← Back to list ![]()
Senior
Registration: 22.07.2025
Nikita Ivanov
Specialization: Head of Information Security
Leadership & Strategy:
— Led a team of security specialists, defined priorities, and coordinated security initiatives.
— Developed and implemented DevSecOps and SSDLC processes, including secure code review, developer training, security champions, and process integration.
— Extensive experience in architecture reviews for web, mobile, fintech, and crypto services.
— Participated in audits and ensured compliance with PCI DSS and other security standards.
Application & Infrastructure Security:
— Built and optimized Vulnerability Management, Threat Modeling, Risk Management, and Security Testing processes.
— Applied security maturity models (e.g., OWASP SAMM) to assess and improve security posture.
— Implemented security mechanisms for web applications (headers, cookie flags, CORS, CSP).
— Conducted OSINT and internal pentests for web applications and infrastructure.
— Experience securing Kubernetes, Docker, cloud— native and microservice— based architectures.
— Expertise in mobile app security (including iOS/Android reverse engineering and dynamic/static analysis).
— Organized and participated in public and internal Bug Bounty programs.
— Conducted vulnerability research, exploit development, and security tool creation.
CI/CD & Automation6
— Integrated security checks into CI/CD pipelines (SAST, DAST, SCA, secrets detection, MobSF).
— Automated scanning and vulnerability detection using tools like Burp Suite, Acunetix, Nessus, Nmap, Masscan, sqlmap, Metasploit, Wireshark.
— Developed systems for scan orchestration, result filtering, notifications, and false positive handling Cloud & Infrastructure.
— Security hardening and configuration in AWS, GCP, Azure, Yandex Cloud.
— Patch management, CVE tracking, configuration validation using Zabbix, Prometheus, WSUS Security Monitoring & Incident Detection.
— Configured and maintained SIEM solutions (Splunk, ELK, Hive, IRIS).
— Developed custom detection rules for SIEM, IDS/IPS (Snort, Suricata), HIDS/HIPS (osquery, OSSEC, Wazuh, AppLocker).
Access & Identity Management:
— Implemented secrets management and access control systems (Keycloak, One Identity, OmniTracker).
— Managed PKI infrastructure and hardware tokens (YubiKey, Rutoken, eToken).
— Built and maintained privileged access and identity lifecycle processes.
Leadership & Strategy:
— Led a team of security specialists, defined priorities, and coordinated security initiatives.
— Developed and implemented DevSecOps and SSDLC processes, including secure code review, developer training, security champions, and process integration.
— Extensive experience in architecture reviews for web, mobile, fintech, and crypto services.
— Participated in audits and ensured compliance with PCI DSS and other security standards.
Application & Infrastructure Security:
— Built and optimized Vulnerability Management, Threat Modeling, Risk Management, and Security Testing processes.
— Applied security maturity models (e.g., OWASP SAMM) to assess and improve security posture.
— Implemented security mechanisms for web applications (headers, cookie flags, CORS, CSP).
— Conducted OSINT and internal pentests for web applications and infrastructure.
— Experience securing Kubernetes, Docker, cloud— native and microservice— based architectures.
— Expertise in mobile app security (including iOS/Android reverse engineering and dynamic/static analysis).
— Organized and participated in public and internal Bug Bounty programs.
— Conducted vulnerability research, exploit development, and security tool creation.
CI/CD & Automation6
— Integrated security checks into CI/CD pipelines (SAST, DAST, SCA, secrets detection, MobSF).
— Automated scanning and vulnerability detection using tools like Burp Suite, Acunetix, Nessus, Nmap, Masscan, sqlmap, Metasploit, Wireshark.
— Developed systems for scan orchestration, result filtering, notifications, and false positive handling Cloud & Infrastructure.
— Security hardening and configuration in AWS, GCP, Azure, Yandex Cloud.
— Patch management, CVE tracking, configuration validation using Zabbix, Prometheus, WSUS Security Monitoring & Incident Detection.
— Configured and maintained SIEM solutions (Splunk, ELK, Hive, IRIS).
— Developed custom detection rules for SIEM, IDS/IPS (Snort, Suricata), HIDS/HIPS (osquery, OSSEC, Wazuh, AppLocker).
Access & Identity Management:
— Implemented secrets management and access control systems (Keycloak, One Identity, OmniTracker).
— Managed PKI infrastructure and hardware tokens (YubiKey, Rutoken, eToken).
— Built and maintained privileged access and identity lifecycle processes.
Skills
Go
Python
Java
Kotlin
SIEM
Splunk
Ansible
Debian
CentOS
Windows
Docker
Nginx
Kubernetes
Terraform
Confluence
Firewall
VPN
Bash
Jira
Git
Work experience
Head of Information Security
since 04.2022 - Till the present day |NDA
Firewall, SIEM Tools, VPN, Debian, Windows
● Implemented a Vulnerability Management process.
● Established Threat Modeling and Security Testing processes.
● Applied security maturity models to assess and improve security posture.
● Implemented an Asset Management process.
● Performed risk management and assessments.
● Developed an application security roadmap.
● Automated DAST processes.
● Contributed to article writing and participated in public speaking engagements.
● Ran public and private Bug Bounty programs.
Information Security Consultant
06.2020 - 04.2022 |NDA
CI/CD, Debian, Windows, Splunk, Ansible, DevOps
● Developed and optimized DevSecOps processes.
● Enhanced security within CI/CD pipelines.
● Provided training for development teams on security best practices.
● Established secure development and software supply chain processes.
DevSecOps Team Lead
10.2021 - 09.2022 |Sberbank
SSDLC, DevOps, CI/CD, OWASP SAMM
● Led a team of security specialists.
● Defined and implemented the DevSecOps roadmap.
● Developed and applied a DevSecOps maturity model.
● Improved organization’s security posture based on the OWASP SAMM framework.
● Integrated security scanners into CI/CD pipelines.
● Implemented secrets management and privileged access management solutions.
● Built security architecture for microservices and cloud-native environments.
● Established a Secure Software Development Lifecycle (SSDLC) process.
DevSecOps Team Lead
07.2019 - 10.2021 |Veeam Software
SAST, DAST, DevOps, CI/CD, OSINT, AWS, GCP, Azure
● Working as part of a DevOps team, focusing on building and integrating DevSecOps practices.
● Implemented security tools and processes, including SAST, DAST, dependency checks, and network vulnerability scanning.
● Automated OSINT collection, penetration testing workflows, and security reporting.
● Developed a service for verifying software licenses and copyright compliance.
● Integrated security scans and services into CI/CD pipelines.
● Worked with AWS, GCP, and Azure, performing cloud security assessments and configuration checks.
● Collaborated with development teams to review scan reports, remediate vulnerabilities, and enforce quality gates prior to releases.
● Participated in the architectural committee to ensure secure system design.
● Promoted security awareness through internal presentations and knowledge sharing initiatives.
Information Security Specialist
09.2017 - 07.2019 |Yandex.Money
Firewall, SIEM Tools, VPN, Debian, Windows, SAST, DAST, WAF
● Implemented SAST, DAST, and network vulnerability scanners.
● Built secure code review processes in collaboration with development teams.
● Performed internal penetration testing (primarily of web applications).
● Administered WAF, SIEM, and client proxy systems.
● Optimized network and application access control processes.
● Participated in PCI DSS audits: communicated with auditors, demonstrated security systems, and remediated findings.
Information Security Specialist
11.2012 - 09.2017 |Information Security Consulting
Firewall, SIEM Tools, VPN, Debian, Windows, SAST, DAST, WAF
● Conducted security audits of web applications.
● Developed a data parser for processing bank card information.
● Performed vulnerability research, created custom exploitation techniques.
● Developed security tools and proof-of-concept exploits.
Educational background
Information Security (Masters Degree)
2012 - 2018
ITMO University
Languages
RussianNativeEnglishAdvanced