Malt welcome

Welcome to Ali's freelance profile!

Malt gives you access to the best freelancers for your projects. Contact Ali to discuss your project or search for other freelancer profiles on Malt.

Ali Yazdani

AppSec | Cloud Security | Pentest | DevSecOps
  • Suggested rate
    €800 / day
  • Experience8-15 years
  • Response rate100%
  • Response time1 hour
The project will begin once you accept Ali's quote.
Location and workplace preferences
Location
Berlin, Germany
Remote only
Primarily works remotely
Verifications

Freelancer code of conduct signed

Read the Malt code of conduct
Verified email
Reputation
59Followers
15Repos
0Gists
Languages
Categories
These freelancer profiles also match your search criteria
Agatha FrydrychAF

Agatha Frydrych

Backend Java Software Engineer

Baptiste DuhenBD

Baptiste Duhen

Fullstack developer

Amed HamouAH

Amed Hamou

Senior Lead Developer

Audrey ChampionAC

Audrey Champion

Web developer

Skill set
Industry fields of expertise
Ali in a few words
Hello, I’m Ali, a Security Engineer with over 10 years of experience in the security industry. I am a Security Engineer with an Application Security background. Beginning as a Penetration Tester, I gained insights into the offensive side of application security.
I progressed to help organizations implement security solutions and cultivate a strong DevSecOps culture. Today, my passion lies in assisting businesses to ensure their product’s security posture is robust and effective.

As an OWASP Foundation Researcher, I contribute to the OWASP MSTG (Mobile Security Testing Guide) project as a project contributor and lead the OWASP DevSecOps guideline project. I am passionate about sharing my knowledge and experience with the security community to promote best practices and enhance security awareness.

For more info please check my blog:
Experience
  • Scoutbee GmbH
    Principal DevSecOps Engineer
    DIGITAL & IT
    October 2023 - Today (1 year and 4 months)
    Berlin, Germany
    • Defining Scoutbee’s security strategies to make sure our product and services are secure and in compliance with the standards and regulations we are following.
    • Collaboration with development teams to implement best practices based on Secure Coding principles and define secure CI/CD guardrails to keep the development pipelines in the rail.
    • Collaborated with the infra/SRE team to identify security vulnerabilities and misconfigurations. Established IaC scanning, CNAPP, and Policy as Code for deployment on cloud providers to improve understanding and visibility.
    • Performing threat modeling and secure coding workshops to identify the threats and plan to fix them in the design and developing phase (Shift-left mindset) and promote a clutter of DevSecOps.
    SAST DAST Kubernetes AWS DevSecOps
  • Scoutbee GmbH
    Senior DevSecOps Engineer
    DIGITAL & IT
    August 2022 - September 2023 (1 year and 2 months)
    Berlin, Germany
    Implementing SAST, SCA, IaC, PaC, and DAST as part of the CI/CD pipelines.
    Threat modeling and analyzing software designs, implementations, and infrastructure to identify security issues and
    design countermeasures.
    Managing penetration test programs on applications and services.
    Define a vulnerability disclosure program (VDP) to identify vulnerabilities in internet-facing services.
    Promoting the shift-left strategy and DevSecOps culture by starting the threat modeling section.
    DevSecOps Kubernetes AWS DAST SAST Terraform
  • HENKEL
    Lead Engineering DevSecOps
    CHEMICAL
    September 2021 - February 2022 (5 months)
    Berlin, Germany
    Perform vulnerability assessments and penetration tests. Perform security testing and code review as part of the SDLC pipeline to improve software security. (promoting the shift-left strategy and DevSecOps culture).
Recommendations
Education
  • Associate s Degree in Computer Software Engineering
    Jahaad Software Academic Institute – Esfahan
    2013
    Bachelor's degree, Computer Software Engineering
  • Associate s Degree in Computer Software Engineering
    Jahaad Software Academic Institute – Esfahan
    2009
    Associate's degree, Computer Software Engineering
Certifications