PHP/Java/.Net)

* Mobile(Android/iOS/Sybian) Application,Web Application top10 OWASP security

* Application Security Quality Assurance

* Risk Management & Corporate Risk Advisors & Threat Control

* Digital Forensics & Attack track

* Incident Response



To find a job in threat and vulnerability management, issue resolution, penetration testing and defense,POC, network/system security,threat control, development content filtering and SPAM prevention, Spam control Identity and Access Management, Implement and Operate Security Controls, troubleshoots, incident response, and solution design.



05/2010 – 08/2016

Ultrapower Software Corp.

Senior Security Engineer

Responsibility for protecting over 300+ online systems with 3800+ servers.200+ website, serval hundred service interface. One of the systems has more than 10 billion users and 3 million simultaneous accesses in one second. Build security strategy, Security Operations, policy development, incident response, analysis Vulnerability and Threat Management, analysis, risk control, track attacker, troubleshoots, design defense system or features, SDLC

As the leader of the enterprise for the information security program. I found over 100 application vulnerabilities in one year (2012)

03/2008 – 05/2010


Manager/Technical Lead

Start-up my own business. Provide professional system & network security services.

08/2003 – 02/2008

Bankunion Tech Company

Manager of the operation and maintenance department

Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy. risk management, IT systems security, solution design Assisted in the development of access-controls, separation of duties, and roles. Conducted technical risk evaluation of hardware, software, and installed systems and networks. Assisted with testing of installed systems to ensure protection strategies are properly implemented and working as intended. Assisted in incident response and recommend corrective actions. Communicated with personnel about potential threats to the work environment. Participated in forensic recovery and analysis. Participated in development and maintenance of global information security policy.

11/1999 – 08/2003

Peking Jadebird Corp.

Security Engineer, Development

In charge of security emergency Incident Response, penetration testing, development of firewall /ids, design and creating the automated penetration testing tools.



Shandong Agriculture University



05/2010 – 09/2016

Fetion project

This system have 10 billion users and 3 million simultaneous access in one second, I am responsible for threat and vulnerability management, risk control, penetration testing. Solution design, SDLC, developing security requirements Spam control, and making security work-flow and standard


Vulnerability automated discovery and alters tools

creator,designer, development, Use my code to find &analysis high risk, and send alter to my team .This system can show the risk status in real time from many dimensions before the assets was damaged.


Anti-fraud components

inventor and creator, designer, the feature can find fraud malicious access and block identified bad guys, phone Numbers or userid ETC.


Security baseline check system

creator,designer, programmer, this tools can check very quickly for baseline security status over thousands servers, and give advice that how to control the risk guidance and advice related to all information security issue


Cyber space threats automated analysis system

creator,designer, development,analysis new threat from Cyber space attack or hacker team


Cyber threat alert tools

Tools inventor and creator,designer, programmer


High risk vulnerabilities auto check tools(POCs)

Creator,designer, programmer, developing exploit code,use this tools to check the new vulnerable weather or not effects the business system,


Malicious URL remote identified system

inventor and creator,identified malicious URL in the website or other content, can use in many other safety system or components


Vulnerability management system

Designer,programmer, a website for Vulnerability and Threat Management making work-flow to deal with vulnerable, automation of tasks


Malicious device identification SDK

inventor and creator,design,automatic identification malicious access and online device.


Fast precision IP library

inventor and creator,IP physical address always change in China .this system can very quickly identification the real physical address of IP even it changed


Malicious URL fast identification system

inventor and creator .project manager,this system can auto identification malicious URL in the content that in the mail /website /sms or other business system in offline device


Specific keywords online fast detection system

creator, designer, programmer, fast identification/filter malicious content message in the mail /website /sms/messages/IM or other content system


Over 100+ website penteration test

Use fiddler,burpsuite,Ethereal, tcpdump,nmap,,wireshark, Kali Linux,nc,metasploit,nikto,nessus,sqlmap,awvs,vim, web,xss,webshell,wireless hack,APP, Kismet, Netsparker, WebInspect, AppScan, Nexpose, Core Impact and manual techniques to exploit vulnerabilities, ever wrote many POCs code

04/2009 – 04/2010

Security service for Shandong mobile communication company

Threat and Vulnerability management,threat control, penetration test. solution design

02/2008 – 05/2009

National Sports Game

Threat and Vulnerability Management,Threat solution valuation,penetration test

04/2009 –


core technical of china CTF team,defense solution design, threat control,network package analysis,log analysis, Malware analysis

12/2008 –

Gansu Telecom Corp.

Vulnerability assessment,Risk analysis,solution design,PCI.


Olympic China

Solution Design,risk analysis defense, Implement and Operate Security Controls


Malicious URL identification method and system (CN 201*********)

A method and device for generating cipher code (CN 201*********)


fast IP library construction method and system

video automated identification method and system

identifying and track malicious device method and system

User abnormal behavior recognition method and system

Method and device for predicting safety risk


Skill Name

Skill Level


OS:Unix,Linux,FreeBSD,windows Linux



OS:sco unix,HPUX, AIX, Solaris,qnux,


2 years

Security tools – fiddler,burpsuite,Ethereal, tcpdump,nmap,,wireshark, Kali Linux ntop,wiresharp,nc,metasploit,nmap,nikto,nessus,sqlmap,awvs,vim, web,xss,webshell,wireless hack,APP, Kismet, Netsparker, WebInspect, AppScan, Nexpose, Core Impact and manual techniques to exploit vulnerabilities


16 years

Team manager,project manager


8 years

Penetration Testing – red team


15 years



5 years

Framwork 27001,27002,ITSEC,CC,17799,SOX,PCI,WASC,OWASP,etc


12 years

Apache,DNS,http,squid,smb,Asterisk, DHCP, Exim, Munin,sendmail, Postfix, SAMBA, SSH,ftp


12 years

Network (router,switch,firewall,gateway,vpn,proxy,UTM,SOC,IDS,IPS,F5,ACLs,TAC+/Tacacs,dhcpWAN/LAN)


10 years

Andirod security,ios security


2 years

Cloud base


15 year

DB database MySQL,PgSQL,sqlserver,oracle,redis,SQLite,PostgreSQL


3 year

IOT security


2 year

Microsoft Office


16 years

Contact this candidate