Senior Penetration Tester supporting federal government agencies:
● Assist with the development of Secure Operation Center (SOC) mock exercises to test the SOC's ability to detect, identify, and resolve incidents
• Develop management briefings on SOC Exercise results including lessons learned and areas for improvement
• Setup and deploy a raspberry pi to mimic a malicious device on the network
• Assess data exfiltration identification capabilities
● Assess Guest Wireless Network security
• Setup and deploy a wifi pineapple in order to harvest credentials
• Assess the ability for Guest Wireless clients to access internal resources
● Assess the security of Active Directory and Identity Credential Access Management solutions
• Utilize Burp Suite Professional to review SAML implementation and session management implementation
• Utilize Powershell Empire to simulate an exploited workstation in the enterprise
● Perform Manual Web Application reviews
● Manage aws infrastructure to support penetration testing needs
• Deploy aws infrastructure to support agency's github enterprise scanning initiative using gitrob
● Utilize scripting languages such as python, powershell, and ruby to support security assessments
● Utilize hashcat to perform password attacks during penetration tests and to assess the password complexity of privileged accounts
- Senior Penetration Tester at Defense Point Security
- Development Team Lead at CSC / TMS Associates
- Systems Engineer at IBM / Bridgephase LLC
- Siebel Application Developer/Administrator at CSC / Infotran Systems Inc
2 years, 11 months at this Job
- Bachelors of Science in Management Science and Information Technology - Management Science and Information Technology
Provided Full Vulnerability Assessments utilizing OpenVAS and Nessus network assessment tools Conducted thorough Web Application Penetrations Tests using proxies and common Web Application vulnerabilities such as XSS, CSRF, RCE, LFI, SQL Injection and others Fluent in Metasploit use and application and often manually crafts exploits to compromise target hosts Strong Social Engineering Penetration tests leading to pivoting within networks to the second and third layer Defined and implemented requirements for Information Security solutions Finding Vulnerabilities using fuzzing techniques and Buffer Overflow Attacks Performed security reviews of application designs, source code and deployments as required (OWASP) Executive and technical reporting, scripting in bash and python, read and modify code accordingly to vendor needs
- Penetration Tester at Wyoming IT Solution Specialists
- Operations and Contract Engineer at Mexdrill Offshore/Diamond Offshore
- Logging Engineer at Halliburton De Mexico
4 years, 2 months at this Job
- Bachelor of Electronics Engineering and Telecommunications - Electronics Engineering and Telecommunications
• Identifying and exploiting network, and application vulnerabilities in order to illustrate risks and provide prioritized recommendations to clients.
• Performed port scanning on servers using NMAP and closed all unnecessary ports to reduce the attack surface.
• Performed penetration testing using Kali Linux based on OWASP Top 10 to find XSS, SQL Injection, CSRF, authentication bypass, cryptographic attacks, authentication flaws.
• Used IBM AppScan for static code and dynamic code analysis for web application.
• Performing the code review to remove the False Positives and also identify the False Negatives.
• Prepared comprehensive security report detailing identifications, risk description and recommendations with the code snippets for the Vulnerabilities.
• Captured live packets using Wireshark to examine security flaws in the network.
- Penetration Tester at Anthem BCBS
- Security Analyst at BCBS, Illinois
- Penetration Tester at Vibertech Solutions Pvt Ltd
- Penetration Tester at Amara Raja
2 years, 2 months at this Job
- Bachelor of Technology - Information Technology
• Perform web application penetration tests, network penetration tests, and wireless networkassessments on legacy and modern technologies
• Perform network and web application vulnerability scanning
• Set up and conduct phishing campaigns in order to gain access to sensitive information
• Create documentation outlining how to conduct wifi penetration tests and using KaliNetHunter
• Assist with scoping assessments, report documentation, and writing out-brief presentations
- Penetration Tester at Gray Tier Technologies, LLC
- Penetration Tester at ASRC Federal Vistronix
- Applications Engineer at NTT Communications
4 months at this Job
- Bachelor of Science - Computer Science
- Bachelor of Arts - Government and Politics
• I conduct vulnerability assessments to websites, mobile applications.
• I perform analysis and reverse engineering of Malware.
• I perform penetration testing, including but not limited to, websites, mobile applications, and vehicles.
• Assisting with network and automotive security research.
• Conduct security research and intelligence gathering regarding emerging threats and exploits.
- Penetration Tester at Fortune 60 Organization
- Cyber Threat Detection & Response Analyst at Ernst & Young LLP (E&Y)
- Symantec Cybersecurity Training Program at NPower
- Managing Member at Warren Capital
4 months at this Job
- Masters of Science - Cybersecurity and Information Assurance
- Bachelors of Science in Network & Communication Management - Network Engineering
network and web application penetration testing using tools such as Burp Suite Professional, SoapUI, Metasploit, and Kali Linux
- Penetration Tester at Voya Financial
- Systems Administrator Intern at Holy Comforter Episcopal School
- Programming Instructor/Technology Coordinator at ID Tech inc
- Nightstaff at Florida State University Housing
1 year, 5 months at this Job
- BS - Computer Criminology
Vulnerability testing as well as Penetration testing for companies who contract us and are interested in becoming more secure on the internet. HIPAA, PCI
- Penetration Tester at Sekure Nation
- Finance Manager at Quebedeaux Buick GMC
- President and CEO at Al-Munt Corporation
- Vice President at Chevrolet, Mansour Incorporated
4 months at this Job
- - Physiological Sciences
Title Penetration Tester /Source Code Review Role Purpose: I am currently in charge of testing the network security of the company and working with its software developers to reduce bugs in their codebase through effective code review External Consultant Lead Penetration tester(Fortity Data) America Title: External Consultant Role Purpose:I was the external auditor hired to perform penetration test for the companies clients. I audited the company client web application and wrote an extensive vulnerability report found.
- Lead Penetration tester for leading Fin tech company at Undisclosed
- External Consultant Lead Web application penetration tester at Digital Jewels
- Penetration Tester/Trainer(Adhoc Consultant) at NSQAP
- Information Technology Analyst at Federal College Of Education Technical(Asaba)
2 years at this Job
- Bachelor's of Science - Information and Communication Technology
- Master's Of Computer Science - Computer Science
- Master's of Computer Engineering - Computer Engineering
• As a security analyst and pen tester worked on OWASP top 10, SANS 25 and Common Vulnerabilities and Exposures (CVE) identifying, reporting and help developers in remediating the issues.
• Conducting Web Application Vulnerability Assessment, Threat Modeling and secure code reviews on the applications.
• Efficiently performed web application, vulnerability assessment using Burp Suite, HP Web Inspect, Nexpose and IBM AppScan.
• Perform manual security testing for OWASP Top 10 vulnerabilities like SQL Injection attacks, cross site scripting (XSS), CSRF, Session Management etc.
• Security assessment of online web applications to identify the vulnerabilities in distinct categories like Input and data Validation, Authentication, Authorization and risk assessment.
• Experience in using Kali Linux performing web application assessment to identify, validate and exploit vulnerabilities using tools like Metasploit, DirBuster, OpenVAS, Nikto, SoapUI and Nmap.
• Managing Mobile devices using Airwatch MDM as Pilot Program.
• Performing core security assessments for Mobile apps, Web applications, Web Services.
• Experience working with SQLmap, an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
• Identifying the risk level (critical, High, Medium, Low) and prioritizing vulnerabilities found in web applications based on OWASP Top 10, SANS 25 and GSEC.
• Performed static code reviews with the help of automation tools.
• Training the development team on the most common vulnerabilities and common code review issues and explaining the remediation's, prioritizing the issues found.
• Provide software security support related to Fortify, HP Web inspect and remediation guidance to development teams.
• Identifying vulnerabilities and threats based on client's security policy and regulatory requirements such as PCI, PII, HIPAA, and SOX.
• Performed penetration testing and vulnerability management over the enterprise systems to audit the standards to comply with NIST and ISO 2700x standards.
• Vulnerability Management by scanning, mapping and identifying possible security holes using Qualys Guard and Nessus scanner.
• Supported PC/LAN in an Ethernet based TCP/IP (DCHP & STATIC IP allocation).
• Reviewing the reports and code removing the False Positives and identify the False Negatives.
• Good Knowledge on BCP (Business Continuity Planning) and DR (Disaster Recovery).
• Experience working on RSA Archer e-GRC Platform Version 5.5 (Application Builder, Access Controls, Data Feed Manager, Business Continuity Manager).
• Used QRadar and ArcSight as SIEM systems for alert and Incident Response, and manage QRadar SIEM elements such as log collection, Normalization, Correlation and Reporting.
• Developed cyber security policies and best practices to maintain confidentiality, integrity and availability of organizational data.
• Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure. Environment: Java, java script, XML, UNIX, Burp Suite, Nmap, Zenmap, Metasploit, SQLmap, SoapUI, DirBuster, Kali Linux, Qualys Guard, Nexpose, OWASP Top 10, HP Web Inspect, IBM App Scan, Nessus, RSA archer, SIEM, QRadar, Splunk.
- Information Security Analyst / Penetration Tester at Chubb Insurance, TX
- Security Engineer at Mind Tree
- Security Engineer at EPAM Systems India Private Limited
2 years, 2 months at this Job
- Masters in Computer Science - Computer Science
I consuct freelance and contracted penetration testing for companies and businesses who wish to improve their security on all fronts. I conduct electronic port scans and test possible system exploitation via command-line programming such as msfconsole (Metasploit Framework), nmap scanning, and other OSINT tools. I conduct physical penetration testing for companies and businesses by donning the proper attire and mannerisms of observed employees and blending in to the company profile, attempting to exploit the security measures in place to simulate the consequences of a real-life exploitation and security failure.
- Penetration Tester, Physical/Electronic at DBA LokSys Services
- Mechanic at QuikFix Automotive
- Owner/President at Shelburne Music Group
- Executive Assistant to CEO at BHO Blaster LLC
3 months at this Job
- Certification - Audio Engineering / Post Production / Live Sound
- - Business / Marketing
- High School Diploma