Daniel Clarke
Verified Expert in Engineering
IT Security Developer
Málaga, Spain
Toptal member since November 4, 2022
Daniel has 15 years of experience building information security in SaaS environments, including introducing DevSecOps, OWASP SAMM, penetration testing, threat models, static analysis, security monitoring, security incident and event management (SIEM), security operations center (SOC), and incident response. The company he works for has achieved SOC 2 Type 2 and HIPAA certifications and compliance with the general data protection regulation (GDPR).
Portfolio
Experience
Availability
Preferred Environment
Amazon Web Services (AWS), TypeScript, Terraform, AWS CloudFormation, Node.js, AWS Lambda, SQL, SaaS
The most amazing...
...thing I've developed is a GitHub posture management tool that scans GitHub configuration for compliance and source code security. It runs as SaaS in AWS.
Work Experience
Cybersecurity Leader
Telefónica
- Achieved and maintained SOC 2 Type 2 certification by managing continuous compliance and security automation. This work included implementing and auditing information security controls, such as risk management, HIPAA, HITRUST, and ISO 27001.
- Deployed security tools from the Open Web Application Security Project (OWASP) and other sources for use in CD pipelines with Terraform and CloudFormation.
- Managed security for continuous deployment pipelines that updated the production environment.
- Led container security for Docker with vulnerability management and dependency reputation.
- Performed posture management solutions to ensure all managed services were correctly configured and monitored.
- Implemented security monitoring with automation to detect and escalate security events.
- Managed privacy for various applications delivered as Software-as-a-Service (SaaS) for different markets. This included privacy policies, consent management, data subject rights, and privacy-by-design for associated research activities (AI).
- Managed security-by-design and privacy-by-design for different cultures and jurisdictions such as GDPR (EU), PIPEDA (Canada), HIPAA (US-Healthcare), and Singapore.
Cyber Security Architect
Schneider Electric
- Produced architectural specifications that refined marketing requirements, regulations, applicable international standards, and end-user environments into inputs for product implementation.
- Assured security for a range of products, supported a large department to take responsibility for the security of their product lines and provided training, expert consulting, security services, and follow-up on product quality.
- Created security models that allowed security to be layered onto existing systems without disrupting operation. For example, wrapping insecure protocols in TLS, providing network segmentation and perimeter security.
Software Security Architect
SONY
- Built software in C++ for media distribution to televisions and home computers.
- Developed and deployed build automation that increased the difficulty of reverse engineering.
- Solved problems in concurrency and multi-threading in low-level system processes.
Security Engineer
Cognotec
- Understood complex business and pricing models and translated them to financial algorithms that support currency trading in a regulated environment.
- Added automated testing and static analysis to the build pipelines.
- Re-engineered the company tooling matrix to modern source code management and continuous integration model.
Technical Lead
Amadeus
- Introduced DevSecOps activities, including threat modeling and static analysis.
- Built middleware libraries for high-performance management of data and CD pipelines.
- Developed a large-scale system in C++, processing tens of thousands of transactions per second.
- Solved multiple production environment problems in Linux.
Experience
Gitrospect
http://www.gitrospect.comThe solution is delivered as software as a service, running in AWS public cloud using Cognito Federated to GitHub for authentication, RDS and S3 for data storage, ALB for load balancing, Lambdas for some point actions, Docker for computing, and Angular for the front end.
Terraform for Defect Dojo
http://www.github.comTo assure security, the deployment uses managed security features of AWS, which protects users by avoiding vulnerabilities that may occur over time in the event of a deployment that is not actively maintained.
Education
Master's Degree in Computer Science
Trinity College - Dublin, Ireland
Certifications
Lead Auditor ISO/IEC 27001 Information Security
The British Standards Institution 2022 (BSI)
Certified Information Privacy Manager (CIPM)
International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional/Europe (CIPPE)
International Association of Privacy Professionals (IAPP)
Certified Information Systems Security Professional (CISSP)
(ISC)²
Skills
Libraries/APIs
OpenID, Node.js, Amazon EC2 API
Tools
Amazon Cognito, AWS SDK, GCP Security, Terraform, AWS CloudFormation, Visual Studio
Languages
C++, C, SAML, TypeScript, SQL
Frameworks
AWS Well-Architected Framework, NestJS, Angular
Paradigms
DevSecOps, Web Architecture, HIPAA Compliance, DevOps
Platforms
AWS Lambda, Linux, AWS ALB, Amazon Web Services (AWS), Oracle, Docker, Kubernetes
Industry Expertise
Cybersecurity
Storage
Amazon S3 (AWS S3), Oracle RDS
Other
SaaS, GDPR, System Architecture, Crypto, Threat Modeling, Secure Coding, Secure Containers, Amazon RDS, Data Privacy, Information Security Analysis, Information Security Management Systems (ISMS), ISO 27001, SOC 2( Service Organization Control), Data Protection, Software Architecture, Risk Management, Vulnerability Assessment, Security, Security Architecture, IT Security, Authentication, Cloud, SecOps, Architecture, CISO, Compliance, Regulations, International Data Privacy Regulations, Data Security, Web Security, AWS DevOps, Identity & Access Management (IAM), Cloud Security, CI/CD Pipelines, Application Security, ISO 27002, Privacy, Business Strategy, Single Sign-on (SSO), User Authentication, SAML-auth, SaaS Security, Regulatory Management, Regulatory Compliance, Data Mapping, Privacy Impact Assessment (PIA), Data Transfers, Incident Response, Vendor Management, Security Testing, HITRUST Certification, OWASP, APIs, Risk Assessment, NIST, SIEM, Personal Information Protection and Electronic Documents Act (PIPEDA), California Consumer Privacy Act (CCPA), Anti-tampering, Digital Rights Management (DRM), Vulnerability Management, Static Analysis, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Cryptography, Algorithms, Data Structures, PCI Compliance, Pipelines
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring