About

Application Security Specialist & Software Developer.

Breaker of things

Evan Lewis is a seasoned Application Security Architect with a wealth of expertise in protecting digital systems from cyber threats and malicious attacks.

With a meticulous approach, background in secure software development, and a strong command of industry best practices, Evan excels in designing and implementing robust security measures for applications.

Evan's passion for staying ahead of emerging risks, his ability to analyze complex systems, identify vulnerabilities, and devise effective mitigation strategies, coupled with his strong communication skills makes him a valuable asset in safeguarding sensitive data and ensuring the integrity of software ecosystems.

Writings

1990's Hard Drive Revival

CV

Professional Experience

Application and Cloud Security Manager

March 2025 - Present

Old Republic Title

  • Oversee and coordinate end-to-end application security activities, including threat modeling, secure architecture design reviews, and internal penetration testing across business-critical systems.
  • Lead the planning and execution of external penetration tests and ensure timely remediation across all regulated applications.
  • Establish application and cloud security standards, governance models, and measurable KPIs to continuously mature the organization’s security program.
  • Serve as a primary liaison between security, engineering, compliance, and leadership stakeholders to align risk management strategies with business priorities.
  • Drive secure DevOps practices by scaling automated security controls in CI/CD pipelines and establishing cloud-native security tooling.

Lead Application Security Engineer

October 2024 - March 2025

Old Republic Title

  • Directed internal penetration testing, manual code reviews, and vulnerability assessments across high-impact applications, identifying and mitigating critical security risks.
  • Provided technical leadership in application threat modeling and design reviews, ensuring alignment with secure architecture principles.
  • Contributed to maturing the organization’s AppSec roadmap by recommending tooling improvements, process enhancements, and training initiatives.
  • Mentored junior engineers and provided expert guidance on secure coding, vulnerability triage, and risk remediation strategies.
  • Launched a Security Champions Program to scale secure development practices by empowering developers with security training, tooling, and ongoing mentorship.

Application Security Engineer

June 2022 - October 2024

Old Republic Title

  • Conduct internal penetration testing, vulnerability assessments, and manual code reviews on business-critical company applications
  • Perform application and system design security reviews and threat modeling
  • Developed containerized, cloud-based antivirus as a service platform for use by various company-developed applications
  • Consult with development teams to prioritize threats and determine mitigation strategies

Application Security Analyst

December 2021 - June 2022

Old Republic Title

  • Determined company needs, demoed, and purchased DAST and SAST scanning solutions
  • Developed automated controls in CI/CD to prevent vulnerabilities from being introduced
  • Orchestrated yearly external penetration testing and vulnerability remediation on nine SOX/SOC2 regulated applications
  • Provided security guidance and recommendations to development teams to ensure secure coding practices.

Software Engineer

May 2020 - December 2021

Bank of America

  • Developed frameworks to generate and validate positions in fixed income trading portfolios valued at over $100 billion
  • Maintained high standard of security protocols to protect non-public material information
  • Designed and built distributed batch processes to generate metrics on Fixed Income, Currencies, and Commodities holdings


Download Resume

Certifications

GIAC Certified Penetration Tester (GPEN)

2023

GIAC

View credential

The GIAC Penetration Tester (GPEN) certification validates a practitioner's ability to properly conduct a penetration test using best-practice techniques and methodologies. GPEN certification holders have the knowledge and skills to conduct exploits, engage in detailed environmental reconnaissance, and utilize a process-oriented approach to penetration testing projects.

GIAC Certified Incident Handler (GCIH)

2022

GIAC

View credential

The GIAC Incident Handler (GCIH) certification validates a practitioner's ability to detect, respond, and resolve computer security incidents using a wide range of essential security skills. GCIH certification holders have the knowledge needed to manage security incidents by understanding common attack techniques, vectors and tools, as well as defend against and respond to such attacks when they occur.

GIAC Advisory Board Member

2022

GIAC

View credential

The GIAC Advisory Board is an invitation only, email-based forum where IT Security professionals can exchange ideas and advice. Invitations are extended to GIAC certified professionals who demonstrate exemplary performance on GIAC exams. Members are often consulted as subject-matter experts for content-related issues in various GIAC program needs.

Education

Bachelor of Science with Honor in Computer Science

2016 - 2020

Stevens Institute of Technology, Hoboken, NJ

GPA: 3.3

View diploma

Credential ID CeDiD: 20BLAQR9EFSY and Name: EV