Security Engineer, DevSecOps Engineer Sovcombank PJSC Jun 2022 – present
- Currently working mainly as a DevSecOps engineer ensuring a secure development lifecycle
- Helping developing secure authentication and authorization with OAuth 2.0 based solutions
- Having experience with GitLab, worked with Gitaly codebase (Go) on introducing the new feature. It allowed us to enforce commit signing policy for all commits including GitLab ones (using Web Editor, Web IDE, MR functionality, etc).
Security Engineer, Penetration Tester Sovcombank PJSC Jan 2021 – Jun 2022
- Tested bank's external and internal information systems
- Acted as an analyst helping to develop secure apps
- Had experience in reverse engineering various apps
Golang software developer Sovcombank PJSC Jul 2018 – Jan 2021
- Developed my own open source alternative to a popular UNIX utility named cntlm which uses Kerberos instead of NTLM. escobar has received a strong feedback from my colleagues and solved a long-standing problem: a lot of software doesn't even support basic proxy authorization, let alone Kerberos. As a result, it highly increased security: the developers no longer used their domain credentials in plaintext scattered throughout the system.
- While working in the bank, I had a lot of experience with cryptography (e.g. I wrote and maintain a Go implementation of ECIES)
- Had an interesting project which required implementing our own library that used proprietary stateful binary protocol (with some ActiveX component reverse engineering). It allowed us to throw out old single-user ActiveX component and make an HTTP API for the mobile clients. Using this during COVID-19 pandemic we successfully switched a lot of workers from old IE-based setup to a simple smartphone.
- Designed and wrote public APIs and various microservices (mostly HTTP)
- Worked a lot with SQL (especially PostgeSQL)
- Of course I used Docker and GiLab's CI/CD
Software developer freelancer Jan 2016 – Jul 2018
- Mostly wrote messenger bots with various public API integrations (Telegram, Discord)
Computer science Kazan Aviation Institute Sep 2017 – Jun 2018
Theoretical physics Kazan Federal University Sep 2015 – Jun 2017
English Upper Intermediate
Tech enthusiast, developer and security engineer from Russia passionate about open source, software simplicity and privacy. By the way, this site uses plain HTML/CSS, has no trackers and fully meets accessibility requirements.