詹承壕(Howard Chan)
Cybersecurity professional with 10 years, experience in information security management, application security, Vulnerability assessment , analysis of information security events and project management cross department. Solid background Information Security technology and management.
工作經歷
Application Security Engineer • WOO Network
三月 2022 - Present
(1) Leading the cyber security framework and architecture design of Woo Network's cloud projects and develop the security framework and architecture, including but not limited to cloud platform, Kubernetes, endpoint security, application security.
(2) Leading of redesign enterprise security architecture, according GKE architecture and OA Env, and Implement Kubernetes Pod micro-segmentation through the Paloalto Prisma cloud (CSPM +CWPP)solution.
(3) Leading of planning and establishing the security benchmark of Kubernetes architecture and containers.
(4) Leading of Product security design and promote the best practice of system architecture,DevSecOps and application security, including Kubernetes security administration, system security hardening, privilege key management and privacy data protection.
(5) Plan and promote application security strategy of the Woo Network, such as security requirements documents, container image scan, SCA, SAST, DAST, Bug bounty program. And integrate the tool and process into SSDLC to establish application security develop culture with the Dev team.
Application security engineer | Assistant Manager • LINE Bank Taiwan
三月 2020 - 三月 2022
(1) Perform security testing(Ex. OS VA, SAST, and DAST) and vulnerability assessments to identify potential security exposures of the business and recommend corrective action.
(2) Establish a privileged account management life cycle, and realize automated management mechanism through CyberArk and DB credential service.
(3) Design and plan the endpoint-to-endpoint encryption(E2EE) process from mobile devices to backend server, and complete the import solution.
(4) Import and establish information security solutions, such as WAF, DAM, and File base encrypt solution.
(5) Work with business units to identify security requirements, using methods that may include risk and business impact assessments.
(6) Participate in discussions to formulate new or enhance existing security policies, processes, and standards, such as VA management policy, DDoS defense process, and privileged account management process.
(7) Build LINE Bank Taiwan's security framework from scratch and cooperate with LINE Corp (Korea, Japan)engineers across regions.
Information Security officer • OneDegree
十月 2018 - 二月 2020
(1) Establish Information Security Management System(ISO 27001).
(2) Develop security blueprint.
(3) Information security incident management.
(4) Planning and building Azure cloud platform security setting.
(5) Building Splunk for Azure cloud security analysis .
(6) Building HA Fortigate UTM in azure cloud.
(7) Building office365 ,Intune(Microsoft MDM) and execute security settings.
Senior Specialist • Cathay Unitied Bank
六月 2014 - 十月 2018
Daily maintenance:
(1)Use vulnerability assessment System and vulnerability management.
(2)Static code analysis (HPE Fortify).
(3)Monitor for Arcsight ESM(SIEM) and event analysis.
(4)Maintain Information Security Management System(ISO 27001).
(5)Information security anomaly analysis and processing.
(6)Web and Mobile application security.
Project experience:
(1)Annual security review for infra structure, cyber security, Infra device security, web security , Security settings and compliance review.
(2)Planning open source governance lifecycle.
(3)Static code analysis tool evaluation and Integration with ALM as project manager.
(4)Mobile application code and Cryptographic key Protection as project manager.
(5)Secure SDLC review as project manager.
Engineer • ELITEGROUP
十月 2012 - 四月 2013
Writing software QA plan and Software testing operation.
技能
- Security Operations
- CISSP-Certified Information System Security Professional
- Certified Information Security Manager
- vulnerability assessment
- ISO 27001 Lead Auditor
- Project Management
- 資安
- 資訊安全
- Cybersecurity
- Information Security
語言
- Chinese — 母語或雙語
- English — 中階
