Derek Kneisel

Shift-Left Security Scanning Integration

• Led the development and deployment of a custom security scanner seamlessly integrated into CI/CD pipelines (Azure DevOps, GitHub Actions, and internal on-prem platforms).
• Implemented advanced security scanning for Infrastructure as Code (IaC) and container images, addressing pre-runtime security risks.
• Onboarded 4,000+ pipelines, performed 200,000+ scans, and uncovered 300,000+ vulnerabilities, including 90,000+ critical issues.
• Designed and engineered backend APIs using Node.js and AWS Lambda, with scalable, serverless data storage in DynamoDB.
• Collaborated with vendors to integrate and enhance third-party security tools, optimizing performance and functionality.
• Authored and deployed custom cloud security rules in Open Policy Agent (OPA), aligned with Center for Internet Security (CIS) benchmarks and tailored to organizational security requirements.

Automated Firewall Request System for Azure Migration

• Designed and implemented an automated allow-listing system to streamline secure access via a bastion host.
• Processed over 250,000 allow-list requests with an 85% automation success rate, reducing manual intervention and approval time.
• Developed a user-friendly frontend interface using Angular for managing manual approvals and real-time request tracking.
• Created a database using MongoDB to store requests and built backend services with ExpressJS to handle API interactions and workflow automation.
• Implemented a database backup and recovery solution in Azure using a Python script to ensure high availability and data integrity.