Psguy - Software Developer with 5 years in mobile and web applications

Used extensively for front-end development and interactive web features.

Developed cross-platform mobile applications utilizing React Native framework.

Managed codebases and collaborated with teams through Git repositories.

Participated in sprint planning, daily stand-ups, and iterative development processes.

Served clients including multiple state-owned banks, joint-stock commercial banks, leading insurance companies, and internet financial platforms, providing comprehensive security services including penetration testing, incident response, vulnerability remediation, security consulting, security hardening, and compliance remediation., Led penetration testing of core business systems for a bank in Hangzhou, China, discovering multiple high-risk vulnerabilities (including file upload bypass, user privilege escalation, and business system RCE), ultimately helping the client avoid potential data breach risks worth tens of millions., Participated in the 'Cybersecurity Level Protection 2.0' assessment project for a joint-stock bank, assisting in the implementation of remediation solutions across five major security domains including network architecture, host systems, application systems, databases, and operations management, achieving a 100% remediation closure rate., Participated multiple times in red-blue team exercises. While providing blue team support for a fintech platform, quickly identified red team 'whitelist phishing + lateral movement' paths through anomalous log analysis and blocked the attack chain, being designated by the client as the 'primary contact for high-risk response.', Participated in the 2022 Hangzhou Asian Games financial system security protection project. During on-site analysis/emergency response duties: accurately identified APT attack traffic characteristics (using C2 server communication, domain rotation techniques); quickly located attack sources and conducted attribution analysis through ThreatBook threat intelligence and Splunk log aggregation platform; successfully assisted clients in locating two compromised hosts, completing network isolation, log extraction, and EDR detection verification., Collaborated with DBAPPSecurity's proprietary security platform, Security Operations Center (SOC), and client CIO teams in daily projects, demonstrating excellent communication and project management capabilities., Independently completed technical solution writing, attack-defense report writing, client reporting, and project summary outputs, presenting results multiple times at client internal security committee meetings., Assisted in organizing asset + vulnerability automatic scanning scripts, improving financial industry client asset management efficiency and saving 50% manual investigation time., Familiar with common architectures and attack surfaces in the financial industry, including online banking systems, payment gateways, OA systems, mobile App API security, development-test environment isolation, etc., with business risk understanding capabilities.