FRANK AYIREBI

Atlanta, GA | frank.ayirebi@gmail.com

Seeking an Application Security or Security Engineer position in a growth-oriented organization with focus on system
security monitoring and auditing; risk assessments; audit engagements, vulnerability management and testing information
technology controls. Analysis, documentation, and managing the ever-changing landscape of InfoSec.

EDUCATION

Bachelor of Science, Computer Information Systems, Cyber Security Focus -- DeVry University – 2015
(MBA) Information Security, James Madison University 2022

MEMBERSHIPS
 ISSA (Information Systems Security Association International)
 NOVA IT; Cyber Security Group
 OWASP Atlanta, GA Chapter
 (ISC)2, CompTIA, EC-Council, and ISACA

CERTIFICATIONS
 EC-Council Certified Ethical Hacker-CEH
 Qualys Web Application Scanning Specialist
 CISSP

SUMMARY OF QUALIFICATIONS
 Strong knowledge of security vulnerabilities and regulatory standards (OWASP, GDPR, NIST)
 Strong knowledge of web application security issues
 Coordinate and communicate the choice of security technologies necessary to ensure a highly secure yet usable and
flexible computing environment.
 Perform, review and analyze security vulnerability data to identify applicability and false positives (Fortify, Qualys,
Tenable.io)
 Ability to conduct web application and mobile security assessments and handle vulnerability remediation of
applications (Burp Suite, AppScan)
 Experience in analysis, implementation, compliance and evaluation of operational policies and risk assessment
 Support developers in the build process in variety of programming languages (C#, C++, Java, JS, HTML, Swift,
COBOL, .NET etc.
 Sound knowledge of Project Management, compliance legislation (HIPAA, FERPA, SOX, PCI-DSS, FISMA, HITRUST)
 Knowledge in Information Systems Security, Network Security and Security Posture. Internal control framework (ISO
27001, NIST 800-53)
 Solid understanding of NIST regulatory and compliance, FISMA requirements and reporting security and
vulnerability issues in business context
 Strong Access Management, testing and regulatory operational risk management.

PROFESSIONAL EXPERIENCE

WEB APPLICATION SECURITY ENGINEER

First Data Corporation Dec 2017 – Sept 2022

 Performed static/dynamic (SAST/DAST) code testing, manual code review and penetration testing with IBM
AppScan and BurpSuite of internal web applications and external partner applications to identify vulnerabilities and
security defects
 Deployed Tenable Nessus to identify technical security vulnerabilities and threats. Developed reports, tracked
monthly metrics and KPIs, prioritized vulnerability remediation efforts, and led continuous threat management
projects.
 Provided management with vulnerability assessments and security briefings and advise of critical and high risk
vulnerabilities that may affect customer,or organization’s security objectives.
 FRANK AYIREBI
Atlanta, GA | frank.ayirebi@gmail.com

 Developed and implemented manual and automated web application security testing of e-commerce web
applications to enforce security standards (WebInspect,Fortify)
 Conducted application security assessments / penetration testing and code review with IBM AppScan / BurpSuite /
Qualys
 Worked with security product vendors and developers to develop a formal Application Security Verification
Standard within our SDLC process in variety of languages (.NET, Java, JS, HTML, C++, C#, COBOL)
 Performed manual pen-tests with aid from industry standard open-source and custom developed tools to identify
vulnerabilities before going into production. (BurpSuite, AppScan)
 Consulted with development teams on remediation techniques and defensive coding.
 Ran automated application security tools (Tenable.io, WebInspect, Fortify) SAST/DAST
 Security Threats to Commercial Web Applications such as XSS, CRSF, SQL Injection.

SECURITY CONSULTANT
Department of Aviation Jan 2016 – Dec 2017

 Trained development teams on knowledge and understanding of secure SDLC methodologies and deployed
enterprise applications.
 Design virtual networks to support workloads with the highest security and performance.
 Participated as Team member for migrating servers and applications Azure cloud services.
 Managed Windows servers, troubleshooted IP issues and worked with different support teams.
 Managed ticketing system of Rackspace to resolve issues on the cloud environment with the cloud management third
party team.
 Automated Deployment and Scale of Azure IaaS Solution script, and scale Azure deployments.
 Setup Contrast Assess and Contrast scan with agents to analyze data flow and identify vulnerabilities in fully-
assembled and running applications. Provided accurate, continuous, real-time application security testing and attack
blocking for application.

SECURITY ANALYST
Uber Technologies Inc Dec 2012- Dec 2015
 Developed policies and procedures to ensure information systems reliability and accessibility 
 Worked with the engineers and project managers on systems programming teams to include security in their
workflows
 Provided security recommendations as a subject matter expert for development teams during all phases of
development
 Conducting risk and vulnerability assessments of installed information systems to identify vulnerabilities, risks, and
protection needed.
 Promoted awareness of security issues among management and law enforcement ensuring sound security principles
are reflected in organizations’ visions and goals
 Monitored network traffic and conducted systems security evaluations, audits, and developed disaster recovery
procedures
 Managed patches, hotfixes, system change packages and current compliance verification
 Improved the security of our applications by working closely with product teams and developers from each Amplify
division (Insight, Learning, Access
 Performed security events check and advised on appropriate action to implement countermeasures.