Skip to content
 

About Me

gradPhoto-circle

Andrew Ursu

Software Engineer and Security Champion
Simon Fraser University

My background, interests and goals

I am a recent graduate from Simon Fraser University who has experience in both Software Development and Cybersecurity. In the sections below I expand on my various work experiences and projects.

At this time, I am actively seeking opportunities new graduate roles that align with my interests. If you would like to connect, please don't hesitate to reach out to me via LinkedIn.

Skills

  • Python
  • AWS
  • Burp Suite
  • Backend Development
  • Docker
  • SAST/DAST Tools and Analysis
  • SCA Tools

 

Relevant Work Experience

SAP-Logo-History-6-864x540_processed

Security Engineer Intern

As a security engineer intern I helped advance security inside SAP by creating various Python programs and projects that automated security scans, linked various security scans results to teams and found compliance issues inside projects that use open source repositories. These programs often used various security tool APIs that were queried for security scan data and results.

I also assisted developers with various security issues and offered solutions that would remediate the relevant issue.

Finally I managed and hardened our Jenkins server and debugged various failures and errors with critical jobs that generate JWT tokens. This was important as it allowed to get these jobs up and running fairly quickly again which prevented serious outages and downtime.

Tools and Technologies employed:

  • Python
  • Jenkins
  • Docker
  • Checkmarx One SAST
  • Mend SCA 
LifeLabs_logo_rgb_300dpi

Application Security Analyst Co-op

As an application security analyst my main focus was analyzing various security scan results and then determining if said results are a real vulnerability or not. These scans were both static (SAST) and dynamic (DAST) and as a result analyzing them I learned about many types of vulnerabilities in code and how to secure said vulnerabilities. Additionally I gained experience working with pipelines and setting up automated security scans to work with our entire DB.

I also gained exposure to the world of security metrics where I used Python to automate LifeLab's application security report generation. These reports would map out which applications are deemed the most vulnerable by our scanners and would give the Application Security team a good idea of the overall security posture of our applications. I then used a visualization tool called to Grafana take the various reports and automatically display them on an analytics dashboard. This dashboard was invaluable in conveying vulnerability information in a quick and concise manner to various stakeholders in both the security and development teams at LifeLabs.

Tools and Technologies employed:

  • Python
  • Azure DevOps
  • Burpsuite
  • Checkmarx SAST and SCA
  • Grafana
porton-health-logo@+800

SysAdmin/Devops Co-op

In my role as a sysadmin at Porton Health, I took charge of managing and optimizing the company's digital infrastructure. Collaborating closely with developers, I provided support for their development environment and assisted them in utilizing the powerful Porton MongoDB database. Moreover, I played a crucial role in guiding the organization through the Log4J security crisis, ensuring a secure and resilient system.

Beyond maintenance, I actively worked on expanding the existing infrastructure to enhance its functionality. A notable accomplishment was migrating our backend system, OSCAR, from a local server to the cloud using cutting-edge technologies like Docker and AWS. This transformation empowered us to effortlessly deploy multiple OSCAR instances within a short span of time.

In addition to these accomplishments, I also created a bash script that automatically cleaned up log files, preventing them from accumulating and causing storage issues.

Tools and Technologies employed:

  • Docker
  • AWS
  • SQL
  • MongoDB

Highlighted Projects

MXRLogoText1

Maximus Rose Insurance App

Created an innovative insurance app exclusively for Maximus Rose Clients, providing them with seamless access to all their services in one convenient location. No longer do clients need to juggle multiple links for their diverse range of services.

Throughout this project, I collaborated closely with another developer and a business co-op who served as our main liaison with the company. Establishing crystal-clear communication was paramount to our success. Additionally, I took charge of developing several service link pages, alongside a feature that allowed users to effortlessly store their personalized Rexall discount QR code directly within the app.

Tools and Technologies used:

  • React Native
  • Expo Go
  • Android Studio Emulators
  • Figma

 

Login page
gitlab-logo-100-1

 

Gitlab Analyzer Project

I collaborated with a team of 8 to create an innovative web application that evaluated students' code based on various factors such as lines added, subtracted, and replaced.

As a member of the backend team, I was responsible for designing a page that showcased all the previous reports generated. Furthermore, I developed a cutting-edge scoring algorithm that accurately calculated each student's score. This involved closely collaborating with the professor to gather specific requirements and spending countless hours meticulously debugging intricate scenarios. This experience not only enhanced my technical expertise but also honed my ability to work effectively in a team.

Tools and Technologies used:

  • Java
  • Spring Boot
  • MongoDB

 

Analysis - Graphs
Amazon_Web_Services-Logo.wine

 

Cardify

Collaborating with a team of four, we successfully transformed an open source flashcard app into a serverless cloud setup.

Utilizing the power of Lambda, I crafted individual microservices for each functionality, seamlessly integrating them into an API via API Gateway. Additionally, I harnessed the capabilities of DynamoDB and Cognito to securely store user credentials and valuable card information.

Tools and Technologies used:

  • Lambda
  • API Gateway
  • DynamoDB
  • Amplify
  • Cognito

 

cardify