`

About

Application Security Specialist & Software Developer.

Breaker of things

Evan Lewis is a seasoned Application Security Architect with a wealth of expertise in protecting digital systems from cyber threats and malicious attacks.

With a meticulous approach, background in secure software development, and a strong command of industry best practices, Evan excels in designing and implementing robust security measures for applications.

Evan's passion for staying ahead of emerging risks, his ability to analyze complex systems, identify vulnerabilities, and devise effective mitigation strategies, coupled with his strong communication skills makes him a valuable asset in safeguarding sensitive data and ensuring the integrity of software ecosystems.

CV

Professional Experience

Application Security Engineer

June 2022 - Present

Old Republic Title

  • Conduct internal penetration testing, vulnerability assessments, and manual code reviews on business-critical company applications
  • Perform application and system design security reviews and threat modeling
  • Developed containerized, cloud-based antivirus as a service platform for use by various company-developed applications
  • Consult with development teams to prioritize threats and determine mitigation strategies

Application Security Analyst

December 2021-June 2022

Old Republic Title

  • Determined company needs, demoed, and purchased DAST and SAST scanning solutions
  • Developed automated controls in CI/CD to prevent vulnerabilities from being introduced
  • Orchestrated yearly external penetration testing and vulnerability remediation on nine SOX/SOC2 regulated applications
  • Provided security guidance and recommendations to development teams to ensure secure coding practices.

Software Engineer

May 2020-December 2021

Bank of America

  • Developed frameworks to generate and validate positions in fixed income trading portfolios valued at over $100 billion
  • Maintained high standard of security protocols to protect non-public material information
  • Designed and built distributed batch processes to generate metrics on Fixed Income, Currencies, and Commodities holdings

Certifications

GIAC Certified Penetration Tester (GPEN)

2023

GIAC

View credential

The GIAC Penetration Tester (GPEN) certification validates a practitioner's ability to properly conduct a penetration test using best-practice techniques and methodologies. GPEN certification holders have the knowledge and skills to conduct exploits, engage in detailed environmental reconnaissance, and utilize a process-oriented approach to penetration testing projects.

GIAC Certified Incident Handler (GCIH)

2022

GIAC

View credential

The GIAC Incident Handler (GCIH) certification validates a practitioner's ability to detect, respond, and resolve computer security incidents using a wide range of essential security skills. GCIH certification holders have the knowledge needed to manage security incidents by understanding common attack techniques, vectors and tools, as well as defend against and respond to such attacks when they occur.

GIAC Advisory Board Member

2022

GIAC

View credential

The GIAC Advisory Board is an invitation only, email-based forum where IT Security professionals can exchange ideas and advice. Invitations are extended to GIAC certified professionals who demonstrate exemplary performance on GIAC exams. Members are often consulted as subject-matter experts for content-related issues in various GIAC program needs.

Certifications

Education

Bachelor of Science with Honor in Computer Science

2016 - 2020

Stevens Institute of Technology, Hoboken, NJ

GPA: 3.3

View diploma

Credential ID CeDiD: 20BLAQR9EFSY and Name: EV