Arash Vahedpour
About Arash Vahedpour
Arash Vahedpour is a Senior Security Engineer with extensive experience in application security and compliance. He has established security programs, implemented automated controls, and worked in various security roles across multiple organizations in Iran and Germany.
Work at Vay
Arash Vahedpour has been employed at Vay as a Senior Security Engineer since 2022. In this role, he has established an application security program that integrates various security testing tools with over 70% of code repositories. His efforts have led to a significant reduction in the average remediation time for critical flaws to just 8 hours. Additionally, he has implemented automated security controls utilizing programming languages and infrastructure as code tools, enhancing the security posture of the organization.
Previous Experience in Information Security
Prior to his current position, Arash Vahedpour held multiple roles in information security. He served as Information Security Manager at Sadad Electronic Payment from 2015 to 2019, where he focused on enhancing security measures. He also worked as an IT Security Specialist at Sadad Informatics Corporation from 2009 to 2012. His experience includes roles as Information Security Instructor and Application Security Consultant at Amn Gostaran e Roozbeh Co from 2019 to 2021, and as IT Security Architect at RighTel from 2020 to 2021.
Education and Expertise
Arash Vahedpour earned a Bachelor of Engineering in Computer Hardware Engineering from Islamic Azad University. He possesses extensive knowledge of various security standards and frameworks, including ISO 27001, PCI-DSS, OWASP, BSIMM, NIST, CSA, GDPR, and CIS. This educational background and expertise support his work in developing and implementing security measures across different organizations.
Achievements in Security Management
Throughout his career, Arash Vahedpour has initiated several key security management practices. He established risk-based vulnerability management protocols, deploying tools for vulnerability and compliance assessment, as well as attack surface monitoring. His work has enhanced asset visibility and protection. Additionally, he redesigned AWS security controls, resulting in a tripling of compliance with CIS benchmarks, showcasing his capability in improving organizational security frameworks.