Summary
Overview
Work History
Education
Skills
sections.external_links.name
Certification
Affiliations
Awards
References
Timeline
Generic

Damilola Oyedepo

Festac Town,Lagos State

Summary

Security Leader with 5+ years of hands-on experience in application and network security, threat modelling, and incident response. Proven ability to lead security teams, develop enterprise-wide security policies, and align security practices with business goals. Skilled in mitigating critical vulnerabilities, managing compliance initiatives (ISO 27001, PCI DSS, GDPR), and driving security awareness across technical and executive stakeholders.

Overview

6
6
years of professional experience
1
1
Certification

Work History

Application Security Analyst

Kora
Lekki, Lagos
2024.07 - 2025.05
  • Evaluated third-party vendors' software for security vulnerabilities and compliance with industry standards.
  • Conducted regular security audits to assess the effectiveness of existing security measures.
  • Collaborated with engineering leadership to embed secure SDLC practices and set strategic direction for application security initiatives
  • Created and maintained documentation related to security protocols and risk assessments.
  • Supported incident response teams by analyzing application-related security incidents and providing insights.
  • Participated in security risk assessments for new applications and updates to existing ones.


Lead, Security Analyst

PROMETHEAN CONSULT LIMITED
Lekki, Lagos
2022.09 - 2025.05
  • Investigated and mitigated real-world security incidents, including API key leakage and unauthorized access attempts, reducing breach risks by 30%.
  • Directed implementation of OAuth 2.0 and MFA across core systems, aligning with enterprise IAM strategy.
  • Identified an unprotected API endpoint on one of Promethean Clients environment that exposed sensitive information of ex-employees, including names, emails, phone numbers, addresses, account numbers, and BVNs. Implemented authentication and authorization controls, along with API rate limiting and logging, to prevent unauthorized data exposure.
  • Deployed and managed Symantec endpoint protection across all entities, configuring rules to block USB drives, blacklisting URL and more.
  • Led penetration testing exercises on client applications, uncovering business logic vulnerabilities and access control flaws before deployment.
  • Developed custom security policies for cloud-hosted applications on OVH Cloud, reducing unauthorized access attempts by 40%.
  • Provided hands-on secure coding training to developers, reducing repeat security misconfigurations by 25%.
  • Monitored SOC operations, enhancing SIEM log correlation for faster threat detection.
  • Developed and enforced application security monitoring, policies, procedures, and standards.
  • Prepared detailed security reports and presented findings to senior management, influencing strategic security decisions.

Information/Application Security Analyst

STANDARD BANK (STANBIC IBTC)
Victoria Island, Lagos
2020.01 - 2022.09
  • Led secure code reviews for over 50 applications, detecting SQL injection, broken authentication, and insecure API calls, reducing vulnerabilities by 40%. This was achieved with the combination of automated SAST tool and manual source code review.
  • Reviewed source code (Java/J2EE/Spring/FTL/JavaScript) and developed security filters within Fortify on Demand for critical applications.
  • Investigated a sophisticated phishing campaign where attackers mimicked HR emails to steal employee credentials.
  • Influenced executive decision-making by presenting threat intelligence and risk assessments to senior stakeholders
  • Discovered and mitigated a race condition vulnerability in a internet-banking transaction processing system, where concurrent requests could manipulate account balances. I recommended the implementation of locking mechanisms and atomic database transactions to ensure consistency.
  • Discovered and remediated a vulnerability caused by poor session management, where user sessions remained active beyond logout. Implemented token invalidation and session expiration controls, reducing unauthorized access risk.
  • Managed Cloudflare WAF by regularly reviewing and finetuning rules and ensuring all traffics passes through WAF gateway.
  • Fostered mobile security advancements through stakeholder collaboration, refining security scanning tools, and updating policies.
  • Performed comprehensive security assessments and penetration testing specifically for web and mobile applications.
  • Implemented secure coding practices, educating the development team through workshops which decreased common security flaws (such as XSS and SQL injections).
  • Collaborated with development teams to integrate security measures from the initial phases of software design to deployment, ensuring all applications comply with industry standards (e.g., OWASP, PCI-DSS).
  • Collaborated with IT departments to ensure security best practices were integrated in all technology projects.
  • Delivered security awareness training sessions, improving knowledge of cyber threats across the organization.

Vulnerability Assessment and Penetration Tester

BOCH SYSTEMS COMPANY LTD
Ikeja, Lagos
2019.02 - 2020.01
  • Utilized a variety of tools (e.g., Metasploit, Nmap, Burp Suite) to conduct thorough security assessments, gaining comprehensive hands-on experience in ethical hacking methodologies.
  • Conducted black-box and white-box penetration tests on financial applications, uncovering authentication bypass flaws that could enable account takeover attacks.
  • Simulated real-world attacks using Metasploit, demonstrating how misconfigured firewalls exposed sensitive data, exploiting vulnerabilities like MS-010 to gain remote control access.
  • Participated in the development of employee training programs focusing on security best practices and threat awareness.
  • Maintained continual awareness of emerging malware threats, innovating solutions to defend systems.

Education

Bachelor's Degree - Management Technology

BELLS UNIVERSITY OF TECHNOLOGY
Otta, Lagos

Master of Science - Project Management

BELLS UNIVERSITY OF TECHNOLOGY
Otta, Lagos

Skills

  • Security Leadership & Strategy: Security Program Development, Governance & Risk Management, Team Mentorship, Policy Design, Executive Reporting
  • Technical Proficiency: Application & Network Security, Secure SDLC, SAST/DAST, SIEM, WAF, Firewall Configuration, Endpoint Protection, Threat Modeling
  • Compliance & Frameworks: ISO 27001, GDPR, PCI DSS, OWASP Top 10
  • Tools: Fortify, Nessus, Qualys, Appknox, Burp Suite, OWASP ZAP, Nmap, Wireshark, Cloudflare WAF, Symantec Endpoint, Postman, Kali Linux
  • Project Management: Microsoft Office Suite, Gantt Charts, WBS

Certification

  • Certified in Cyber Security by ISC2
  • Certified Penetration Tester by GAQM
  • Comptia Security+
  • External Penetration Tester by TCM Security
  • CEH in-view by EC-COUNCIL
  • Penetration Testing and Hacking by Cybrary
  • Sophos firewall Engineer
  • Certified API security analyst

Affiliations

  • GAQM membership
  • ISC2

Awards

  • Certificate of Recognition for Outstanding performance for Boch Systems
  • Staff of the Year for Promethean Consult

References

References available upon request.

Timeline

Application Security Analyst

Kora
2024.07 - 2025.05

Lead, Security Analyst

PROMETHEAN CONSULT LIMITED
2022.09 - 2025.05

Information/Application Security Analyst

STANDARD BANK (STANBIC IBTC)
2020.01 - 2022.09

Vulnerability Assessment and Penetration Tester

BOCH SYSTEMS COMPANY LTD
2019.02 - 2020.01

Bachelor's Degree - Management Technology

BELLS UNIVERSITY OF TECHNOLOGY

Master of Science - Project Management

BELLS UNIVERSITY OF TECHNOLOGY

Similar Profiles

CREATE PROFILE
Damilola Oyedepo