Senior Consultant in Cyber Security @ Consulting in network and application security. Pentests. Security research. Security source code audit and pentests for Java (SE, EE, Android), Objective-C (iOS), HTML5. JavaScript (AJAX) applications. Tools: Burp Suit, WebScarab, HP Fortify, Checkmarx, Firefox Firebug, Tamper Data, Cydia, dex2jar, JD-gui, wsfuzz, skipfish, w3af, Wireshark, Acunetix, Nessus, Qualys From December 2014 to August 2015 (9 months) Moscow, Russian FederationSr. Software Security Engineer @ Developed, Implemented and supported corporate security program for application security (based on OpenSAMM). Developed and monitored software security metrics. Deployed Zabbix monitoring system for servers and web-applications. Took part in architecture design of web application as security architect, threat modeling, attack surface. Security code reviews. Pen-test at network and application levels. Performed presentations and developed Software Security learning course for developers and testers. Security source code audit and pentests for C/C++, C#, Ruby on Rails, JavaScript (node.js) applications. Security deployment and configuration review for nginx, MySQL, PostgeSQL, CentOS. Tools: Burp Suit, WebScarab, Brakeman, Firefox Firebug, Tamper Data, skipfish, w3af, Wireshark, IDA Pro, Hiew. From December 2012 to August 2014 (1 year 9 months) Saint Petersburg, Russian FederationApplication Security Engineer @ Developed and Maintained software security standards in accordance to the Information Security Policy. Verified software to be compliant with software security standards. Analysed risks and threats for software architecture and mitigated those risks by providing guidance and assistance for developers. Investigated and reported to the developers about application security vulnerabilities during development, testing and release. Trained software developers about secure coding practices. Security source code audit and pentests for C#, ASPX, ASP, Java (Android), Objective-C (iOS), JavaScript (AJAX) applications. Security deployment and configuration review for IIS, Squid, MS SQL Server, MS Windows Server 2008 Tools: Burp Suit, WebScarab, Checkmarx, Firefox Firebug, Tamper Data, Cydia, dex2jar, JD-gui, wsfuzz, skipfish, w3af, Wireshark, Acunetix, Visual Studio TFS From November 2011 to December 2012 (1 year 2 months) Application Security Analyst @ Security Review of Software Design documents, Security Source code review, Applications Pen-Test. Take part as a Security Analyst in SDLC process for T-Mobile and Orange UK eCommerce projects. Check compliance of the software to the PCI DSS standard and OWASP, WASC best practices. Security source code audit and pentests for Java (SE, EE, Android), JavaScript (AJAX) applications. Tools: Burp Suit, WebScarab, HP Fortify, Firefox Firebug, Tamper Data, From June 2011 to November 2011 (6 months) Virus Analyst @ Analysis of computer viruses and other malware, research in computer viruses and software protection. Have proposed and developed own software project which helps to optimise computer viruses records management. Database design with PowerDesigner (ER, DEF1X notions), MySQL profiling and performance optimization. Development with Asm (x86,x64), C/C++, C#. Atlassian Confluence deployment for Knowledge Management inside team. Tools: Hiew, IDA Pro, HexRays, OllyDbg, WinDbg, DynamoRIO, Valgrind, Wireshark, + git, svn. From October 2008 to June 2011 (2 years 9 months) Research Engineer (Developer) @ Software development for smartphones. Languages: C/C++ Tools: make, gcc From March 2008 to September 2008 (7 months) Software Developer @ Software development of security related products, system services, COM/DCOM and communication over HTTP, TCP/IP, Telnet, FTP, SMTP. Languages: C/C++ (WinAPI, MFC) Tools: Visual Studio 2005, 2008 From October 2006 to February 2008 (1 year 5 months)

Master’s Degree, Computer Software Engineering @ Higher School of Economics From 2015 to 2017 specialist, Computer Security @ Saint Petersburg State Polytechnical University From 2003 to 2009 Eduard Kovalets is skilled in: Malware Analysis, Penetration Testing, Network Security, Reverse Engineering, Application Security, PCI DSS, C, C++, Python, SQL, IDA, MySQL, VMware, Web Application Security, Security Research