Software Engineer United States

Sam Yan, Software Engineer

San Ramon, *****, United States, 925-***-****, ******.***@*****.***,

https://www.linkedin.com/in/sam-yan-7a89b/

SUMMARY Dynamic Sr Product Security Manager with over 20 years of experience in information security and software development. Expertise in managing application security programs, including vulnerability assessments and penetration testing, with proven success in achieving SOC2 and ISO 27001 certifications. Adept at enhancing security protocols, driving team performance, and fostering professional development. Ready to lead the Application Security Scanning team at First Citizens, ensuring compliance with security standards while aligning with business objectives.

WORK EXPERIENCE

02/2022 – 07/2024 Sr Product Security Manager, Smarsh Pleasanton, United States Spearheaded the development and enhancement of the Secure Software Development Lifecycle (SSDLC) framework, driving security best practices across 12+ SaaS platforms.

Formulated and automated regular reports to reflect ongoing maturity in the overall security posture.

Served as the key security reviewer for Tenable Vulnerability Scan reports, providing critical feedback to developers and system administrators. Oversaw comprehensive penetration testing initiatives, ensuring the security and resilience of web and internal network applications. Managed security budgets effectively, covering penetration testing services and training platforms.

Authored and instituted encryption standards and TLS protocols for SaaS products.

Facilitated customer communications regarding hardware security modules

(HSM) and management of encryption keys.

09/2017 – 01/2022 Security Lead, MicroFocus Information Management and Governance Division

(IM&G)

Pleasanton, CA, United States

Championed division-wide SDL compliance efforts, incorporating SAST/DAST testing into product security practices. Managed product vulnerabilities meticulously and collaborated closely with governance teams to achieve SOC2 and ISO 27001 certifications. Directed internal and third-party penetration testing across multiple SaaS platforms, ensuring timely remediation of security vulnerabilities. Delivered comprehensive security training programs to global teams, enhancing overall security awareness.

10/2011 – 09/2017 Chief Architect – Digital Safe,

HPE/HP/ZANTAZ

Pleasanton, CA, United States

Engineered the design and development of a multi-petabyte archiving platform specifically tailored for financial institutions. Implemented Encryption at Rest and geographically distributed data replication, ensuring business continuity and disaster recovery capabilities. Established robust encryption protocols and security measures, significantly minimizing risks across multiple data centers. 04/2003 – 09/2011 Director of Product Development – Digital Safe, HPE/HP/ZANTAZ

Pleasanton, CA, United States

Managed the full product lifecycle of Digital Safe, from conceptualization to deployment.

Directed cross-functional teams to pioneer synchronous replication for geographically diverse data centers.

Instituted security protocols, including digital signatures and advanced encryption technologies.

09/1999 – 04/2003 Manager and Software Architect,

HPE/HP/ZANTAZ

Pleasanton, CA, United States

Oversaw enhancements and feature development from design to release. Managed production support issues, directing teams to implement emergency fixes efficiently.

09/1998 – 09/1999 Senior Software Engineer and Project Lead, HPE/HP/ZANTAZ

Pleasanton, CA, United States

Contributed significantly to the Digital Safe software base. Led collaborative projects across departments to resolve critical issues preventing product shipment.

04/1998 – 09/1998 Staff Software Engineer (Network Computer JavaOS), Sun Microsystems, Inc.

Menlo Park, CA, United States

Was responsible for the delivery of Solaris-hosted JavaOS for Business. Created policies and standards for server configuration and administration. 04/1997 – 04/1998 Staff Software Engineer (SMCC Enterprise Server), Sun Microsystems, Inc.

Menlo Park, CA, United States

Handled platform-independent IO across all enterprise-class servers. Delivered the IO Dynamic Reconfiguration (DR) framework integration into Solaris.

09/1995 – 04/1997 Sr. Software Engineer, Apple Computer, Inc. Cupertino, CA, United States Designed, implemented, and tested PCI support for the Macintosh driver model.

06/1992 – 08/1995 Staff Software Engineer, MTI Technology Corporation

Sunnyvale, CA, United States

Engineered a RAID disk controller and resolved PCI memory and I/O space mappings.

09/1990 – 06/1992 Firmware Engineer, Amdahl Corporation Sunnyvale, CA, United States Designed firmware for ESCON and IBM channel disk controllers. 10/1987 – 09/1990 Hardware Engineer, Unisys

Corporation/Memorex-Telex

Santa Clara, CA, United States

Created a bus for fault-tolerant communications between storage controllers.

EDUCATION

09/1982 – 12/1987 University of California, Davis

BS, Electrical Engineering

Davis, CA, United States

SKILLS ISO 27001 SOC2

FedRamp Risk Management & Compliance

Penetration Testing & Vulnerability

Management

Cloud Security (AWS, Azure)

Security Incident Response &

Mitigation

Vendor Security Management

Leadership Cross-Functional Collaboration

Contact this candidate