Yulia Paterson - Senior Security Engineer

Richmond, Canada

Experience

Mar 2024 - Dec 2025

1 year 10 months

Vancouver, Canada

Senior Security Administrator

Global Relay

Performed manual and SAST-based code reviews (SonarQube) and API scanning (Akto API scanner)
Deployed enterprise Secrets Management Solution with OpenBao (HashiCorp Vault fork), including KV2, PKI, Transit Secrets Engines, AppRole, LDAP, Kubernetes auth, OIDC/JWT auth, tokens, ACL policies and HA cluster auto unseal
Secured microservices communication using the SPIFFE/SPIRE identity framework, including nodes/workloads attestation, X.509 SVIDs, SPIRE Upstream Authority Vault plugin and multi-cluster identity federation
Developed Terraform (IaC) configurations with Vault provider for dynamic identity provisioning
Integrated SPIRE with Istio to provide SPIFFE-based workload identity and mTLS in a Kubernetes service mesh
improved Kubernetes cluster security by running kube-bench and remediating findings aligned with CIS Benchmarks
Designed and deployed an enterprise-grade PKI, enabling automated certificate enrollment, renewal and revocation
Implemented corporate-wide email security using DMARC, DKIM and SPF, reducing phishing risk by over 99%
Collected audit evidence for ISO 27001, SOC 2 and FedRAMP to ensure compliance

Sep 2023 - Mar 2024

7 months

Technical Consultant

Amazon Prime Air

Analyzed and verified safety-critical requirements in compliance with DO-178C using Jama Requirements Management
Managed Python verification packages, toolchains and automated regression testing

Nov 2022 - May 2023

7 months

Vancouver, Canada

Security Specialist

Corinex Communications Corp

Managed customer Public Key Infrastructure (PKI) requirements for one of the largest global energy companies
Migrated network PKI from RSA to Elliptic Curve Cryptography (ECC), enhancing performance and cryptographic strength
Trained a team of 4 developers and 2 QA engineers on PKI fundamentals and security testing
Developed and maintained PKI policies and procedures, including EST certificate enrollment, 802.1X authentication, trust chain updates, OCSP/CRL, certificates cross-signing and TLS extensions
Integrated Azure MQTT certificates into smart grid infrastructure to enable secure cloud-to-device messaging
Managed and operated Certificate Authorities, overseeing X.509 certificate lifecycle for millions of certificates

Nov 2020 - Oct 2022

2 years

Vancouver, Canada

Senior Software Engineer

Corinex Communications Corp

Developed embedded firmware supporting Enrollment over Secure Transport (EST) certificate enrollment, TLS, FTPS, OCSP, CRL and 802.1X EAP-TLS/EAP-PEAP
Configured RADIUS servers to support 802.1X authentication for network access control
Integrated an OCSP responder into the existing PKI and designed an OCSP/CRL caching solution for large-scale smart grid
Hardened TLS cipher suites to align with modern cryptographic best practices
Generated X.509 certificates and SSH keys for manufacturing and provisioning of IoT devices

Jul 2020 - Nov 2020

5 months

Vancouver, Canada

Firmware QA Engineer

Corinex Communications Corp

Designed and developed a Robot test automation framework covering TLS/DTLS, SNMPv3, PKI, RADIUS, FTPS, VLAN, TCP/IP, HTTPS, IPv4/IPv6, DHCPv6, NTP, DNS, SSH, Telnet, 802.1X authentication, embedded Linux and SQL queries
Built Jenkins pipelines to integrate the Robot test automation framework into CI/CD, enabling automated testing
Built Docker containers for deployment and testing of network applications

Aug 2016 - Dec 2019

3 years 5 months

Berlin, Germany

Software Engineer

gematik

Developed Java applications for Card-to-Card authentication, authorization and cryptographic key management
Built Java tools to generate, parse and validate X.509 certificates, CSRs, CRLs and OCSP requests/responses
Developed Java-based device control software for eHealth Chip Card Terminals
Conducted security review and analysis of smart card operating system specifications to ensure compliance

Oct 2015 - Apr 2016

7 months

Berlin, Germany

Research Assistant

Fraunhofer Institute for Applied and Integrated Security

Assessed application and system vulnerabilities using security metrics such as CVSS, VRSS, WIVSS, OWASP and PVL
Researched multiple threat and risk modeling frameworks to identify and mitigate security risks in the SDLC

Dec 2011 - Nov 2014

3 years

Paderborn, Germany

Software Engineer

Diebold Nixdorf

Implemented Secure Channel Protocols for ATMs and POS payment terminals using Java, C/C++ and JNI
Ensured secure processing, storage, and transmission of cardholder data in compliance with PCI DSS
Integrated HP Atalla, SafeNet and Thales HSMs into banking applications for world’s largest financial institutions
Applied Elliptic Curve Cryptography on Smart Cards in accordance with ISO/IEC 11770-3
Built an X.509 Certificate Tool to parse and validate certificates, CSRs, CRLs and OCSP requests/responses
Integrated Hard Disk Encryption solution to ensure encryption at rest

Oct 2010 - Nov 2010

2 months

Frankfurt, Germany

Intern

Deutsche Bundesbank

Developed and implemented optimization algorithms for yield curves modeling
Parsed and processed financial data from Bloomberg Terminals to support quantitative analysis

Skills

Cloud & Infrastructure

Kubernetes Security, Cis Benchmarks/kube-bench, Istio Service Mesh, Cert-manager, Terraform

Secrets & Key Management

Hashicorp Vault, Openbao, Azure Key Vault

Identity & Access Management

Oauth2/oidc/jwt, Saml/sso, Zero Trust, Spiffe/spire, Pam (Delinea Secret Server)

Cryptography & Pki

Symmetric/asymmetric Crypto (Rsa, Ecc), X.509 Certificate Lifecycle, Est/acme Enrollment, Pki Design
Ocsp/crl, Bouncycastle, Openssl, Mbedtls, Encryption At Rest/in Transit, Mfa (Duo)

Hardware Security

Hsms (Thales, Hp Atalla, Safenet), Tpm, Smart Cards, Atm/pos/iot Security

Security & Networking

Tls/mtls, Radius, 802.1x Eap-tls/eap-peap, Net-snmp, Wireshark, Tcpdump, Fortianalyzer
Nessus, Email Security (Dmarc, Dkim, Spf), Ad-based Network Rbac

Automation & Testing

Junit, Robot Test Framework, Ci/cd Pipelines, Hil/sil, Docker, Git, Jenkins, Argo Cd Vault Plugin
Sonarqube, Owasp Zap, Akto Api Scanner, Grafana For Monitoring/alerting

Programming