Alexis Lowe

• Subject matter expert on Terraform and Terragrunt within the Tech department, offering guidance and expertise on these tools.
• Helped lead a significant migration project following the acquisition of Greetz, effectively resolving intricate challenges within a Multi-Tenancy/Multi-instance architecture. Moreover, I utilised my language skills to assist with translations and assisted the UK Tech teams in gaining a better understanding of the Dutch customer base.
• Established a standardised framework for deployments and repositories, specifically designed to assist with the migration project.

• Developed and implemented the team's processes for vulnerability management.
• Implemented a secrets detection system within the pipeline and established a robust process for efficiently handling leaked secrets.
• Designed and implemented a logging and alerting mechanism for AWS GuardDuty by leveraging Slackbot.
• Established contact points and channels of communication between the Product Security team and the rest of the engineering department.
• Offered engineering support to the Security Operations team during the development of their SIEM (Security Information and Event Management) project.

• Lead and subject matter expert on logging infrastructure projects providing reliable logging collection and analysis for diverse technologies.
• Provided thought leadership and tech knowledge on CI/CD pipeline improvement projects.
• Designed, built and maintained fully automated CI/CD pipelines using Jenkins for deployments to AWS serving both cloud and on-premise systems.
• Used modern DevOps tooling such as Ansible, Terraform and Troposphere to automate deployment and configuration of systems at scale with a focus on reproducibility and testability.
• Led the team to greater delivery velocity through process improvements leveraging standard engineering practices and automation using Git, Github and JIRA.
• Worked on automating a number of operation workflows using tools such as Python, Bash and Make.
• Developed dashboards and monitoring capability using Datadog to provide proactive detection of issues and visibility on service usage.
• Used performance testing and metrics to create and fine-tune scalable platforms and maximise cost savings.
• Developed guidelines, provided knowledge and took part in threat modelling sessions for hardening and secure usage of containers.
• Consulted and contributed to the design and architecture of security solutions.
• Capital One Cyber Security Meetup Organiser.

• Performed API and Web application penetration tests including customer facing banking applications and PSD2 open banking API.
• Automated pentest report creation using Python, shared via Git and Jira.
• Wrote scripts for developers to retest vulnerabilities after applying their fixes.
• Guided developers in secure coding practices.

Within the framework of a year’s industrial placement from the University of Birmingham worked in the Group Information Assurance division of Computacenter. Worked on ISO27001 compliance, performed infrastructure pentesting, contributed to creation of security operations centre and contributed to the creation of vulnerability management process.

Received a two-week training with the stock manager and then was entrusted with stock management responsibilities. Acquired time management and organisation skills during this period.