Stephen Bright Ahinaquah
Accra
Summary
Dynamic Application Security Officer with a proven track record at CalBank PLC, leading vulnerability assessments and enhancing security protocols. Expert in application security testing and DevSecOps, I drive remediation efforts and mentor teams, achieving a 30% improvement in deployment speed through automation. Committed to fostering secure coding practices and compliance excellence.
Overview
7
7
years of professional experience
1
1
Certification
Work History
Application Security Officer (Acting Application Security Manager)
CalBank PLC
Accra
02.2024 - Current
- Lead comprehensive security assessments (VAPT) for critical pre-production and production systems, identifying vulnerabilities and driving remediation efforts with development and infrastructure teams.
- Configure, manage, and tune FortiWeb WAF security policies across multiple environments, enhancing protection against OWASP Top 10 threats and reducing false positives.
- Conduct in-depth security reviews of T24 Core Banking and Fiorano middleware, ensuring adherence to security best practices and regulatory compliance.
- Perform manual penetration tests using Burp Suite Pro to validate automated findings and uncover complex vulnerabilities in web applications and APIs.
- Automate penetration testing workflows using Kali Linux tools and scripting, significantly improving testing efficiency and coverage.
- Lead quarterly vulnerability scans for retail and online banking platforms, coordinating remediation of critical findings such as weak ciphers, missing MFA, and insecure configurations.
- Developed and implemented revised Patch & Vulnerability Management SLA, establishing clear timelines, escalation paths, and compliance reporting metrics.
- Championed secure coding standards and integrated automated security checks (SAST/DAST) into Azure DevOps CI/CD pipelines.
- Strengthened access controls by conducting regular user access reviews across on-premises and cloud applications, leading the initiative to enforce MFA for all users.
- Collaborate effectively with Technical Support (TSU) and Digital Solutions (DSD) teams to remediate SSL/TLS configuration weaknesses and optimize WAF deployments.
- Serve as a key panelist for technical interviews, evaluating candidate proficiency in secure development, VAPT, and compliance.
- Train and mentor junior security team members and developers on secure coding practices, pentesting methodologies, and tool usage.
Product Configuration Engineer
Huawei Technologies Ghana
Accra
01.2018 - 06.2023
- Configured, tested, and deployed telecommunication network products (e.g., [Mention 1-2 specific product types if possible, like Routers, Switches, Base Stations]), ensuring strict adherence to technical specifications and quality standards.
- Developed Python scripts to automate configuration workflows, reducing manual errors and improving deployment speed by approximately 30%.
- Collaborated with cross-functional engineering teams to troubleshoot complex technical issues and optimize product performance within live network environments.
Education
BSc - Computer Engineering
Kwame Nkrumah University of Science & Technology (KNUST)
Kumasi, Ghana01.2018
WASSCE - General Science
Saint Augustine’s College
Cape Coast, Ghana01.2013
Skills
- Application Security Testing (SAST, DAST, VAPT)
- Secure Software Development Lifecycle (SSDLC)
- DevSecOps
- Vulnerability Assessment
- Penetration Testing
- Threat Modeling
- Risk Assessment
- WAF Configuration
- Tuning
- Evasion Techniques
- Security Policy Development
- Compliance (ISO 27001, BoG Directive)
- Identity & Access Management (IAM)
- User Access Reviews
- MFA
- Cloud Security (Azure)
- CI/CD Pipeline Security
- Technical Leadership
- Training
- Mentoring
- Security Tools: Invicti (Netsparker)
- Burp Suite Pro
- Kali Linux (Metasploit, Nmap, Wireshark)
- FortiWeb WAF
- OWASP ZAP
- Nessus/OpenVAS
- Programming & Scripting: Python
- C#
- JavaScript
- Java
- PHP
- Bash
- Frameworks & Platforms: Flutter/Dart
- NET
- Unity
- DevOps & CI/CD: Azure DevOps
- Git
- Jenkins
- Cloud & Databases: Microsoft Azure
- Firebase
- MySQL
- Backendless API
- Operating Systems: Linux (Kali, Ubuntu)
- Windows Server
- Other: AI/ML (TensorFlow, DialogFlowai)
- Game Engines (Unity, Unreal)
- Graphics (Blender, Photoshop)
- Vulnerability assessment
- Web application testing
- Patch management
- Access control
- Secure coding
Affiliations
- Member, Ghana Information Security Association (GISIG)
- Panelist, CalBank PLC Technical Interview Board
Certification
- Burp Suite Certified Practitioner (BSCP)
- Certified Secure Web Application Engineer (CSWAE)
- CompTIA Security+
- ISO/IEC 27001 Lead Implementer (Completed [Month, Year] or In Progress - Expected [Month, Year])
- Advanced Exploitation Techniques & WAF Evasion (Completed [Month, Year])
- Bank of Ghana Cybersecurity Directive Workshop (Attended [Month, Year])
- Huawei Certified Network Associate (HCNA)
Languages
- English (Fluent)
- Fante (Native)
- Twi (Conversational)
Selected Projects
- AI-Driven Feedback Analysis Platform: Designed an ML pipeline using TensorFlow and Python to automatically categorize and prioritize customer feedback for financial services applications.
- Feedback Aggregation Service Dashboard: Developed a cross-platform mobile/web application (Flutter, Firebase) enabling users to consolidate messages from linked social media channels.
- FloppyDiskMan (Google Play Store): Developed and published a 2D mobile game using Unity (C#), integrating Google Play Services for leaderboards and achievements.
- Ape – E-Learning Gamified Platform: Created an interactive e-learning platform utilizing Unity (C#), DialogFlow.ai, PHP, and Backendless API; presented project at ICL 2018 competition.
Languages
English
First Language
Timeline
Application Security Officer (Acting Application Security Manager)
CalBank PLC
02.2024 - Current
Product Configuration Engineer
Huawei Technologies Ghana
01.2018 - 06.2023
BSc - Computer Engineering
Kwame Nkrumah University of Science & Technology (KNUST)
WASSCE - General Science
Saint Augustine’s College
Similar Profiles
Francis Baron KpogohFrancis Baron Kpogoh
Personal Relationship Manager at CalBank PLCPersonal Relationship Manager at CalBank PLC
YVONNE AFIBA NYAMIKEHYVONNE AFIBA NYAMIKEH
CLIENT SERVICE OFFICER at CALBANK PLCCLIENT SERVICE OFFICER at CALBANK PLC
GERTRUDE LARKOH OBUGERTRUDE LARKOH OBU
National Service Personnel at CalBank PLCNational Service Personnel at CalBank PLC
RICHARD OFOSU ACHEAMPONGRICHARD OFOSU ACHEAMPONG
Relationship Manager at CalBank Plc LimitedRelationship Manager at CalBank Plc Limited
Eric OpokuEric Opoku
General Manager at Pokujobs Company LimitedGeneral Manager at Pokujobs Company Limited