Jeremy Buis
skills
Skill | Keywords |
---|---|
Web Applications | JavaScript HTML CSS Java Node.JS Express MithrilJS MongoDB Postgresql |
Penetration Testing | Burp Suite OWASP Zap nmap Nessus Kali |
Security Code Review | Brakeman FindSecBugs Semgrep Checkmarx Fortify |
employment
Senior Application Security Engineer, Software Secured
2018-03 — Present
Performing web, network, and mobile penetration tests and secure code review for a variety of platforms and applications. Guiding clients in application security tasks like threat modelling, secure design and vulnerability remediation and scoring. Owning team resources like test plans, payload databases, and report QA. Mentoring and assisting team members in their approach to security testing. Delivering quality content for the company blog.
- Reported multiple CVEs listed below.
- Delivered high quality reports to clients containing many high severity vulnerabilities for a diverse set of applications and products.
- Advised client developer teams on threat modeling, secure design/architecture, and risk classification/remediation.
- Performed quality control on outgoing client reports for the entire team.
Application Security Engineer, Software Secured
2014-05 — 2018-03
A broad role covering both software development and application security tasks. Writing code focused around the Node.JS stack. Performing web application penetration tests and secure code review for a variety of platforms and applications. Some example applications include:
- Performed statis, dynamic and hybrid security tests against a wide variety of web applications. Used a variety of tools including: Burp Suite, OWASP ZAP, nmap, Nessus, Checkmarx, Fortify, Brakeman, Kali Linux
Web Application Developer, SecDev Cyber
2012-10 — 2014-05
Building internal tools in support of analytics and business requirements. Releasing visualizations for external consumption.
- Created and launched multiple web visualizations to production.
- Built to completion, internal statistics tracking web application.
Programmer Analyst, Canadian Medical Protection Association
2012-01 — 2012-06
Building internal tools and production websites using Java and Web Technologies.
- Performed software development and upgrades for public doctor facing knowledge website.
education
Offensive Security Certified Professional (OSCP), Offensive Security
2017-05 — 2017-09Completed the OSCP certification.
Computer Science, Honours, Co-operative Program, University of Waterloo
2006-09 — 2011-12Completion of a Computer Science focused education.
Software Design and Architectures Distributed Systems Computer Networks Computer Security and Privacy Introduction to Artificial Intelligence Advanced Offerings in Computer Science - Machine Learning