About

Experienced application security engineer with an origin as a software developer. Primarily focused on web-based application security with a special interest in TLS and supply chain related subjects. Experienced in providing technical leadership in relation to application security, as well as engaging with teams to improve the security of systems and applications that they develop and maintain. Passionate to be a part of the community and giving back to the community. Additionally, enjoy spending personal time performing personal security-related research.

Personal blog is available at https://blog.sean-wright.com.

Professional Experience

Featurespace

Head of Application Security

October 2023 - Present

Responsible for leading the overall security of the software products and services provided to customers, primarily serving as an SME for the organization.

Roles and responsibilities include:

  • Help build out organisation's application security function
  • Help implement appropriate tooling (such as SCA and DAST)
  • Research and review current vulnerabilities in 3rd party components used within the product
  • Respond to queries from customers regarding the security related aspects of the product
  • Work with Engineering teams to help review proposed solutions as well as resolve existing vulnerabilities within the product
  • Carry out appropriate security testing and reviews
  • Help formulate the organisation's vulnerability management programme
  • Direct line management

Featurespace

Principal Application Security Engineer

April 2022 - October 2023

Responsible for the overall security of the software products and services provided to customers, primarily serving as an SME for the organization.

Roles and responsibilities include:

  • Help build out organisation's application security function
  • Help implement appropriate tooling (such as SCA and DAST)
  • Research and review current vulnerabilities in 3rd party components used within the product
  • Respond to queries from customers regarding the security related aspects of the product
  • Work with Engineering teams to help review proposed solutions as well as resolve existing vulnerabilities within the product
  • Carry out appropriate security testing and reviews
  • Help formulate the organisation's vulnerability management programme
  • Direct line management

Immersive Labs

Principal Application Security SME

May 2020 - March 2022

Responsible for leading and managing application security content product used by customers for training their internal staff.

Roles and responsibilities include:

  • Develop and manage overall strategic direction for application security product
  • Work with customers to identify needs and desires, incorporating feedback into strategy
  • Public webinars and company blogs on application security related topics
  • Manage team responsible for developing application security content
  • Perform research on application security related topics
  • Serve as SME on application security topics for internal engineering team

Secureworks

Lead Software Security Engineer

August 2015 - May 2020

Technical team lead responsible for leading team to achieving overall security of organisation’s internally developed software and services.

Such goals included the following:

  • Architect systems from a security perspective
  • Provide security guidance and training to teams
    • Training sessions such as brown bags
    • Demonstrate findings to teams, illustrating how an attacker would leverage the finding
    • Training material such as wiki pages
  • Perform manual penetration tests on both internal as well as third party systems
  • Review and triage results from scans as well as outside penetration tests
  • Drive integration and selection of security tools within the department
  • Shape and formulate security related procedures as well as standards within the department
  • Software development of security services and libraries


Senior Software Security Engineer

January 2013 - August 2015

Worked within a team responsible for overall security within the company's engineering department.

Responsibilities included:

  • Providing guidance and advice relating to security to team members
  • Perform penetration tests as well as investigate identified security related issues and vulnerabilities
  • Formulate numerous security related procedures with the company's engineering department
  • Help develop and maintain security related libraries which are used by development teams


Software Development Engineer

March 2011 - January 2013

Developed new resources on new Java based REST API services. Moved onto development of client portal web application.

Responsibilities included:

  • Development of new resources on REST API service
  • Writing unit tests for new resources
  • Code review of peers’ work
  • Development of new features for client portal
  • Fixing bugs identified in the client portal

Yell Adworks

Systems Engineer

May 2010 - March 2011

Development on company’s new Java EE workflow management system.

Responsibilities included:

  • Working with the team to define requirements for new features
  • Development of new features
  • Writing unit tests (Junit) and integration tests (Selenium)
  • System support
  • Development on load custom test framework (written in Java, making use of JUnit and Selenium)

Forcelink Solutions

Senior Java Developer

August 2009 - May 2010

Sister company to Acumen Software. Continued with same responsibilities as previous role.

Acumen Software

Senior Java Developer

May 2008 - August 2009

Development on company’s newly developed, Java EE based, workforce management product Forcelink.

Responsibilities involved:

  • Development of new features of the product
  • Working with management to form set of requirements for the new features
  • System administration of product’s database (MySQL) and application server (Glassfish)
  • System administration of company servers

Accomplishments:

  • Helped to build out initial Java based mobile application

2Cana Solutions

Software Developer

January 2008 - April 2008

Developed and completed PL/SQL scripts for the clients Oracle database system. Completed extensive modifications on XSLT style sheets to customise the statements which were posted to the client's customers. Performed an initial investigation in the rewrite of the organisation’s Java based application, which was used to schedule the execution of PL/SQL scripts.


Business Connexion

Software Developer

November 2006 - December 2007

Worked on customer’s C based point of sale system. Managed to turn around the customer’s project to integrate card payment terminals within their point of sales system.

Other responsibilities involved:

  • Implementation of new features with the customer’s payment system
  • Working with customer’s business analysts to form set of requirements for new features, as well as enhancements to existing features
  • Help to guide and mentor new team members
  • Help QA team with their testing of software before release

Other accomplishments:

  • Tasked with the rollout of the new payment integration system across all the customer’s sites throughout South Africa as well as within Africa
  • Worked with 3rd party vendors to help investigate and trouble shoot issues
  • Investigated and presented business case to replace ageing point of sale system
  • Started initial discovery work on a mobile based Java application for a pin entry device
  • Started initial investigation into how the newly formed PCI DSS standards would affect the customer

Research

Findings and vulnerabilities identified by myself or collectively with others.

Personal Research

Google

Logitech

Motorola

Navigate CMS
A full writeup of all findings below is available on the page Navigate CMS.

Scottish Power

Sky

Ubisoft


Professional Research

Carbon Black

ElectricCommander

Facebook

Lastline

TP-Link

Talks

Presentations

Below is a collection the video recordings of presentations that I have given:

Podcasts

Below is a list of the recodings of the following podcasts that I have taken part in: