Sign in

15 Years in development, Prod Support, and perfromance/Securitytest

Toronto, Ontario, Canada
October 06, 2016

Contact this candidate


Scott Li

** *********** ****, *******, ** L*C *X*

Tel: 416-***-**** & E-mail:

Senior Technical Analyst/Security Consultant

ü Over 15 years of working experience in software development, delivery and IT operations support using Java/JEE, and C++ in Unix and Windows.

ü Over 5 years of testing experience in security, performance and automation for Web applications.

ü Familiar with OWASP Top 10 and security standards such as ISO 27002.

ü Over 7 years of working experience in relational database and Data Warehouse using Oracle and SQL Server

ü Extensive experience in full software development lifecycles (SDLC), Client/Server, N-tiered architecture, OOD/OOP, Agile Methodology, Operational Support System (OSS) and Design Patterns.

ü Proficient in J2EE/JEE technologies such as Spring Framework, Struts, JSP, Servlet, JavaScript, AngularJS, JDBC, Mybatis, Hibernate, Web Service, WebLogic and WebSphere.

ü Practical in Eclipse, Maven, Ant, JMeter, JProfiler, visualVM, Dynatrace, New Relic, JUnit, TestNG and Selenium WebDriver.

ü Working Knowledge in continuous integration & deployment (Bamboo, Jenkins).

ü Working experience in provisioning network equipment from Juniper, Cisco, and Alcatel-Lucent

ü Proven track record as a fast learner and a team player with excellent people skills.


Programming Languages: Java, JavaScript, HTML5, CSS, XML, SQL, PL/SQL, AngularJS, JQuery

Technologies: J2EE (Servlets, JSP, EJB, Struts MVC, Spring MVC), JMS, Log4j, JUnit, TestNG, Web Service (SOAP, REST), Maven, Mybatis, Hibernate, JPA, HDIV, and Quartz.

Application Servers: WebLogic, JBoss, and WebSphere

Methodologies: OOP/D, UML, Agile, Design Patterns

Tools: JMeter, JProfiler, visualVM, Dynatrace, New Relic, Microstrategy, Eclipse, CVS, JIRA, Bamboo, Jenkins, SQLMap, WireShark, Burp Suite, and OWASP CSRF Tester, Selenium IDE and Selenium WebDriver.

Database: Oracle, Informix, SQL Plus, PL/SQL, JDBC, Oracle SQL Loader

Network Protocols: TCP/IP, SMTP, SNMP, UDP, L2TP, ATM, Frame-Relay, DSL, IP/VPN, LAN and WAN

Operating Systems: UNIX (Solaris), Linux, Windows


Canadian Institute of Health Information (CIHI) 2008 – 2016

Senior Programmer Analyst/Tester

Major Projects:

Web Application for National System for Incident Reporting (NSIR)

Web Application for Canadian Joint Replacement Registry System (CJRR)

Web Application for Canadian Patient Cost System (CPCD)

Web Application for Canadian MIS Database (CMDB)

Web Application for National Ambulatory Care Reporting System (NACRS)

Technologies used:

Java, Spring MVC, Struts MVC, HTML5, CSS, JQuery, JavaScript, AngularJS, JSP, REST Web Service, XML, Weblogic, JBoss, JPA, Oracle DB, PL/SQL, Spring Security, HDIV Security Framework, Multi-threading, JUnit, TestNG, Maven, Jenkin, Bamboo, JIRA, JProfiler, JMeter, virtualVM, Dynatrace, New Relic and Selenuim.

Test in Security, Performance and Automation

Developed, executed and documented test plans and tested cases for System Integration Testing (SIT) and UAT, and reported issues in JIRA and QC.

Reviewed Functional Specifications and user guides.

Configured and Setup UAT and QA end-to-end testing environment.

Tested application security features including session expiry, user roles, book marking, passwords and compatibility across multiple browser types and encryption levels.

Performed security vulnerabilities tests on various web applications using security tools and manual test.

Found security vulnerabilities in web applications including: SQL injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Insecure Direct Object reference, Information and Privacy (suahc as Health card Number) Leakage, Improper error handling, Broken Authentication, Failure to Restrict URL Access, Buffer Overflows and many more.

Proposed and discussed solutions for all security issues discovered.

Provided security code reviews and evaluated results for security vulnerabilities for healthcare applications. Trained, documented and advised application developers for security risks, secure coding best practices, with practical remediation guidance to developers.

Won a special recognition award from InfoSec in 2014.

Implemented Page Objects, Data Driven, Keyword Driven, Hybrid automation frameworks using Selenium WebDriver, Java, JUnit and TestNG.

Automated highly transactional healthcare web applications using Selenium WebDriver.

Monitored and investigated the performance issue for web applications with JMeter, JProfiler, visualVM, Dynatrace, New Relic and WebLogic Admin tools

Analyzed memory leak and dead-lock problems in applications using JProfiler and using thread dump.

Created a tool in Java to prepare a large number of data for SIT and UAT test.

Development & Production Support

Developed, supported and maintained as a key member for various healthcare web applications using Java, JSP, J2EE, Struts MVC, Spring MVC, XML, REST Web service, CSS, JavaScript, AngularJS, JQuery, Spring Security, and HDIV security framework.

Participated in requirement analysis, design reviews, code reviews, test case analysis and project lessons learned meetings.

Integrated Oracle Identity Management (IDM) to NSIR application and achieved single sign-on (SSO) for the system.

Extensively used Quartz scheduler to schedule the automated jobs.

Designed and built Microstrategy reports and Oracle reports for web applications.

Proactively identified, managed and corrected data quality issues with reports to clients.

Configured and deployed applications with WebLogic 11 and Oracle 9/10/11G.

Developed ETL processes using Oracle PL/SQL scripts to enable hourly extracting drug incident data from NSIR application to Data warehouse.

Extensive exposure on back end programming skills using SQL, PL/SQL, Cursors, Stored Procedures and Triggers in Oracle.

Supervised intermediate/junior level team members, and provided knowledge transfer.

Worked closely with internal clients to identify product issues and provided customer support

Improved the performance 20 times for data processing in CPCD web application through multi-threading approach and code optimization.

Implemented partitions on a large dataset as well as index functions with Oracle resulting in 40% improved performance for CMDB system.

Migrated Web Applications from Struts MVC to Spring MVC.

Maintained Java Code quality using Sonar tool.

Wrote unit tests using JUnit framework.

Participated in daily Agile Scrum meetings to track project development status.


Created and delivered a presentation on Web Application Security Testing in ITS Product Delivery Branch meeting.

Developed, edited and co-presented Performance Improvement for CPCD Web Application in branch Symposium.

Prepared and delivered a presentation on Data Dictionary in IT Operation Department meeting.

Syndesis (Subex) Limited, Toronto 1999 – 2008

Senior Software Developer


Service Manager System that is a J2EE application used to manage service activation subsystems with high-volume.

End-To-End Net Provisioning System that is J2EE application used to provision and activate network service for heterogeneous network topology.

Technologies used:

Java, C++, JSP, JAX-WS, JMS, XML, Weblogic, JBoss, RADIUS, Oracle DB and Unix (Solaris)

Responsible as a key member or tech lead for analysis, design, development and test for various applications.

Troubleshoot production incidents regarding technical, security and performance and provided the solutions for the issues.

Developed ksh scripts for automatic end-to-end service activation testing.

On-site technical support in global telecom clients such as Telecom Italy and Swiss Com. Conferred with customers to identify business requirements and technical gaps. Prepared the customer solution specifications.


Graduate Diploma in Computer Science, Concordia University, Canada


Penetration Testing and Ethical Hacking by Cybrary.It, 2016

CompTIA Security+ SY0-401: Threats and Vulnerabilities by, 2016

Foundations of Cybersecurity by, 2015

Foundations of Programming: Web Security by, 2015

Techniques for Developing Secure Software by, 2015

Hadoop Fundamental by, 2015

Securing Web Applications, Services and Servers, Learning Tree, Toronto, 2014

Software Project Management, Toronto, 2014

Ab initio Training, Toronto, 2013

Microstrategy, Learning Tree, Toronto, 2011

Spring 3, Learning Tree, Toronto, 2010

Java/J2EE security, Learning Tree, Toronto, 2009

Oracle Database Design & Administration, Toronto, 3/2003

Contact this candidate