Alvin Ikpesa
Application/ Security Engineer
Austin,TX
Summary
Experienced Security Engineer with 9+ years in application and cloud security. Skilled in identifying vulnerabilities, conducting risk assessments, and implementing secure coding practices. Proficient in managing security tools, automating threat detection, and leading incident response efforts. Committed to maintaining high security levels while driving innovation and efficiency in enterprise systems and cloud infrastructures.
Overview
8
8
years of professional experience
5
5
Certifications
Work History
Tech Lead, Application/Cloud Security Engineer
SOUTHWEST AIRLINES
Dallas, TX
10.2022 - Current
- Developed and implemented Veracode automated security checks (SCA & SAST) in build CI/CD pipelines using Python scripts, Gitlab configuration to increase adoption rate by 80% across security scans and applicable pipelines, with a 50% reduction in scan failure rate.
- Championed the adoption of containerization technology within the organization, enhancing overall system security and scalability within cloud environments.
- Developed and integrated Prisma Cloud container image scanning in the pipeline for security enforcement using Prisma twistcli binaries, Gitlab configuration for early detection of security findings, and misconfigurations.
- Implemented automation to collect pipeline metrics from running jobs and pushing to OpenSearch domain for metrics visualization, which enabled OKR measurement of key metrics, resulting in data-driven decision making.
- Collaborated with stakeholders to define product strategy, feature prioritization, and developed product backlog items that align with customers' requirements while meeting business objectives.
- Developed comprehensive documentation to facilitate knowledge sharing among team members and support long-term maintenance efforts.
Senior Cybersecurity Engineer
LOCKHEED MARTIN CORPORATION
Bethesda, MD
06.2019 - 10.2022
- Conducted penetration tests across Web and cloud infrastructure, leveraging STRIDE methodology, in identifying and the early resolution of security findings.
- Developed tools and techniques to automate and scale adversary emulation capabilities to evade defensive countermeasures.
- Performed regular manual and automated secure code reviews, dynamic application security testing to identify and remediate vulnerabilities in collaboration with development teams.
- Executed various cybersecurity testing of web applications using manual penetration testing methods and automated penetration testing tools to deliver secure and resilient applications to end-users.
- Triaged critical incidents based on NIST 800-61 guidelines, which resulted in the timely resolution of security incidents.
- Reviewed vulnerability scans and worked with application teams for on-time resolution and reduction of all critical/high vulnerabilities.
- Collaborated with the Product Management team on backlog prioritization and developed user stories that align with customer requirements, in line with business objectives.
Systems Engineer
RAYTHEON TECHNOLOGIES
Arlington, VA
07.2016 - 06.2019
- Led a security review of legacy applications and outdated third-party libraries, which resulted in sunsetting 16 legacy applications and subsequent reduction in operational costs.
- Initiated a comprehensive audit to identify vulnerable software and established a streamlined process for remediating vulnerabilities according to NIST 800-61 guidelines.
- Developed custom security controls in our AWS Cloud environment to ensure proper security guardrails are defined to secure the organization's Cloud environment based on FedRAMP standards.
- Contributed towards continuous improvement initiatives aimed at streamlining internal processes and enhancing overall service delivery quality.
- Analyzed system requirements, developing tailored solutions that met or exceeded client expectations.
Education
MSc. Computer Science -
University of Houston Victoria
BSc. Electrical/Electronics Engineering - undefined
Madonna University Nigeria
Skills
CLOUD TECHNOLOGIES AWS, GCP
SECURE CODE SCANNING & REVIEW Java, Python, NodeJS
VULNERABILITY MANAGEMENT & REMEDIATION CVE, CVSS, EPSS
WEB APPLICATION SECURITY Penetration testing, Threat modeling, Code review
INCIDENT RESPONSE AND RESOLUTION
Certification
AWS Certified Security - Specialty
Lawsregulations
- GDPR
- HIPAA
- NIST
- FedRAMP
- OWASP Top 10
- PCI DSS
- SANS CWE/25
- RMF
- ISO 27000
- SOX
- SOC
Timeline
Tech Lead, Application/Cloud Security Engineer
SOUTHWEST AIRLINES
10.2022 - Current
Senior Cybersecurity Engineer
LOCKHEED MARTIN CORPORATION
06.2019 - 10.2022
Systems Engineer
RAYTHEON TECHNOLOGIES
07.2016 - 06.2019
MSc. Computer Science -
University of Houston Victoria
BSc. Electrical/Electronics Engineering - undefined
Madonna University Nigeria