Mark Clarke, Developer in Johannesburg, Gauteng, South Africa
Mark is available for hire
Hire Mark

Mark Clarke

Verified Expert  in Engineering

Security Developer

Johannesburg, Gauteng, South Africa

Toptal member since September 28, 2022

Bio

Mark possesses an unquenchable passion for technology, coupled with a diverse skill set and a relentless pursuit of knowledge. His firm belief is that true mastery lies in deciphering how all the components intertwine to construct a system that transcends the sum of its parts.

Portfolio

Jumping Bean Solutions
System Security, Java, Design Consulting, AWS RDS, AWS Lambda...
Jumping Bean
ICT Training, Cybersecurity, Cloud Engineering, DevOps, Training
Jumping Bean
IT Infrastructure, SIEM, Cybersecurity, Intrusion Prevention Systems (IPS)...

Experience

Availability

Part-time

Preferred Environment

Python 3, Linux, Bash, Java, PHP, PostgreSQL, Cloud

The most amazing...

...thing I've done recently was deploying SIEM monitoring using Wazuh for a client and providing essential hardening and monitoring services.

Work Experience

IT Consulting

2012 - PRESENT
Jumping Bean Solutions
  • Developed and delivered training courses around various topics from Java to Cyber Security. I obtained the Certified EC Council Instructor (CEI) and Certified Technical Trainer (CTT).
  • Developed applications to assist with the processes at Jumping Bean. This included rolling out a mesh network to enable a flat network between on-premises and off-premises computing resources.
  • Ran projects to launch successful eCommerce websites to support new business lines. This included rolling out an ERP system to support the back-end processing and financial accounting.
Technologies: System Security, Java, Design Consulting, AWS RDS, AWS Lambda, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), System Security, Kubernetes, Google Cloud Development, LDAP, Penetration Testing, System Security, Software Architecture, Suricata, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), System Security, Architecture, IDS/IPS, Vulnerability Identification, Authentication, Cybersecurity, pfSense, System Administration, Application Security, Identity & Access Management (IAM), DevSecOps, Cloudflare, Apache, MySQL, OWASP Top 10, Computer Security, Compliance, Linux, Email, Bots, Security Audits, GRC, CISO

Trainer

2001 - PRESENT
Jumping Bean
  • Provided diverse cybersecurity training, including CEH, CISSP, CISM, and Security+.
  • Provided training in cloud infrastructure for AWS and GCP, covering AWS Cloud Architect, and GCP Cloud Engineer and Data Engineer certifications.
  • Conducted training in DevOps and application development, covering Python, Java, and PHP.
Technologies: ICT Training, Cybersecurity, Cloud Engineering, Training, DevOps

Technical Expert

2001 - PRESENT
Jumping Bean
  • Established the cybersecurity service offerings at Jumping Bean. This involved the development of services such as vulnerability assessments, penetration testing, forensic investigations, and infrastructure hardening.
  • Established a SIEM and SOC for a UK-based startup financial services client launching a mobile payment system for the unbanked in South Africa. This involved advising them on secure CI/CD and coding practices and advising on application architecture.
  • Implemented DevOps processes to harden servers and monitor system configuration via Ansible, which enabled clients to be more productive and make better use of their resources in a skills-depleted environment.
Technologies: IT Infrastructure, SIEM, Cybersecurity, Intrusion Prevention Systems (IPS), APIs, System Security, Network Protocols, Networks, System Administration, Computer Security, Linux

Manager

2001 - PRESENT
Jumping Bean
  • Virtualized the on-premise workloads. Implemented a centralized storage system and created a robust, fault-tolerant solution. Set up secure remote access and hardened servers.
  • Provided cyber security consulting services to clients, assisting them with the investigation, remediation, and recovery of compromised systems.
  • Implemented a SIEM to monitor and alert system security issues to ensure the company complies with the country's privacy laws. Confirmed that due care was taken to ensure the safeguarding of company assets.
Technologies: PHP, Python, Java, Bash, Linux, Ceph, PostgreSQL, Postfix, System Security, SIEM, Suricata, Authentication, Linux

IT Manager

2000 - 2001
First National Bank (South Africa)
  • Helped build, maintain, and troubleshoot one of the first data warehouses built by a financial institution in South Africa. Built data cubes and provided analysis services to internal customers.
  • Managed a team of IT professionals to maintain and build the system.
  • Interacted with business stack holders to understand their requirements and manage deliverables.
Technologies: Bash, Linux, ETL, Data Warehouse, Data Warehouse, SQL, APIs, GRC

Auditor

1993 - 2000
PwC
  • Completed my articles and obtained the South African chartered account qualification. I was part of the then-nascent computer auditing division and performed compliance and security audits for financial statement purposes at financial institutions.
  • Completed information system audits and became CISA certified.
  • Led the audit team for the largest aluminum producer in South Africa.
  • Performed audits on the regional processing systems for Barclays banks and carried out a forensic investigation on government departments' human resources areas for fraud and corruption.
Technologies: Auditing, Information System Audits, Computer Security, Compliance, Security Audits, GRC

SIEM Implementation and SoC Services

I implemented a Wazuh SIEM for a client in the financial services industry based in the UK for mobile financial services provided for the mass market in South Africa. The solution monitored the customer's production and development services running in Azure.

I also assessed their mobile and back-end applications and their development practices and procedures to enhance security.

As part of our SoC services, we provided comprehensive reports for hardening their servers and reports for the financial regulators in the UK regarding cyber security compliance.

TechNews E-Publishing

I provided TechNews, an e-publishing and advertising company, security support and development services for their highly available, custom-built e-publishing platform. They had lost a critical technical resource during COVID-19 and required urgent help, which needed one to read the existing codebase, understand the undocumented architecture, provide security hardening services, and maintain the codebase to propose a new application architecture. The task involved reverse engineering custom binaries, automating certificate renewals and DNS propagation, and their ASP codebase.

UIF Form Submission Generator

https://github.com/jumping-bean/covidters
During COVID-19, the South African labor department required the generation of a spreadsheet for businesses to upload COVID-19 employment relief support to their website. The process was manual and buggy.

I wrote a web-based application to assist businesses with the generation of this form and released it as open source.

RIOT - Security Breach Consulting

The RIOT network, which provides WiFi connectivity to communities, engaged me to assist with their investigation and remediation of a security breach. I was required to review and suggest policies, and steps to harden their server infrastructure and improve their security posture.

Payment Gateway Integration

Wrote a payment gateway module in Python for Flectra, a Python-based enterprise resource planning (ERP) system. It was necessary to review the code to understand the API and the required callbacks and object-relational mapping (ORM) to implement the integration securely that accommodated the provider's API.

Media Processing Application

Wrote a Java microservices-based application to streamline a medium-sized company's social media posting process. This involved processing templates provided by graphic designers with input from marketers, such as text, dates, and prices, as well as resizing and cropping photos to fit the requirements of different social media platforms.
2001 - 2002

Associate's Degree in Computer Programming

University of South Africa - Pretoria, South Africa

1989 - 1993

Bachelor's Degree in Accounting

University of Natal - Kwa-Zulu Natal, South Africa

MAY 2022 - PRESENT

Ceritifed Information Security Manager Instructor

ISACA

JUNE 2020 - PRESENT

Certified Information System Manager (CISM)

ISACA

FEBRUARY 2020 - FEBRUARY 2022

Google Cloud Certified Professional Cloud Architect

Google Cloud

AUGUST 2019 - AUGUST 2022

AWS Certified SysOps - Associate

Amazon Web Services

AUGUST 2019 - AUGUST 2022

AWS Certified Solutions Architect Associate

AWS

AUGUST 2019 - AUGUST 2022

AWS Certified Developer Associate

AWS

JANUARY 2019 - PRESENT

CISSP

ISC2

JUNE 2017 - PRESENT

Certified Network Defender

EC Council

APRIL 2017 - PRESENT

Certified Hacking Forensic Investigator

EC-Council

AUGUST 2014 - PRESENT

Certifeid Ethical Hacker

EC-Council

AUGUST 2012 - PRESENT

Certified EC-Council Instructor

EC Council

AUGUST 2012 - PRESENT

Certified Technical Trainer

CompTIA

Libraries/APIs

Vue.js, Node.js, Java

Tools

Ansible, Suricata, System Security, pfSense, Apache, Postfix, Git, AWS IAM, AWS ELB

Languages

Java, PHP, SQL, Python, Bash, Python, VBScript, JavaScript

Platforms

Linux, Linux, AWS, Kubernetes, AWS Lambda, Cloud Engineering

Storage

PostgreSQL, Google Cloud Development, MySQL, Ceph, Spring

Paradigms

Penetration Testing, DevSecOps, ETL, DevOps

Industry Expertise

Cybersecurity, System Security

Frameworks

Spring Boot, Spring Core

Other

Design Consulting, System Administration, Computer Security, Ethical Hacking, Security, IT Security, System Security, CI/CD Pipelines, Dynamic Application Security Testing (DAST), System Security, CISSP, Ethical Hacking, Software Architecture, Risk Management, Vulnerability Assessment, Risk Assessment, Threat Modeling, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Architecture, IDS/IPS, Vulnerability Identification, Authentication, APIs, Network Protocols, Networks, Application Security, OWASP Top 10, Compliance, Email, Security Audits, GRC, Auditing, Information System Audits, Data Warehouse, Data Warehouse, System Security, SIEM, SCAP, Computer Science, Forensic Investigation, Information Systems, Instruction & Coaching, Instructor-led Training (ILT), AWS RDS, Cloud Engineering, IT Infrastructure, Static Application Security Testing (SAST), LDAP, System Security, Networking, IP Protection, Cloud Security, Identity & Access Management (IAM), Cloudflare, Bots, CISO, ICT Training, Training

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring