Fähigkeiten
Zusätzliche Fähigkeiten (15)
Branchenkenntnisse
Ali in wenigen Worten
Hello, I’m Ali, a Security Engineer with over 10 years of experience in the security industry. I am a Security Engineer with an Application Security background. Beginning as a Penetration Tester, I gained insights into the offensive side of application security.
I progressed to help organizations implement security solutions and cultivate a strong DevSecOps culture. Today, my passion lies in assisting businesses to ensure their product’s security posture is robust and effective.
As an OWASP Foundation Researcher, I contribute to the OWASP MSTG (Mobile Security Testing Guide) project as a project contributor and lead the OWASP DevSecOps guideline project. I am passionate about sharing my knowledge and experience with the security community to promote best practices and enhance security awareness.
For more info please check my blog:
Projekt- und Berufserfahrung
- Scoutbee GmbHPrincipal DevSecOps EngineerDIGITALAGENTUREN & IT-CONSULTINGOktober 2023 - Heute (1 Jahr und 9 Monate)Berlin, Deutschland
- Defining Scoutbee’s security strategies to make sure our product and services are secure and in compliance with the standards and regulations we are following.
- Collaboration with development teams to implement best practices based on Secure Coding principles and define secure CI/CD guardrails to keep the development pipelines in the rail.
- Collaborated with the infra/SRE team to identify security vulnerabilities and misconfigurations. Established IaC scanning, CNAPP, and Policy as Code for deployment on cloud providers to improve understanding and visibility.
- Performing threat modeling and secure coding workshops to identify the threats and plan to fix them in the design and developing phase (Shift-left mindset) and promote a clutter of DevSecOps.
- Scoutbee GmbHSenior DevSecOps EngineerDIGITALAGENTUREN & IT-CONSULTINGAugust 2022 - September 2023 (1 Jahr und 2 Monate)Berlin, DeutschlandImplementing SAST, SCA, IaC, PaC, and DAST as part of the CI/CD pipelines.Threat modeling and analyzing software designs, implementations, and infrastructure to identify security issues anddesign countermeasures.Managing penetration test programs on applications and services.Define a vulnerability disclosure program (VDP) to identify vulnerabilities in internet-facing services.Promoting the shift-left strategy and DevSecOps culture by starting the threat modeling section.
- HENKELLead Engineering DevSecOpsCHEMIESeptember 2021 - Februar 2022 (5 Monate)Berlin, GermanyPerform vulnerability assessments and penetration tests. Perform security testing and code review as part of the SDLC pipeline to improve software security. (promoting the shift-left strategy and DevSecOps culture).
Externe Empfehlungen
Ausbildung und Abschlüsse
- Associate s Degree in Computer Software EngineeringJahaad Software Academic Institute – Esfahan2013Bachelor's degree, Computer Software Engineering
- Associate s Degree in Computer Software EngineeringJahaad Software Academic Institute – Esfahan2009Associate's degree, Computer Software Engineering
Zertifizierungen
- CKA: Certified Kubernetes AdministratorThe Linux Foundation2022
- CKS: Certified Kubernetes Security SpecialistThe Linux Foundation2022