Post Job Free
Sign in

Threat and Vulnerability Management, penetration testing,development

Location:
Chicago, IL
Posted:
August 25, 2016

Contact this candidate

Resume:

Information/System/Network Security Engineer

Deyu Xian

E-mail: ******@*****.***

SUMMARY

Over 17 years experience in the security industry, broad knowledge of hardware, software, networking and security technologies, providing powerful combination of architecture, analysis, security, and implementation.. Strengths include threat and Vulnerability Management,penetration testing and Security standards,solution design etc.

OBJECTIVE

Threat and Vulnerability Management,issue resolution, penetration testing and defense,POC, network/system security,threat control, development content filtering and SPAM prevention, Spam control Identity and Access Management, Implement and Operate Security Controls, troubleshoots, Incident Response,solution design,

EXPERIENCE

05/2010 – 08/2016

Ultrapower Software Corp.

Senior Security Engineer

Responsibility for protecting over 300+ online systems,3800+ servers.and more than 10 billion users and 3 million simultaneous access in a second. Building security strategies, Security Operations, policy development, incident response,Vulnerability and Threat Management, analysis,attack track, troubleshoots, design defense system or features,SDLC

.As the leader of the security program. As the mentor to train. I found over 100+ vulnerabilities in 2012

03/2008 – 05/2010

Pioneer

Engineer, manager

manager/Technical

Start-up my own business. Provide prefessional system&network security services,Many projects were fulfilled during those years,including ACID2009, Olympic2008, National Sports Game security support.

08/2003 – 02/2008

Bankunion Tech Company

Engineer, manager

Manager of the operation and maintenance department– manager/Technical

Recommended preventive, mitigating, and compensating control to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy. risk management, IT systems security, solution design and so on. Assisted in the development of access-controls, separation of duties, and roles. Conducted technical risk evaluation of hardware, software, and installed systems and networks. Assisted with testing of installed systems to ensure protection strategies are properly implemented and working. Assisted in incident response and recommend corrective actions. Consulting with personnel about potential threats to the work environment. Participated in forensic recovery and analysis. Participated in development and maintenance of global information security policy.

11/1999 – 08/2003

Peking Jadebird Corp.

beijing, china

Security Engineer, Development

I have done many security projects during the last 4 years. As you know,Jadebird, which is created by Yang Fuqing(Academy of Sciences) have many government resources and background,So I had many chances to participate in the building,many operation system of many companies, Responsibility for security emergency Incident Response, penetration testing,development of firewall /ids device, design and creating the automated exploit framework.

10/1998 - 07/1999

University Network Center

Systems Administrator, Website Development

Wrote many web sites by use notepad & html code Servicingr for the college.

EDUCATION

07/1997-07/1999

Shandong Agriculture University

Project Experience

05/2010 – 06/2016

Fetion project

This system has 10 billion users and 3 million simultaneous access My responsibility is threat and vulnerability management,penetration testing.solution design,SDLC,security requirements-develop,Spam control advice related to all security issue,workflow-making and standard-making

08/2014-05/2016

Vulnerability automated discovery and alters tools

Tools creator,designer, programme,Using my code to find&analysis high risk and sending alters to our team.For assets,this system can give the risk status in real-time from different dimensions

07/2014

Anti-fraud components

inventor and creator,desiger,features can find fraud malicious access and block identified potential bad guys,phone Numbers or userid,etc

06/2014

Security baseline check system

creator,designer, programmer,project manager,quickly check baseline security status in thousands servers,and giving suggestion about how to control the risk guidance and advice related to all information security issue

02/2014-05/2014

Cyber space threats automated analysis system

creator,designer, programmer,analysising potential attack or threat from Cyber space attack or hacker team

01/2014

Cyber threat alert tools

Tools inventor and creator,designer, programmer

12/2011-06/2016

High risk vulnerabilities auto check tools(POCs)

creator,designer, programmer, developing exploit code,use this tools to check the new vulnerable weather or not effects the business system,

07/2013-12/2013

Malicious URL remote check tool

inventor and creator,check malicious URL in the website or other content, can use in many safety system or components

02/2012-05/2012

Vulnerability management system

Desiger,programmer, a website for Vulnerability and Threat Management Make workfl to deal with vulnerable, automation of tasks

01/2012

Malicious device identification SDK

inventor and creator,desiger,automatic identification malicious access and device online.

06/2011-12/2011

Fast precision IP library

inventor and creator,there are many chage in China Ip to really address.this system can identification the ip real address in second

05/2010-06/2012

Malicious URL fast identification system

inventor and creator.project manager,auto identification malicious URL in the content that in the mail /website /sms or other business system

06/2010-07/2011

Specific keywords online fast detection system

creator,designer, programmer,fast identification/filter malicious content message that in the mail /website /sms/messages/IM or other business system

05/2010-05/2015

Over 100+ website pentest

Use fiddler,burpsuite,Ethereal, tcpdump,nmap,,wireshark, Kali Linux,wiresharp,nc,metasploit,nmap,nikto,nessus,sqlmap,awvs,vim, web,xss,webshell,wireless hack,APP, Kismet, Netsparker, WebInspect, AppScan, Nexpose, Acunetix,Core Impact and manual techniques to exploit vulnerabilities, I write many POCs code

04/2009 – 04/2010

Security service for Shandong mobile communication company

Threat and Vulnerability Managemen,risk control,penetration test.solution design

02/2008 – 05/2009

National Sports Game

Threat and Vulnerability Managemen,Threat solution valuation,penetration test

04/2009 –

ACID2009

core technical of CTF china team,defense solution design, threat modelling,network package analysis,log analysis, Malware analysis

12/2008 –

Gansu Telecom Corp.

vulnerability assessment,Risk analysis,solution design,PCI.

08/2009

Olympic China

Solution Design,risk analysis defense, Implement and Operate Security Controls

many projects no give more detail in below list

Shandong National Tax security vulnerability assessment and penetration testing,SOX

Shandong rent risk assessment Safety Assessment Shandong Bureau of Statistics

Shandong Communications Authority, long-term support troubleshooting,emergency incident response Security Bureau in Jinan City,

long-term technical support Ministry of Labor and Social Security Penetration Testing Ministry of Education, Hancock penetration testing

Hebei Province Public Security Bureau, “Population and Human Resource System” Penetration Testing

Hebei Province Public Security Bureau “was looted vehicle system,” Penetration Testing

Fujian province’s postal system safety assessment

Hengyang Securities Security Assessment Century Internet Data Center Security Integration

Ministry of Public Security Network Automated-attack platform Linyi Netcom Security Integration

A game server room on-site emergency anti-ddos Shandong Unicom, Security Emergency incident Response (one-year service)

Shandong Mobile, incident Response, .solution design, log correlation and analysis, vulnerability assessment

Jinan Iron and Steel Group, an integrated security system

Jinan silver mesh and the deployment of a firewall (using the secondary development of open source software)

Jinan Silver Net joint website of anti-ddos (to provide a simple and effective self-developed products)

People’s Bank Security Integration

South Korean factories in Shandong, a game room of a network failure (multi-line re-use)

Shandong trendy long-term technical advisor and technical director (security company)

Chinese Ministry of Railways to deploy security products TV stations in Heilongjiang Province, the deployment of security products

Haidian broadcasting emergency response, security, integration

The deployment of security products across the province Ningxia Hui Autonomous Region

High-tech Development Zone, Jinan City, the building of the NEC area networks (from no to yes, the export gateway routing lines, etc. and the website)

Shandong Province Public Security Bureau Website

Weihai Municipal Tobacco Monopoly Bureau to deploy a firewall

Ningbo, an organ in the deployment of security products,

Of an organ in the deployment of security products in Guangzhou

Jinan Qilu Software Park, network construction Shandong, China Construction Bank network transformation

Weifang institutions of excellence on campus as a whole network construction

and There are a lot of others…

PATENTS

Malicious URL identification method and system (CN 201*********)

A method and device for generating cipher code (CN 201*********)

Pending:

fast IP library construction method and system

video automated identification method and system

identifying and track malicious device method and system

User abnormal behavior recognition method and system

Method and device for predicting safety risk

SKILL

Skill Name

Skill Level

Experience

OS:Unix,Linux,FreeBSD,windows Linux

Expert

18years

OS:sco unix,HPUX, AIX, Solaris,qnux,

Beginner

2 years

Security tools – fiddler,burpsuite,Ethereal, tcpdump,nmap,,wireshark, Kali Linux ntop,wiresharp,nc,metasploit,nmap,nikto,nessus,sqlmap,awvs,vim, web,xss,webshell,wireless hack,APP, Kismet, Netsparker, WebInspect, AppScan, Nexpose, Core Impact and manual techniques to exploit vulnerabilities

Expert

16 years

Team manager,project manager

Beginner

8 years

Penetration Testing – red team

Expert

15 years

programepython,HTML,XML,PHP,Nodejs,javascript,perl,lua,ruby,shell,delphi,vb,java,asp,c#,batch

Intermediate

5 years

Framwork 27001,27002,ITSEC,CC, NIST 800 series, FFIEC,ITIL, and COBIT 17799,SOX,PCI,WASC,OWASP,etc

Expert

12 years

Apache,DNS,http,squid,smb,Asterisk, DHCP, Exim, Munin,sendmail, Postfix, SAMBA, SSH,ftp

Expert

12 years

Network (router,switch,firewall,gateway,vpn,proxy,UTM,SOC,IDS,IPS,F5,ACLs,TAC+/Tacacs,dhcpWAN/LAN)

Intermediate

10 years

Andirod security,ios security,mobile security

Beginner

2 years

Cloud base

Intermediate

15 year

DB database MySQL,PgSQL,sqlserver,oracle,redis,SQLite,PostgreSQL

Beginner

3 year

IOT security

Beginner

2 year

Microsoft Office

Expert

16 years



Contact this candidate