Ben Gibbs

Staff Security Engineer at Jane Software
February 2022 - January 2025

Pioneered the development and implementation of comprehensive application security programs, significantly improving the organization's security posture through effective security tooling and vulnerability management, security architecture improvements, and developer enablement. Successfully balanced security requirements with business velocity while ensuring HIPAA compliance and fostering a strong security culture.

• Architected and implemented Rapid Risk Assessment framework, increasing security reviews by 500% and improving security posture during feature development
• Established enterprise-wide security testing program integrating SAST (Brakeman, Semgrep, Trufflehog), SCA and DAST tools in CI/CD, preventing hundreds of vulnerabilities from reaching production
• Created and operationalised Vulnerability Risk Ownership program with defined decision frameworks, accelerating remediation timelines by 50%
• Engineered secure database encryption service and established key management practices for sensitive healthcare data protection
• Developed custom security tooling automation to streamline finding delivery in CI pipelines, enabling developer autonomy and reducing remediation times
• Led security incident response and forensic investigations, developing preventative measures and playbooks that reduced security incidents
• Supported NIST CSF assessment and SOC2/HIPAA compliance initiatives, providing technical expertise for enterprise risk management
• Provided technical mentorship to Security Engineers while designing and executing technical interview processes to build high-performing security team

Application Security Engineer at Jane Software
October 2020 - February 2022

Instrumental in establishing the Application Security Engineer role after conducting comprehensive OWASP ASVS assessments that identified critical security gaps in mission-critical healthcare applications. Successfully built and implemented security programs that significantly improved the organization's security posture while maintaining compliance with healthcare industry regulations.

• Conducted application security assessments using OWASP ASVS framework, remediating critical vulnerabilities including OS Command & SQL Injection, XSS and Broken Access Control
• Led comprehensive OWASP SAMM assessment of enterprise software development practices, identifying critical security gaps and actionable recommendations to shape the organization's security roadmap and maturity goals
• Primary technical contributor to the Security Guild, encouraging a collaborative security culture and greater security knowledge across development teams that accelerated adoption of security best practices and improved secure development lifecycle processes
• Played technical role in achieving SOC2 certification and HIPAA compliance, identifying critical security controls and addressing gaps to meet regulatory requirements and enhance customer trust
• Implemented critical vulnerability remediation fixes across mission-critical healthcare applications, successfully mitigating high-risk security issues including Command Injection, SQL Injection, Broken Access Control, and Cross-Site Scripting (XSS), significantly reducing the organization's risk profile

Senior Backend Developer at Jane Software
July 2018 - October 2020

Demonstrated strong technical leadership experience in healthcare technology, combining architectural expertise and development of mission-critical features while taking on increasing responsibility for security and infrastructure initiatives, laying the groundwork for transition into application security engineering.

• Led architectural design of innovative Waitlist Notifications system, demonstrating technical excellence through industry recognition
• Spearheaded development of significant features including internationalization, time zone handling, and accessibility improvements, significantly expanding platform capabilities and market reach
• Contributed to AWS migration strategy by establishing enterprise-wide Terraform standards during proof-of-concept phase, enabling successful transition of primary web application to cloud infrastructure
• Led refactoring initiatives of core business systems including tax processing and insurance claim billing codes, improving system reliability and maintainability
• Led comprehensive Disaster Recovery and Business Continuity assessment, documenting critical systems and establishing resilience protocols to minimize operational risks
• Served as developer representative on Security & Privacy committee, providing technical expertise for risk assessment and contributing to organizational security strategy

Senior Software Developer at Charitable Impact
December 2016 - May 2018

Contributed skills and experience to the improvement, maintenance and scalability of the Charitable Impact Platform. Led the design of a number of refactors to stabilise and improve the performance of core functionality within the Charitable Impact application, helped finalise the plans and finish the work to modernise the application for its successful move to Heroku.

• Redesigned critical systems and security architecture, including a more stable money transaction system that improved user clarity and reduced refunds, while also prototyping and building a secure API layer and integrating a new authentication system
• Introduced RFC/RFD processes as an active Back-End Chapter member, mentored junior and intermediate developers across Vancouver and Bangalore teams, and conducted regular code reviews to ensure quality releases
• Led performance optimization and scalability initiatives, serving as liaison between Back-End and Infrastructure teams while implementing security enhancements and providing data integration solutions

Chief Technology Officer at Volcanic (UK) Ltd
December 2013 - November 2016

Spearheaded the development and scaling of a market-disrupting, multi-tenant, multi-lingual online platform for the recruitment industry, growing from zero to over £1.65M in annual recurring revenue with continued month-over-month growth of £10,000+. Architected core technologies and infrastructure while building and mentoring high-performing development teams that delivered exceptional product quality through agile methodologies.

• Delivered transformative business growth by architecting a multi-tenancy platform that disrupted the recruitment web technology market through a monthly fee model instead of traditional up-front costs, collaborating closely with executive leadership to translate business requirements into technical strategy
• Led global technical expansion by designing and implementing AWS infrastructure across APAC, Europe, and North America, dramatically improving platform stability and security while establishing comprehensive security protocols and disaster recovery processes
• Built and mentored high-performing development teams through the introduction of agile methodologies, daily standups, and product testing strategies, fostering a culture of technical excellence and continuous delivery of high-quality features

Freelance Ruby Developer as Bobop
November 2006 – December 2013

Specialised as a Ruby on Rails developer dealing with the full stack from front-end Javascript to back-end development and infrastructure planning and implementation on various projects.
Client projects included:

• Reverse auction site for courier bids on consumer and commercial deliveries
• Accommodation booking site for theatre professionals, both with payment gateways

Original projects include:

• OpenData visualisation sites
• BorrowNote - a sharing economy based service reminding users what they have lent
• GiftAidr - a mobile optimised site to collect UK GiftAid charitable donations for easier accounting
• Glidely - a dynamic timeline of social media activity