About
Application Security Specialist & Software Developer.
Breaker of things
Evan Lewis is a seasoned Application Security Architect with a wealth of expertise in protecting digital systems from cyber threats and malicious attacks.
With a meticulous approach, background in secure software development, and a strong command of industry best practices, Evan excels in designing and implementing robust security measures for applications.
Evan's passion for staying ahead of emerging risks, his ability to analyze complex systems, identify vulnerabilities, and devise effective mitigation strategies, coupled with his strong communication skills makes him a valuable asset in safeguarding sensitive data and ensuring the integrity of software ecosystems.
Projects
CV
Professional Experience
Application Security Engineer
June 2022 - Present
Old Republic Title
- Conduct internal penetration testing, vulnerability assessments, and manual code reviews on business-critical company applications
- Perform application and system design security reviews and threat modeling
- Developed containerized, cloud-based antivirus as a service platform for use by various company-developed applications
- Consult with development teams to prioritize threats and determine mitigation strategies
Application Security Analyst
December 2021-June 2022
Old Republic Title
- Determined company needs, demoed, and purchased DAST and SAST scanning solutions
- Developed automated controls in CI/CD to prevent vulnerabilities from being introduced
- Orchestrated yearly external penetration testing and vulnerability remediation on nine SOX/SOC2 regulated applications
- Provided security guidance and recommendations to development teams to ensure secure coding practices.
Software Engineer
May 2020-December 2021
Bank of America
- Developed frameworks to generate and validate positions in fixed income trading portfolios valued at over $100 billion
- Maintained high standard of security protocols to protect non-public material information
- Designed and built distributed batch processes to generate metrics on Fixed Income, Currencies, and Commodities holdings
Certifications
GIAC Certified Penetration Tester (GPEN)
2023
GIAC
The GIAC Penetration Tester (GPEN) certification validates a practitioner's ability to properly conduct a penetration test using best-practice techniques and methodologies. GPEN certification holders have the knowledge and skills to conduct exploits, engage in detailed environmental reconnaissance, and utilize a process-oriented approach to penetration testing projects.
GIAC Certified Incident Handler (GCIH)
2022
GIAC
The GIAC Incident Handler (GCIH) certification validates a practitioner's ability to detect, respond, and resolve computer security incidents using a wide range of essential security skills. GCIH certification holders have the knowledge needed to manage security incidents by understanding common attack techniques, vectors and tools, as well as defend against and respond to such attacks when they occur.
GIAC Advisory Board Member
2022
GIAC
The GIAC Advisory Board is an invitation only, email-based forum where IT Security professionals can exchange ideas and advice. Invitations are extended to GIAC certified professionals who demonstrate exemplary performance on GIAC exams. Members are often consulted as subject-matter experts for content-related issues in various GIAC program needs.
Certifications
Education
Bachelor of Science with Honor in Computer Science
2016 - 2020
Stevens Institute of Technology, Hoboken, NJ
GPA: 3.3
Credential ID CeDiD: 20BLAQR9EFSY and Name: EV