Professional Documents
Culture Documents
Atlanta, GA | frank.ayirebi@gmail.com
Seeking an Application Security or Security Engineer position in a growth-oriented organization with focus on system
security monitoring and auditing; risk assessments; audit engagements, vulnerability management and testing information
technology controls. Analysis, documentation, and managing the ever-changing landscape of InfoSec.
EDUCATION
Bachelor of Science, Computer Information Systems, Cyber Security Focus -- DeVry University – 2015
(MBA) Information Security, James Madison University 2022
MEMBERSHIPS
ISSA (Information Systems Security Association International)
NOVA IT; Cyber Security Group
OWASP Atlanta, GA Chapter
(ISC)2, CompTIA, EC-Council, and ISACA
CERTIFICATIONS
EC-Council Certified Ethical Hacker-CEH
Qualys Web Application Scanning Specialist
CISSP
SUMMARY OF QUALIFICATIONS
Strong knowledge of security vulnerabilities and regulatory standards (OWASP, GDPR, NIST)
Strong knowledge of web application security issues
Coordinate and communicate the choice of security technologies necessary to ensure a highly secure yet usable and
flexible computing environment.
Perform, review and analyze security vulnerability data to identify applicability and false positives (Fortify, Qualys,
Tenable.io)
Ability to conduct web application and mobile security assessments and handle vulnerability remediation of
applications (Burp Suite, AppScan)
Experience in analysis, implementation, compliance and evaluation of operational policies and risk assessment
Support developers in the build process in variety of programming languages (C#, C++, Java, JS, HTML, Swift,
COBOL, .NET etc.
Sound knowledge of Project Management, compliance legislation (HIPAA, FERPA, SOX, PCI-DSS, FISMA, HITRUST)
Knowledge in Information Systems Security, Network Security and Security Posture. Internal control framework (ISO
27001, NIST 800-53)
Solid understanding of NIST regulatory and compliance, FISMA requirements and reporting security and
vulnerability issues in business context
Strong Access Management, testing and regulatory operational risk management.
PROFESSIONAL EXPERIENCE
Performed static/dynamic (SAST/DAST) code testing, manual code review and penetration testing with IBM
AppScan and BurpSuite of internal web applications and external partner applications to identify vulnerabilities and
security defects
Deployed Tenable Nessus to identify technical security vulnerabilities and threats. Developed reports, tracked
monthly metrics and KPIs, prioritized vulnerability remediation efforts, and led continuous threat management
projects.
Provided management with vulnerability assessments and security briefings and advise of critical and high risk
vulnerabilities that may affect customer,or organization’s security objectives.
FRANK AYIREBI
Atlanta, GA | frank.ayirebi@gmail.com
Developed and implemented manual and automated web application security testing of e-commerce web
applications to enforce security standards (WebInspect,Fortify)
Conducted application security assessments / penetration testing and code review with IBM AppScan / BurpSuite /
Qualys
Worked with security product vendors and developers to develop a formal Application Security Verification
Standard within our SDLC process in variety of languages (.NET, Java, JS, HTML, C++, C#, COBOL)
Performed manual pen-tests with aid from industry standard open-source and custom developed tools to identify
vulnerabilities before going into production. (BurpSuite, AppScan)
Consulted with development teams on remediation techniques and defensive coding.
Ran automated application security tools (Tenable.io, WebInspect, Fortify) SAST/DAST
Security Threats to Commercial Web Applications such as XSS, CRSF, SQL Injection.
SECURITY CONSULTANT
Department of Aviation Jan 2016 – Dec 2017
Trained development teams on knowledge and understanding of secure SDLC methodologies and deployed
enterprise applications.
Design virtual networks to support workloads with the highest security and performance.
Participated as Team member for migrating servers and applications Azure cloud services.
Managed Windows servers, troubleshooted IP issues and worked with different support teams.
Managed ticketing system of Rackspace to resolve issues on the cloud environment with the cloud management third
party team.
Automated Deployment and Scale of Azure IaaS Solution script, and scale Azure deployments.
Setup Contrast Assess and Contrast scan with agents to analyze data flow and identify vulnerabilities in fully-
assembled and running applications. Provided accurate, continuous, real-time application security testing and attack
blocking for application.
SECURITY ANALYST
Uber Technologies Inc Dec 2012- Dec 2015
Developed policies and procedures to ensure information systems reliability and accessibility
Worked with the engineers and project managers on systems programming teams to include security in their
workflows
Provided security recommendations as a subject matter expert for development teams during all phases of
development
Conducting risk and vulnerability assessments of installed information systems to identify vulnerabilities, risks, and
protection needed.
Promoted awareness of security issues among management and law enforcement ensuring sound security principles
are reflected in organizations’ visions and goals
Monitored network traffic and conducted systems security evaluations, audits, and developed disaster recovery
procedures
Managed patches, hotfixes, system change packages and current compliance verification
Improved the security of our applications by working closely with product teams and developers from each Amplify
division (Insight, Learning, Access
Performed security events check and advised on appropriate action to implement countermeasures.