Cyber/Information/System/Network/Application Security Engineer
Deyu Xian
E-mail: acw2bf@r.postjobfree.com
SUMMARY
Over 17 years experience in the security industry. Broad knowledge of system, software, and networking technologies to provide a powerful combination of analysis, implementation, and support of security systems. Expert in threat analysis and control, penetration testing and defense. As a project lead and engineer supervised and participated in 1000+ security projects, my last job in past 6 years Involves :
* Penetration test
* Network/System Vulnerability & Penetration Assessment
* Source Code Security (Python/PHP/Java/.Net)
* Mobile(Android/iOS/Sybian) Application,Web Application top10 OWASP security
* Application Security Quality Assurance
* Risk Management & Corporate Risk Advisors & Threat Control
* Digital Forensics & Attack track
* Incident Response
* PCI DSS
OBJECTIVE
To find a job in threat and vulnerability management, issue resolution, penetration testing and defense,POC, network/system security,threat control, development content filtering and SPAM prevention, Spam control Identity and Access Management, Implement and Operate Security Controls, troubleshoots, incident response, and solution design.
PROFESSIONAL
EXPERIENCE
05/2010 – 08/2016
Ultrapower Software Corp.
Senior Security Engineer
Responsibility for protecting over 300+ online systems with 3800+ servers.200+ website, serval hundred service interface. One of the systems has more than 10 billion users and 3 million simultaneous accesses in one second. Build security strategy, Security Operations, policy development, incident response, analysis Vulnerability and Threat Management, analysis, risk control, track attacker, troubleshoots, design defense system or features, SDLC
As the leader of the enterprise for the information security program. I found over 100 application vulnerabilities in one year (2012)
03/2008 – 05/2010
Pioneer
Manager/Technical Lead
Start-up my own business. Provide professional system & network security services.
08/2003 – 02/2008
Bankunion Tech Company
Manager of the operation and maintenance department
Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy. risk management, IT systems security, solution design Assisted in the development of access-controls, separation of duties, and roles. Conducted technical risk evaluation of hardware, software, and installed systems and networks. Assisted with testing of installed systems to ensure protection strategies are properly implemented and working as intended. Assisted in incident response and recommend corrective actions. Communicated with personnel about potential threats to the work environment. Participated in forensic recovery and analysis. Participated in development and maintenance of global information security policy.
11/1999 – 08/2003
Peking Jadebird Corp.
Security Engineer, Development
In charge of security emergency Incident Response, penetration testing, development of firewall /ids, design and creating the automated penetration testing tools.
EDUCATION
07/1997-07/1999
Shandong Agriculture University
EXEMPLARY
PROJECTS
05/2010 – 09/2016
Fetion project
This system have 10 billion users and 3 million simultaneous access in one second, I am responsible for threat and vulnerability management, risk control, penetration testing. Solution design, SDLC, developing security requirements Spam control, and making security work-flow and standard
08/2014-05/2016
Vulnerability automated discovery and alters tools
creator,designer, development, Use my code to find &analysis high risk, and send alter to my team .This system can show the risk status in real time from many dimensions before the assets was damaged.
07/2014
Anti-fraud components
inventor and creator, designer, the feature can find fraud malicious access and block identified bad guys, phone Numbers or userid ETC.
06/2014
Security baseline check system
creator,designer, programmer, this tools can check very quickly for baseline security status over thousands servers, and give advice that how to control the risk guidance and advice related to all information security issue
02/2014-05/2014
Cyber space threats automated analysis system
creator,designer, development,analysis new threat from Cyber space attack or hacker team
01/2014
Cyber threat alert tools
Tools inventor and creator,designer, programmer
12/2011-06/2016
High risk vulnerabilities auto check tools(POCs)
Creator,designer, programmer, developing exploit code,use this tools to check the new vulnerable weather or not effects the business system,
07/2013-12/2013
Malicious URL remote identified system
inventor and creator,identified malicious URL in the website or other content, can use in many other safety system or components
02/2012-05/2012
Vulnerability management system
Designer,programmer, a website for Vulnerability and Threat Management making work-flow to deal with vulnerable, automation of tasks
01/2012
Malicious device identification SDK
inventor and creator,design,automatic identification malicious access and online device.
06/2011-12/2011
Fast precision IP library
inventor and creator,IP physical address always change in China .this system can very quickly identification the real physical address of IP even it changed
05/2011-06/2012
Malicious URL fast identification system
inventor and creator .project manager,this system can auto identification malicious URL in the content that in the mail /website /sms or other business system in offline device
06/2010-07/2011
Specific keywords online fast detection system
creator, designer, programmer, fast identification/filter malicious content message in the mail /website /sms/messages/IM or other content system
05/2010-05/2015
Over 100+ website penteration test
Use fiddler,burpsuite,Ethereal, tcpdump,nmap,,wireshark, Kali Linux,nc,metasploit,nikto,nessus,sqlmap,awvs,vim, web,xss,webshell,wireless hack,APP, Kismet, Netsparker, WebInspect, AppScan, Nexpose, Core Impact and manual techniques to exploit vulnerabilities, ever wrote many POCs code
04/2009 – 04/2010
Security service for Shandong mobile communication company
Threat and Vulnerability management,threat control, penetration test. solution design
02/2008 – 05/2009
National Sports Game
Threat and Vulnerability Management,Threat solution valuation,penetration test
04/2009 –
ACID2009
core technical of china CTF team,defense solution design, threat control,network package analysis,log analysis, Malware analysis
12/2008 –
Gansu Telecom Corp.
Vulnerability assessment,Risk analysis,solution design,PCI.
08/2009
Olympic China
Solution Design,risk analysis defense, Implement and Operate Security Controls
PATENTS
Malicious URL identification method and system (CN 201*********)
A method and device for generating cipher code (CN 201*********)
Pending:
fast IP library construction method and system
video automated identification method and system
identifying and track malicious device method and system
User abnormal behavior recognition method and system
Method and device for predicting safety risk
SKILLS
Skill Name
Skill Level
Experience
OS:Unix,Linux,FreeBSD,windows Linux
Expert
18years
OS:sco unix,HPUX, AIX, Solaris,qnux,
Beginner
2 years
Security tools – fiddler,burpsuite,Ethereal, tcpdump,nmap,,wireshark, Kali Linux ntop,wiresharp,nc,metasploit,nmap,nikto,nessus,sqlmap,awvs,vim, web,xss,webshell,wireless hack,APP, Kismet, Netsparker, WebInspect, AppScan, Nexpose, Core Impact and manual techniques to exploit vulnerabilities
Expert
16 years
Team manager,project manager
Beginner
8 years
Penetration Testing – red team
Expert
15 years
programepython,HTML,XML,PHP,Nodejs,javascript,perl,lua,ruby,shell,delphi,vb,java,asp,c#,batch
Intermediate
5 years
Framwork 27001,27002,ITSEC,CC,17799,SOX,PCI,WASC,OWASP,etc
Expert
12 years
Apache,DNS,http,squid,smb,Asterisk, DHCP, Exim, Munin,sendmail, Postfix, SAMBA, SSH,ftp
Expert
12 years
Network (router,switch,firewall,gateway,vpn,proxy,UTM,SOC,IDS,IPS,F5,ACLs,TAC+/Tacacs,dhcpWAN/LAN)
Intermediate
10 years
Andirod security,ios security
Beginner
2 years
Cloud base
Intermediate
15 year
DB database MySQL,PgSQL,sqlserver,oracle,redis,SQLite,PostgreSQL
Beginner
3 year
IOT security
Beginner
2 year
Microsoft Office
Expert
16 years