I have over 6 years of experience as a security engineer and 2 years of experience as a developer. Working as a security group leader under a start-up achieved IPO, I have a solid deep experience in driving and implementing security policies which maximize business opportunities.
Leading company-wide initiatives, transformations, and various aspects of Information Technology Security and Governance for Japan
- Leading a team of 8 full time and 2 subcontracts
- Increased efficiency of operation while saving 10% of budgets
- Building a strategic plan by combining a guideline from the Japanese Financial Services Agency and Cyber Security Framework from NIST.
- Utilizing AzureAD, Intune, Jamf, AWS, and others for the purpose of automated internal systems
- Enabling 100+ members on enabling remote works in safe and convenient manner
- Associated with external organizations, such as JPCERT/CC, 金融ISAC, and OpenID Foundation, for building next-gen policies
Implemented security policy, standard, procedures in preparing for the IPO.
Architected and implemented the overall company’s internal system including id management systems, device management, password management, endpoint protection, RBAC, networks, and more.
Conducted Web vulnerability assessments for our Web apps and API endpoints mainly using BurpSuite. While doing the assessment by ourselves, private bug bounty program has been run.
Implemented automation tools for automating daily system administrator’s operations.
- Handled Incident response for multiple companies across industries, including one of the largest financial institution in Japan.
- Built and deployed various network-based security appliances such as Juniper SSG, SourceNext(Snort), BIG-IP(ASM), focusing on improving web-based security while maintaining availability, fault tolerance.
- Managed logs collection scheme and built collelated analysis in ArchSight(SIEM) in order to carry out SOC(SecurityOperationCenter).
Developedaneasy-to-installcloudbasedWAFserviceusingIncapsula.