• Solid knowledge about ethical hacking, penetration testing, vulnerability management, network security. I have an understanding of common application security vulnerabilities and ability to articulate associated risks. I also have an ability to build threat models and communicate risks in business terms. I can find vulnerabilities in a database and potentially exploit them if necassary.
- Penetration Tester at Rams technologies LLC
at this Job
- - Ethical Hacking
- High school
• As a Penetration Tester I am conducting white and black box testing on Cellularsales.com web application. Developing test cases to test web application according to OWASP and mapped every test case to NIST controls.
• Used Burp Suite to test for OWASP Top 10 vulnerabilities to pen test web application.
• Used Linux server and Nessus tool to perform external scans for Target IP determination.
• Performed scanning using OWASP ZAP to identify weaknesses
• Documenting results, finding, and feedback. Generating and exporting reports for review.
- Penetration Tester (part time - Internship) at Strategic Security
- Sr. Consultant at GSA, VA
- Sr. System Integration Test Engineer at General Service Administration (GSA)
- at Merlin International
1 month at this Job
- Master in Business Administration - Business Administration
- MS in Organic Chemistry - Chemistry
web and network penetration testing SIEM and monitoring
- Penetration Tester at kaipod
6 months at this Job
- Bachelor - Computer Engineer
• Performing security analysis and identifying possible vulnerabilities in the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities.
• OWASP Top 10 Issues identifications like SQLi, CSRF, XSS, Path Manipulation.
• Perform pen tests on different application a week.
• Perform grey box, black box testing of the web applications.
• Create written reports, detailing assessment findings and recommendations.
• Found web site security issues (XSS, CSRF, session fixation, SQL injection, information leakage, application logic etc.) across various platforms.
• Perform risk assessments to ensure corporate compliance.
• Controls on session management like Server-side session states, session termination, Session ID randomness, expiration, Unique tokens, concurrent logged in session, session fixation prevention.
• Perform Static assessment of various applications by Static code analyzers like HP Fortify
• Perform Dynamic assessment of applications by HP Fortify and verify false positives.
• Develop threat modeling framework (STRIDE, DREAD) for critical applications to identify potential threats during the design phase of applications.
• Performed static code reviews with the help of automation tools Veracode and checkmarx.
• Perform the penetration testing of mobile (Android and iOS) applications, specifically, APK reverse engineering, traffic analysis and manipulation, dynamic runtime analysis.
• Execute daily vulnerability assessments, threat assessment, mitigation and reporting activities to safeguard information assets and ensure protection has been put in place on the systems.
• Perform, review and analyze security vulnerability data to identify applicability and false positives.
• Work closely with research and development teams for vulnerability remediation.
• Analyze and assessed risk in the environment.
• Identify issues in the web applications in various categories like Cryptography, Exception Management.
• Work with software development teams, DB/Unix administrators and solution architects as a subject matter expert related to security compliance with PCI DSS and industry standards.
• Analyze parsed data from Qualys, Nessus for Vulnerability Remediation.
• Work on Vendor based Applications, Middleware and layer products
• Provide both strategic analysis and near real-time auditing, investigating, reporting, remediation, coordinating and tracking of security-related activities for customer
• Analyze data and prepared reports that document vulnerabilities from network based attacks and recommended actions to prevent, repair or mitigate these vulnerabilities
• Skilled using tools like Automatic Scanner, NMAP, Dirbuster, Qualysguard, Nessus, HP Fortify, HP Webinspect, IBM appscan for web application penetration tests and infrastructure testing.
• Perform remediation activities for Applications, OS, Database, Middleware, Digital Certificate, Layer Products, Java.
• Identify issues on sessions management, Input validations, output encoding, Logging Exceptions, Cookie attributes, Encryption, Privilege escalations.
• Proactively identified system vulnerabilities to reduce or eliminate potential exploitation using Nessus Security Center and Passive Vulnerability Scanning.
• Work on Enterprise Release Management and Governance activities.
• Work closely with all competency teams to effectively and efficiently remediate vulnerabilities.
• Use Qualys, SPI, Remedy and various other tools in remediation effort.
• Performed Scanning, analyzed data and took remediation steps.
- Penetration tester at Metlife Inc
- Ethical Hacker / Penetration tester at Votercafe.com Ltd
- Network Administrator & Analyst at Avitez Management Pvt Ltd
2 years, 7 months at this Job
· Performed a Grey-box Penetration Testing on web server hosted on University virtual server. · Used Vulnerability scanners Nessus,Metaspolit Framework, OpenVas, Nmap, Nikto, OWASP. · Found vulnerable to Eternal_Blue, RDP, SNMP, FTP, Remote Code Execution, Clear text transmission etc. · Exploited RDP, brute-force Userlogin, FTP, Remote Code Execution, and Eternal_Blue · Created a Penetration Testing Report based on all the findings and Exploits and given mitigation steps.
- Penetration Tester at Illinois Institute of Technology
- Network Stenography - Team Leader at Illinois Institute of Technology
4 months at this Job
- Master's - Cyber Security
- Bachelor's - Information Technology
Performed penetration tests on banks and financial institutions o External black box o Internal grey box o Web application assessments
• Conducted information security assessments using red team tactics
• Performed internal and external vulnerability scans
• Conducted social engineering assessments including phishing and onsite engagements
• Developed new methodologies and procedures to improve testing and assessments
• Created exploit code and exploit mechanisms
• Consulted with clients on remediation efforts
• Secured contracts for the company
• Mentored less experienced team members
• Winner of annual 10-D CTF event
- Penetration Tester at 10-D Security
- Senior Cybersecurity Engineer at Nebraska Furniture Mart
- Information Security Engineer II- Cyber Security Incident Response Team at CenturyLink
7 months at this Job
- Masters in International Security and Terrorism - International Security and Terrorism
- Bachelor of Arts in Political Science - International Studies
• Performs reconnaissance on clients using a multitude of techniques to gather information.
• Executes port scanning against targets to determine which services are vulnerable.
• Provides internal and external testing with high success rate when combined with client-side attacks.
• High success with privilege escalation techniques on both Linux and Windows systems.
• Exploiting networks using web and network vulnerabilities and pivoting techniques.
- Penetration Tester at Incident Security
- Web Administrator at Pinball Publishing Network
- Freelance Security at
8 months at this Job
- Master of Science - MS (Advanced Certificate) CyberSecurity
- High school
Tested, exploited and reported vulnerabilities affecting client networks and web applications in support of the Department of Homeland Security * Tested and exploited COTS and GOTS products being upgraded and installed on the target network * Created reports detailing vulnerabilities on web applications and networks that were exploited in a controlled environment * Contributed and participated in a capture-the-flag scenario with the team to test new exploits and develop additional skills * Researched relevant security vulnerabilities and exploits being released and used in the public by security professionals
- Penetration Tester at Vencore
- Vulnerability Analyst at HTA Technology
- Technical Analyst at Parsons
- Vulnerability Analyst at CGI Federal - Pentagon
2 years, 6 months at this Job
- B.S. - Network Administration
File Hosting (File-up.org) California, USA - Jan 2018 - Dec 2018 Perform online Security Consulting, Penetration Testing, Security Research in 2 Factor Authentication And the project source code analyzing and fine weakens and vulnerabilites .
- Penetration Tester at File Hosting (File-up.org)
- Penetration Tester , Digital Currencies Fintech Co.(Buttercoin) at Buttercoin
11 months at this Job
- B.S. - Computer Engineering
Tasks include vulnerability assessment, penetration testing, wireless network testing, physical security assessment, intelligence gathering and research, and risk analyses. Extensive experience with Linux, Windows and Macintosh platforms, and virtualization technologies. In addition, helped clients with incident and forensic response situations.
- Security Engineer / Penetration Tester at MicroSolved, Inc
- volunteer computer and technical support at Worthington Adventist Church
- Computer Science Adjunct Instructor at Franklin University
- Computer Science and Social Sciences Instructor at Hocking Technical College
3 years, 4 months at this Job
- Microsoft and Cisco certifications - computers, networking, security, database
- Master of Arts - Cognitive Psychology
- Bachelor's of Science - Cognitive Psychology
- Associate of Science - Psychology
- Commercial Pilot License and Certified Flight Instructor - Aviation
- General Certificate of Education - High School