Profiles search

Rob Nelson

Information Security Analyst (Product Engineering) at Equinix
Oakland, CA, United States

Details

Experience: 2020 : Present

Equinix

Information Security Analyst (Product Engineering)

2009 : 2020

eTouch Systems

Senior Software Engineer

The initial FICO project consisted of developing Java servlet filters for a hosted web application. We also modified one of their existing applications to authenticate with Okta, a third-party identity management service. Later, I worked on moving FICO’s application from hosted servers to AWS. After a brief hiatus, I resumed working on the FICO project, mainly focusing on AWS Java implementations. We managed all the client issues in Rally/Jira and had extensive sprint planning sessions every two to four weeks.

• Designed and wrote a Java servlet filter to authenticate users against Okta using OpenID Connect

• Converted a collection of REST APIs to add, update, and delete JWT Tokens in AWS DynamoDB instead of in LDAP

• Created a Java API to dynamically create AWS credentials and Client objects for accessing AWS S3

• Developed new Java servlet filters and REST APIs to authenticate and authorize FICO users using the OAuth 2.0 servlet authorization code flow

• Modified existing Java packages to authenticate FICO users with Okta, a third-party single-sign-on identity service

• Constructed JUnit test suites with Mockito objects that ran automatically during Maven and Jenkins builds; these tests improved package code coverage by 75%

• Configured new UNIX servers to convert one of FICO’s primary applications from hosted servers to AWS

• Wrote a UNIX shell script package to automatically launch and configure new AWS EC2 UNIX servers

• Developed a CRUD REST API to sync group and user data between LDAP and Okta

• Created flexible exponential backoff code to allow any Java method to be called with built-in retry logic

• Maintained software documentation and performed Crucible code reviews to improve the development process and simplify the transition of the software to FICO

Environment : Unix, Java/JSP, AWS, Rally/Agile Development, Docker, Kubernetes, REST APIs, Servlets

2013 : 2020

eTouch Systems

eTouch Projects - FICO

On the Eli Lilly Aws ZeroTrust project, my main role was as an AWS IAM developer. Eli Lilly needed clients to be able to create new AWS resources as necessary but not delete or modify a subset of existing resources. After integrating with the Eli Lilly AWS team, I primarily worked on generating AWS IAM policies, especially with regards to protecting specific CloudFormation stacks with a policy boundary, a new feature rolled out by AWS only a few months ago.

• Developed a UNIX shell script to recursively extract all AWS resources generated by a CloudFormation stack and create an IAM policy boundary to restrict access to each of those resources

• Created and applied multiple AWS IAM policies to restrict AWS resource access

• Investigated alternative ways to restrict access using IAM policies, including filtering on tags or using wildcards to filter on resource names

• Worked on converting a set of manual AWS steps to a CloudFormation template that could be executed automatically

Environment : AWS (IAM, CloudFormation), Shell Scripting

2018 : 2018

eTouch Systems

eTouch Projects - Eli Lilly

Google 2016

GGRC (Google Governance, Risk, and Compliance) is an open source, hosted Docker application that stores compliance data for organizations. Previously, the application supported only permanent deletes, but Google wanted to add a soft delete feature to the application, and we had to give an estimate for how long it would take to implement this.

• Installed and configured a local test instance of GGRC

• Wrote documentation to present our initial estimate to Google and a design document to record our later findings

• Assessed the GGRC application to determine all MySQL tables, source code files, and scripts that would need to be modified

Environment : Unix, Python, MySQL, Docker

2016 : 2016

eTouch Systems

eTouch Projects - Google
Company: Equinix

About

• 14 years of software engineer experience

• 5+ years of extensive AWS experience (EC2, S3, CloudFormation, Route53, DynamoDB, VPC, Lambda)

• 10+ years Java, 8+ years shell scripting experience

• 11 years of IAM and security experience (OpenAM, Okta, LDAP, OpenID Connect)

• Worked on a diverse set of environments (Unix, Windows, AWS, Kubernetes, Docker)



Specialties:

COMPUTER LANGUAGES:

Java, UNIX shell scripts, HTML, JavaScript, JSP, XML, Servlets, REST APIs, TestNG, JMeter, ColdFusion, C/C++, CSS



DATABASES:

MySQL, Oracle, MS SQL



NETWORK SERVICES:

Unix, Amazon Web Services, Google Cloud Platform, OpenStack, Apache Tomcat, LDAP, Active Directory, SSL, OAuth 2.0, OpenID, Okta, IIS, Windows Server, Sun Web Server, Oracle Access Manager/OpenSSO, Nginx, ejabberd, SAML



DEVELOPMENT TOOLS:

CVS/SVN, Git, Eclipse, Crucible (code review), Sonar (code coverage), Maven, Jenkins, Ant, Rally/Agile Development, Firebug, VirtualBox, PowerMock/Mockito, Docker, Kubernetes, Jenkins, Artifactory, Jira, CyberArk