Code
Crimson
ExperienceProjects
Hello
My name is Mohamed Nur! I'm a Software Developer and Security Engineer based in Ottawa.
Code Crimson Software Development
by Mohamed Nur

Experience

IT Security

Lead Application Security Engineer
Canadian Digital Services August 2021 - Current
Currently owning efforts related to securing CDS's applications and infrastructure.
  • As Lead, I'm providing security expertise ranging from security architecture, to the implementation of security controls, and helping CDS products achieve Government of Canada compliance standards (ITSG-33).
  • Defining and leading the application & cloud security strategy..
  • Performing security code reviews, threat modeling, and providing recommendations and solutions on how to eliminate security vulnerabilities.
  • Built a serverless continuous accessibility and vulnerability scanner for CDS web apps (Python, Lambda, ECS Fargate, Step functions).
  • Built automation to provide asset inventory and actively audit the infrastructure for security misconfigurations (Terraform, ECS, SSO Proxy).
  • Built a file scanning API to support CDS products that required the ability to send files to AssemblyLine.
Senior Security Engineer
Canada Revenue Agency July 2018 - June 2021
Worked on the cloud and application security team.
  • Architected and launched the vulnerability management program for CRA's migration to Microsoft Azure and Amazon AWS.
  • Deployed vulnerability scanning tools to Microsoft Azure and Amazon AWS.
  • Built automation scripts using PowerShell to generate monthly vulnerability reports.
  • Planned, and Integrated a Web Application Firewall for CRA web applications not residing in the Cloud.
  • Built a PowerShell framework to help retrieve and collate web application firewall data to help analyze and identify threats against CRA Web applications.
  • Tested applications for security vulnerabilities.

Software Development

Senior Software Developer
Canadian Digital Services June 2021 - August 2021
Worked on the Covid Alert Server team.
  • Worked on the Python Covid Alert Metrics service and AWS Lambda metrics aggregator that receives millions of transactions a day.
  • Used Terraform to manage and provision Infrastructure as Code to development and production AWS environments.
Senior Software Engineer
Canada Revenue Agency August 2015 - July 2018
Worked on the redesign team for automated tax enforcement.
  • Built the backend system of a new automated debt enforcement distributed system that processes millions of transactions a day; Java/Mainframe hybrid
  • Architected a Business Rules Engine solution responsible for making automated tax enforcement decisions.
  • Implemented functionality into existing CRA systems in support of new tax policies. Java on the front-end and COBOL/Mainframe in the backend.
Software Engineer
Canada Revenue Agency December 2009 - August 2015
Worked on the Call Centre software team.
  • Programmed and maintained the Java software used by CRA call centres.
  • Converted legacy COBOL programs into standalone Java applications.
Junior Software Engineer
Scouts Canada December 2009 - August 2015
Worked on the team responsible for migrating from paper registrations to online.
  • Developed a web-based Java application using the Spring framework supporting 98,000 users using three tier object-oriented architecture and web services.
  • Integrated TD Canada Trust's payment API into the Scouts online payment system.

Projects

Somtrust
React
NodeJS
  • Full stack web application created using ReactJS, NodeJS, and MongoDB to solve a gap in the Africa's real-estate online marketplace.
  • Developed the majority of the NodeJS RESTful API and heavily contributed to the base front-end architecture.
  • Developed the Jenkin's DevOps pipeline to continuously deploy to Production
  • Architected and built the Amazon infrastructure. Let's Encrypt auto renewal, automated database backups, and custom health check scripting