Information Technology Software Development
Resume:
Gbolahan O. Jolapamo
Houston, Texas US Perm Resident ad330d@r.postjobfree.com 1-346-***-****
PROFESSIONAL SUMMARY:
●Professional focus on application, network and data security including protection of critical information technology in organizational assets (i.e. establishing security controls of all layers of the IT infrastructure according to the OSI model in software development lifecycles activities for safeguarding business continuity via a masters security degree program as enumerated below.)
●8+years of experience in Application Software Designing, Development, Testing and Implementation within Salesforce CRM Platform in an Agile environment utilizing object-oriented scripting tools as Apex, Jscript, python, SQL for development and app integration testing in tools as Soap UI.
CERTIFICATION:
●CEH
●Certified Information Security System Professional (CISSP in view)
●Salesforce Certified Platform Developer I (SP17 inactive)
●Salesforce Certified Platform Developer II (SP17 trailhead modules required)
TECHNICAL SKILLS:
OS Skills:
Intermediate to advanced skills in Windows, Linux, and/or OSX Scripting Skills
Scripting
Experience with Unix Shell scripts, Python, Powershell, Java, JavaScript
Firewalls
Palo Alto Networks, Checkpoint, Cisco ASA, Juniper SSG, PFSense
Log Management and SIEM
Splunk, IBM QRadar, HP ArcSight
Network Analysis Tools
Netwitness, Wireshark
System Analysis and Forensic Tools
FTK, EnCase
Endpoint Security
Carbon Black Enterprise Protection, Carbon BlackEnterprise Response, Symantec, McAfee, Forefront
Windows Management
WSUS, SCCM, SCOM, Active Directory, Group Policy Objects
Vulnerability Management
Nexpose, Tenable Nessus, Qualys
Penetration Testing Tools
Metasploit, Backtrack, Kali
Operating Systems
Windows Server 2008/2012, CentOS Linux, OSX
Enterprise Microsoft Solutions
Exchange, Sharepoint, Lync
Regulatory Regimes
ISO27K, SSAE16, HIPPA, PCI, FISMA
Various Open-Source security and networking tools
MRTG, SysInternals, Nagios
Other:
Video Surveillance and Physical Access Control Systems, Implementing Privileged Access Management (PAM) via cyberark's secure remote user access, endpoint privilege manager, core priviledged access security and application access manager features
With Enterprise wide security design consideration explored in:
●Security Risk and Management: Identifying, Classifying and mitigating information risks to vulnerabilities within the system. Penetration testing exercises (Utilizing guiding frameworks as OWASP, OSSTMM and EP Council’s LPT penetration testing methodologies) to determine loopholes within the system, testing web applications for vulnerabilities, Use Metasploit framework to launch exploits and construct Metasploit modules, automate social engineering attacks, bypass antivirus software and simulating various attacks to find security weaknesses in networks using open source like Wireshark, Nmap within the Kali Linux Box and other tools like OWASP’s ZAP and Burp suite for application vulnerability analysis, Firefly for network analysis.
●Asset Security
●Security Architecture and Engineering: Implementing various Architectural frameworks such as Zachman Framework, TOGAF, Department of Defense Technical Reference model (DoD TRM) to gain perspective on IT assets for risk management considerations
●Network Administration and Security: Designing modern Network that scale and resist attack. Implementing controls for enforcing security policies in distributed systems. Addressing network security and privacy issues with encryption, digital signatures, VPN, Kerberos, web tracking, cookies, anonymity networks and firewalls, Configure Dynamic addressing, DHCP, NAT, Zeroconf. Establish efficient reliable routing, subnetting and name resolution. Implement TCP/IP, IPSec in cloud based modern environments. Integrate IoT devices into TCP/IP network. Improving efficiency with TCP/IP, IPSec tools and utilities. Troubleshoot problems with connectivity, protocols, name resolution and performance. Implement TCP/IP, IPSec and various network tunnels from start to end. In depth knowledge of networking, configuration and security of ubiquitous/embedded/IoT devices to include several lightweight protocols for IoT connectivity such as MQTT implemented in Microsoft’s Azure IoT hub, Googles Nest IoT solution, amazon IoT platform and in the EVERYTHING IoT platform. In depth intimacy with IoT attacks and appropriate defense mechanisms
●Identity and Access Management: Using various identity requirement model management used to satisfy privacy needs considering social logins and mobility in ubiquitous computing such as Identity 1.0 and 2.0 Initiatives. Identity 2.0 technologies experienced include Light Weight Identity (LID), XRI/XDI(Extensible Resource/Data Identifier), OAuth 2.0, OpenID 2.0 Connect, SCIM and XACML, Microsoft’s Card Space, ID-WSF, SXIP, IBM’s Higgins. Social logins and identity considerations for mobile users also considered.
●Auditing of Information Systems based on ISO 27001 standards, utilizing various tools and techniques, to ensure information security policies and procedures are adhered to. Provide SME on privacy frameworks and laws such as: HIPAA, HITECH, PCI, SSAE 16 SOC1 & SOC2, NIST Cybersecurity Framework, NIST 800-53, ISO 27001/2 and implementing control objectives org wide using COBIT models for strategic alignment of business and IT plans, value delivery, resource management, risk management and performance measurement.
●Security Assessment and testing
●Security Operations: SOC Analyst responsible for monitoring and maintaining systems used in internal security program. This includes the following of procedures to triage and investigate security alerts and escalate issues as necessary. Performs network security monitoring, security event triage, and incident response for a mid-large size organization, coordinate with other team members, management to document and report incidents as part of rotating SOC shifts supporting 24/7 coverage. Maintain records of security events investigated and incident response activities, utilizing case management and ticketing systems Monitors and analyzes Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) to identify security issues for remediation. Making recommendations, create, modify, and updates Intrusion Detection Systems (IDS) and SIEM tool rules. Ensure implementing best practice security policies that address the client's business need while protecting their vital corporate assets. Evaluate firewall change requests and assess organizational risks, Work closely with customers for the configuration of new software applications through various firewall platforms, Take on Security Operations responsibilities when not on a SOC shift: This includes but is not limited to vulnerability scanning and patch management, access control governance and oversight, exceptions tracking, security tool management, tuning, and configuration, along with metrics and reporting. Being primary resource or support ongoing projects by assisting in the implementation, testing and documentation of security related projects.
●
●Software development Security
●Forensics: Encase Expert Witness format for metadata management, forensic image management via compression after acquisition, securing images with encryption, hashing, split files /images during acquisition, remote forensic acquisition etc. Other tools explored include FTK SMART, Adavanced Forensic Format.
Salesforce Development:
●Extensive experience building enterprise applications on Salesforce platform
●Extensive experience in building enterprise integrations between Salesforce application and external systems.
●Hands-on experience with well-known integration frameworks and patterns.
●Work with stakeholders and the development team daily to deliver extensible and scalable software solutions.
●Expert level knowledge of Salesforce governor limits and best practices for implementing well-performing application under high load.
●Expert knowledge of Apex, Visualforce, SOQL/SOSL, AppExchange Security Review Process
●Expert Experience with Lightning components, Lightning Connect, Lightning App builder,Thorough understanding of Salesforce best practices in an agile development lifecycle and achieving maximum efficiency via CI/CD (i.e. Salesforce DX).
●Expert knowledge of testing frameworks/methodologies (Unit Testing, Integration, TDD, paired programming etc.)
●Ability to train and mentor team members on Salesforce architecture, best practices, and related technology.
●Programming languages as Python, JavaScript, Java, Python, SQL .
PROFESSIONAL EXPERIENCE:
Allied Universal
Loss Prevention Physical Security Officer Present
We Build-IT Feb 2017 - Present
Information Security/Risk Officer
●Application security scanning and pen testing using various tools and techniques.
●Execution and analysis of application testing results and recommending corrective action.
●Implement best practices for application security issue prevention, including secure coding best practices, Secure SDLC and Development Operations.
●Worked with clients to identify / resolve security concerns in application software via enumeration of system devices, Network probing and grey/black box tests.
●Developing security policies and procedures.
●Undergoing internal Audits against the required industry standards per client.
●Develop an understanding of the security tool offerings and work with the business units to provide understanding of the value provided by these security offerings
●Develop and document processes to improve the overall capability for getting applications reporting to the security tools in order to meet audit and regulatory requirements
●Gather and document requirements from the business unit stakeholders and work with the engineering team to ensure the needs of the business are being met with regards to alerts, reports, and overall security monitoring
●Develop metrics and key performance indicators that demonstrate effectiveness of all security tools
●Provide information and support the development of project plans as it relates to the implementation of new processes, procedures and delivery of new technological platforms for information security
●Lead continual process improvement efforts as it relates to the information security tools
●Assisting business users, project managers and IT leadership in optimizing the scope, benefits and risks of proposed projects; help manage expectations of users and management
●Penetration testing: using various open source tools to implement cracking passwords and wireless network keys with brute force and wordlists, using metasploit to launch exploits, automating social engineering attacks, bypass anti-virus software, Information gathering, finding vulnerabilities, capturing traffic, client side exploitation, wireless attacks, web application testing, mobile hacking etc
●Application Testing implementing Burp Suite: Implementing Burp collaborator client/server etc, to detect vulnerabilities such as blind remote control injection, XSS, Client and server side request forgery. Exploring vulnerabilities with burp suite's hack bar.
●Implementation of vulnerability life cycle assessment via Qualys to include discovery, identification/asset grouping, vulnerability assessment, structured reporting of vulnerabilities and finally setup remediation policies for the resolving and mitigating of findings.
●Implemented various public key infrastructure regimes to ensure endpoint data integrity among users
●Develop and maintain cybersecurity plans, strategies, policies, and behaviors to support and align with organizational cybersecurity initiatives.
Accenture May 2018 - Jan2019
Connected Wells-Architect
●Installation and configuration of Decision-Space Middleware connector.
●Installation and running of the DSDS server required to provide security layer for accessing the connector’s Admin console.
●Data ingestion automation using DSIS
Senior Developer/Technical SFDC Architect
●SFDC Technical Architect: Reviewing and integrate all application requirement including functional, security, integrating, performance, quality and operations requirement. Review and integrate technical architecture requirement. Provide input into final decisions regarding hardware, networking products, system software and security.
●Implementing cloud craze product for client using Einstein predictive services to get predictions with rest request
●Trouble shooting Apex performance problems due to Network Latency. Analyzed several issues from the OOB Apex timeline and execution tree perspectives and used customized salesforce applications to extract interface information.
●Attending daily ceremonies to discuss pending items, timelines, impediments and overall project velocity.
●Implementation of commercial storefront solution to include customer checkout, order, product suggestion capabilities giving the user a digitalized experience/business contact point via the web.
●Identify and Implement TCP/IP utilities to troubleshoot network problems. Remote server SSH configurations and working with network management protocols.
Infosys September 2016 - June 2017
SFDC Technical Lead
Client: T-Mobile, Washington, Seattle
Responsibilities:
Migration of T-Mobile’s salesforce org from classic to Lightning:
●Created quick actions to replace JavaScript buttons for validating/updating field values from an action layout, prepopulating fields with values based on values in a dependent field, and to redirect users to visualforce pages based on input value,
●Implemented custom buttons in Lightning experience to replace JavaScript buttons where used for navigation to another page.
●Migrated custom visualforce pages to Lightening UX.
●Implemented Lightening action by creating custom components to be called by quick actions.
●Implemented SLDS to Components.
Client: Motorola
Responsibilities:
●Setup Partner Community for VARs (value added resellers), manufacturers and various other partners.
●Enabled custom price book object and various other established custom functionality to be displayed only to partners.
●Design single and multiple step approval processes for partners and internal users.
●Implemented Process builder to carry out record owner and record type changes triggered as a result of partner user actions.
●Designed various salesforce Lightning components to be used in salesforce partner community via community builder.
●Implemented various templates such as Napili to design look and feel of partner community, also used Visual force pages with salesforce Lightning components called on the pages for partner community.
●Implementing SAML (security Assertion Markup Language) with tokens for client server authentication. Establishing SSL for end points using the required cryptographic regime, implementing the suites within ipsec to establish secure tunnels, implementing SSO using mutually trusted identity servers.
Client: Ingredion, a multinational food sales and processing enterprise.
Responsibilities:
Activities with this client were more of support and administrative roles which centered around modification of corporate profile on salesforce, building of role hierarchy, development of sharing model, setting up users, delegating administrative duties, customizing the salesforce user interface, customizing salesforce with force.com, modifying standard business processes, managing multiple business processes, customizing page and search layouts, managing record types, using dependent picklists, setting workflow processes, using tools such as data.com to improve data quality etc.
Insight Global
SFDC Senior Developer
American Express/Senior Developer, New York Feb 2016-April 2016
●Coordinated with super users for gathering requirements and further diving deep to break business requirements into specific tasks to be accomplished within salesforce.
●Implemented various extension classes and methods and called them on Visual force pages with Java Script embedded within to give some functionality to users via standard account or opportunity pages.
●Implemented Salesforce Connect as the RESTful mechanism to extract data in client legacy application for use in sales force via external custom object. created external data source in the Salesforce org to specify how to connect to the client repo/external system. Then we validated connection and Synced to create external objects that map to the external system’s schema.
●Designed custom notification section on Account Detail page to enable users view transaction, delinquency, credit, risk and other various forms of alerts enabling visibility on this page. This section also included ability to filter by date and by type of alert with the functionality of sending email to some user within salesforce.
●Implemented JavaScript custom buttons to give various roles and profiles access to functionalities when tracking opportunities.
●Created various types of fields within record types in existing objects and gave visibility permissions to profiles requiring access.
●Collaborated with lead Developer to design high level wire frames on solution’s architecture.
●Implemented the Agile methodology/sprints to deliver work items. Experience in coding, testing, debugging and migration to required environment.
●Collaborated with other team members and measured activity performance/team velocity using burn down charts in Rally/Agile CA.
Rondus Consulting Feb 2014 – Jan 2016
Chemical industry, Texaco Chem, Houston, TX
SalesForce Developer/ Administrator
Responsibilities:
●Interacted with various business user groups for gathering the requirements for SalesForce interface development and documented the Business and Software Requirements.
●Performed detail analysis of business and technical requirements and designed the solution by customizing various standard objects of SalesForce.com (SFDC) and other Platform based technologies like VisualForce, Force.com API, and Web Services.
●Involved in Salesforce.com Application Setup activities and customized the apps to match the functional needs.
●Designed SFA based Application on Force.com Platform in Salesforce.com environment with Apex programming language at backend and VisualForce pages as user interface.
●Developed the Apex classes, VisualForce pages, Batch Apex, Triggers as part of the Product Return in OneStep Application.
●Used Salesforce Automation (SFA) for Sales Lead Management, Opportunity Management, Account and Contact Management, Data Quality Management, and Approvals and Workflow.
●Worked with various salesforce.com objects like Accounts, Contacts, Leads, Campaigns, Reports, and Dashboards.
●Experienced with JavaScript, Apex Codes, SOQL and SOSL queries and DML statements
●Used Apex to establish the integration between SFDC and legacy systems
EDUCATION AND TRAINING:
UNIVERSITY OF LIVERPOOL, London, England
Master of Science in Cybersecurity, Anticipated 2020 (Online)
COVENANT UNIVERSITY, Ogun State, Nigeria
Bachelor of Science in Chemical Engineering, Honors
Contact this candidate