- Featured in:
-
High Quality
The best examples from thousands of real-world resumes
Expert Approved
Handpicked by resume experts based on rigorous standards
Diverse Examples
Tailored for various backgrounds and experience levels
No results found
Candidate Info
year in workforce
year at this job
Electronics & Communication Engineering
Industrial Engineering
Penetration Tester
Evaluated website firewall protection against hackers and was entrusted to find vulnerabilities in commercial and government websites
- Received honors for successfully preventing data security breaches against the Tax Department of India by finding out a critical vulnerability in their website
- Developed Black Box Security test environments & conducted tests as part of team for precautionary measures
- Helped onboard new members to organizational security practices and trained them in Cyber Security and Cyber
Candidate Info
years in workforce
month at this job
Engineering
Education
Education
Senior Information Security Analyst/penetration Tester
Performed audits by assessing web application threat, vulnerabilities and defense programming
- Performed risk assessments to ensure corporate compliance
- Developed and prepared audit program and agenda's
- Conducted security event monitoring for corporate wide in-scope applications
- Performed application security and penetration testing using Rational Appscan
- Managed the quarterly employment verification process
Candidate Info
years in workforce
years at this job
Intelligence Operations
English
Information Assurance
Penetration Tester
Performed penetration testing of U.S military networks and systems to emulate threats and improve computer network defense posture.
- Conducted onsite penetration tests from an insider threat perspective.
- Penetrated DoD network defense mechanisms externally utilizing various methods and techniques (withheld for operational security).
- Analyzed malware behavior, network infection patterns and security incidents in defense of U.S.
- Analyzed approximately 10 classified network security intelligence reports on a daily basis.
- Produced advisory reports regarding 0-day exploits, CVE vulnerabilities, current network
Candidate Info
years in workforce
months at this job
Business Administration
Junior Cyber Engineer (penetration Tester)
Performed network and system penetration testing.
- Researched and analyzed known hacker methodology, system exploits and vulnerabilities to support Red Team Assessment activities.
- Created written reports, detailing assessment findings and recommendations.
- Provided oral briefings to leadership and technical staff, as necessary.
- Provided occasional, assistance with the development and maintenance of internal Red Team methodology, to include training program.
Candidate Info
years in workforce
month at this job
Engineering
Education
Education
Senior Information Security Analyst/penetration Tester
Performed audits by assessing web application threat, vulnerabilities and defense programming
- Performed risk assessments to ensure corporate compliance
- Developed agenda for quarterly audit program
- Conducted security event monitoring for corporate wide in-scope applications
- Performed application security and penetration testing using Rational Appscan
- Managed the quarterly employment verification process
Candidate Info
years in workforce
months at this job
Information Assurance
Sr. Penetration Tester
Conducted assessment on the [company name] national systems utilizing NIST 800-53 Rev.4 and OWASP
- Performed host, network, and web application penetration tests
- Performed network security analysis and risk management for designated systems
- Proposed remediation strategies for remediating system vulnerabilities
- Developed Security Assessment Plan, Security Assessment Report, Security Assessment Questionnaire, Rules of Engagement, Kick off Brief, and Exit Brief templates
- Developed CVSS calculator to rate risk for vulnerability using Excel
- Created OWASP web application test cases and mapped them to associated NIST 800-53 Rev.4 security controls
- Perform peer reviews of Security Assessment Reports (SAR)s
Candidate Info
years in workforce
years at this job
Computer Science
Business Security Consultant / Penetration Tester
Managed project teams for onsite engagements. Conducted daily progress and review meetings for customers Senior Management.
- Acted as Senior Engagement Manager. Managed team of eight people
- Creation/Review of Security Policies, Standards and Procedures
- HIPAA Compliance Testing - Matrix Mapping of Company Policies and Controls
- Tested Medical Application Systems for HIPAA Compliance
- ISO 17799 Compliance Testing - Preformed Matrix Mappings of Company Controls
- PCI DSS auditing and compliance reviews
- Performed Vulnerability Assessments and Data Classification
Candidate Info
years in workforce
years at this job
Computer Information Systems
Marketing And Management
Computer Science, Psychology And Sociology
Sr. Penetration Tester/security Research
Frequently use NMAP, Magento, MetaSploit, Nessus, Fierce and other tools for full breach penetration testing and regulatory compliance assessments. Specialties include aggressive engagements of Fortune 500 networks and SCADA/ICS networks, in which custom toolsets were used for in-depth passive analysis.
- Designed and architected full automation solutions for Security Product Testing, including the determination of "patient zero" and data correlation for reliable lab results. Splunk was leveraged heavily for dashboards and alerting of anomalous behavior in test results.
- Developed ontological and heuristic behavior frameworks for incident investigation and response. Many of my findings were implemented into a leading security platform.
- Creation of secure virtualized lab for exploit creation, malware distribution analysis and security product testing.
Candidate Info
years in workforce
months at this job
Business Administration / Management Information Systems
Senior Vulnerability Analyst & Penetration Tester
- Performed penetration tests of US State DMV web sites and associated licensing systems.
- Participated in the development and deployment of an air gapped V&V laboratory for the evaluation of biometric authentication devices prior to US government purchase and approval.
- Performed penetration and exfiltration tests on air gapped networks and lab environments.
- Designed data diode and similar one-way network data flow controls to allow updating of security systems within air-gapped V&V labs using open source software and COTS fiber optic network hardware.
- Performed lab evaluations of biometric device firmware, license renewal kiosk software source code, and drivers license/Photo ID camera systems and photography equipment.
- Advised on secure data deletion and equipment sanitization, decommissioning. and reuse guidelines for high security environments.
Candidate Info
year in workforce
months at this job
Management Information Systems, 386 / 40
Attack and Penetration Tester
- Discovered and communicated two reflective cross-site scripting vulnerabilities and two unprotected directories while performing an external web security assessment
- Used social engineering to reach server rooms and test for proper VLAN segregation at 4 retail stores
- Performed a wireless network assessment of 4 retail stores and US, Canada and Mexico corporate headquarters
- Performed dial-up penetration testing of over 1,000 dial-up devices
Candidate Info
years in workforce
months at this job
Web Application Penetration Tester
Performed white box security assessments to identify the client's strengths and weaknesses in their web applications.
- Generated security reports on findings on the identification of vulnerabilities and offered remediation procedures to the client.
- Educated clients on best practice methodologies to harden their systems and minimize future attacks.
- Technologies Used - MetaSploit, BackTrack Operating System, Burp Suite, Splunk, Nessus, FoundStone, SQL, ASP .NET, Perl, Python, C/C++, assembly, bash, PHP, HTML
Candidate Info
years in workforce
years at this job
Information Assurance
Sr. Information Security Engineer/penetration Tester
Member of the Computer Security Information Response Center (CSIRC) participating in incident analysis, response and threat assessment on a daily basis.
- Conducted Penetration Test of the [company name]'s non-Commerce web site and related infrastructure, including web servers, application and database servers. Weaknesses discovered resulted in a multi-phase remediation and upgrade effort to resolve flaws.
- Conducted PCI required Penetration Test of the eCommerce System which resulted in minor findings requiring remediation and furthered the PCI compliance effort for the system.
- Conducted PCI required Penetration Test of the outsourced call center and fulfillment operation serving the ecommerce line of business. Findings resulted in a multi-phase remediation effort.
- Performed wireless scans using Kismet, KisMac, and the Aircrack-ng suite
- Participated in the development of the tailored security baselines for servers and networking equipment
- Built, configured and deployed Snort IDS appliances to monitor Manufacturing department SCADA and industrial control assets.
- Developed custom written malware to evade anti-virus systems as a demonstration for non-Commerce website stakeholders and [company name] management. This resulted in the cancellation of a project to receive file submissions from the public on non-hardened infrastructure.
- Performed evasions of Symantec and Sophos antivirus suites using various techniques to deliver payloads in PDF and executable files
- Conducted social engineering test exercises coordinated with Treasury GSOC to determine level of infiltration possible using remote command and control frameworks.
- Developed custom written Python scripts to generate weekly vulnerability dashboards used by technical and management staff.
Candidate Info
years in workforce
years at this job
Business Information Systems
Management Information Systems
Vulnerability/penetration Tester
Demonstrated experience in Application Security, Web Application Security, penetration testing beyond the use of vulnerability scanners, manual application review
- Conducted open security testing standards and projects, including OWASP secure coding practices and Top Ten testing framework, FISMA, NIST, OWASC
- Executed daily vulnerability assessments, threat assessment, mitigation and reporting activities in order to safeguard information assets and ensure protection has been put in place on the systems
- Found common web site security issues (XSS, CSRF, session fixation, SQL injection, information leakage, application logic etc.) across various platforms
- Developed custom scripts, used automated tools for exploiting vulnerabilities and formal tests on web-based applications on a regular basis
- Directed research pertaining to the latest vulnerabilities, tools and the latest technological advances in combating unauthorized access to information
- Provided technical review and testing of new technologies such as Enterprise security applications/devices, appliances, mobile devices, mobile applications, etc.
- Supported Information Assurance asset deployments, upgrades, and maintenance; including servers, databases, network assets and wireless LAN security
- Exhibited client facing skills and capability to articulate technical concepts to a variety of technical and non-technical audiences
- Worked independently and within a team environment
Candidate Info
years in workforce
years at this job
Network Security
Information Security Specialist/penetration Tester and Exploit Technician / Technical Team Lead
Deployed to the National Training Center (NTC) as a Technical Team Lead to provide a Cyber Opposing Force by employing black box penetration testing tactics, techniques, procedures which realistically portrayed a malicious outsider conducting computer network operations resulting in an improved network security posture for deploying organizations.
- Serves as a Battalion Penetration Tester and Exploit Technician as the Army's World Class Cyber Opposition Force (WCCO); Responsible for providing an opposing force for Joint training exercises in order to present real world threats.
- Instructor for the Battalion Ethical Hacking Training Academy; taught courses that involved routing and switching, cryptology, password cracking, ISSAF Framework, OSSTMM Methodology, Windows/Linux command line, and attack techniques/methodologies.
- Created a training program designed to evaluate, train and maintain proficiency levels of penetration testers and ethical hackers within the organization; training program was adopted by the US Army Cyber Command for dissemination to other subordinate commands.
- Participated as a member of the Navy Red team in Cyber Flag-2012; designated as a technical lead to provide support to the Team lead and assist with team operators.
- Proficient knowledge of BASH scripting as well as scripting in the Python language for use in vulnerability assessments/Penetration test
Candidate Info
years in workforce
years at this job
Information Security Specialist/penetration Tester and Exploit Technician
Serves as operator for a cyber-mobile support team, responsible for conducting cyber operations in support of DOD operations.
- Deployed to the National Training Center (NTC) as part of a mobile support team to provide a Cyber Opposing Force by employing black box penetration testing tactics, techniques, procedures which realistically portrayed a malicious outsider conducting computer network operations resulting in an improved network security posture for deploying organizations.
- Participated as a member of the Navy Red team in Cyber Flag-2011
- Serves as a Battalion Penetration Tester and Exploit Technician as the Army's World Class Cyber Opposition Force (WCCO); Responsible for providing an opposing force for Joint training exercises in order to present real world threats.
Candidate Info
years in workforce
years at this job
Mis
QA Penetration Tester
Responsible for feature/maintenance release testing for Web Inspect 10.0
- Perform vulnerability assessments and penetration testing/ethical hacking using WebInspect
- Perform functional testing of WebInspect framework and UI user stories
- Perform, review and analyze security vulnerability data to identify applicability and false positives
- Publish reports and test results for stakeholders and executive management
- Work closely with research, development and product management for vulnerability remediation
- Lead Analyst for AutoPass Licensing & Infrastructure Integration Project
Candidate Info
years in workforce
years at this job
Government And International Politics
Information Assurance/penetration Tester
Complete penetration testing of the IHS network and affiliate sites using tools such as CoreImpact, Metasploit, Nessus, NMAP, BackTrack, Nexpose, LANsurveyor and Visiwave
- Define vulnerabilities that are susceptible to attack and exploitation, while identifying and eliminating false positives
- Assess the physical security using various social engineering tactics
- Make recommendations on enhancing overall security of the network
- Responsible for determining if network security is compliant with IHS, HIPAA, NIST and FIPS guidance
- Evaluate the overall security posture of the IHS network and tribal sites
Candidate Info
years in workforce
months at this job
Computer Science
Network Security
Security Test Engineer / Penetration Tester
- Performed research, analysis and testing of network and application vulnerabilities
- Documented detailed penetration test reports.
- Performed Web-application/Network/Port/Wireless Vulnerability scanning using metasploit and publicly available exploits.
- Exploited web application vulnerabilities such as cross-site scripting, SQL injection, directory traversal, man-in-the-middle attacks, authentication bypass, and command injection
- Responsible for writing custom bash/Perl scripts to automate tasks.
- Generated custom doc/pdf files that tests for the existence of vulnerability.
- Examined network captures (PCAP files), IDS/Honeypot logs for vulnerabilities.
- Assisted clients with questions regarding vulnerabilities and propose mitigations
Candidate Info
years in workforce
years at this job
Information Systems
Technical Management
Freelance Security Consultant/penetration Tester
Helping customers manage cyber risk through a variety of services geared towards minimizing exposure and maximizing return on investment.
- Managing projects, penetration tests, and client relationships.
- Conducting network & application penetration testing, web application security reviews, and source code security analysis for internal clients
- Assisting in ongoing vulnerability management across the enterprise
- Working with developers and administrators to remediate identified vulnerabilities
- Managing a business that provides website development, networking solutions, and server administration for small businesses and individuals
- Conducting penetration testing of web applications and networks
- Developing proof-of-concept exploits
- Working with clients to review policies and recommend adjustments
- Performing on-site and remote internal, external, wireless, and web application penetration tests for a diverse set of customers
Candidate Info
years in workforce
months at this job
Progress (complete
March 2014)
Computer Networking
Associate Penetration Tester
Internal and External Penetration testing
- Penetration testing of Fortune 500 companies
- Testing for PCI and HIPPA compliance
- Social Engineering including phishing and pre-text calling
- Physical security assessments
- Red Team engagements
- Narrative report writing
- Daily use of NeXpose, Nessus, Metasploit Pro and Burp Suite Pro
Candidate Info
years in workforce
years at this job
Information Assurance And Security
Penetration Tester
Evaluates security posture of public and private sector organizations.
- Completes manual Internal, External, Web Application, and Firewall Assessments.
- Tests security control application and actual output verses desired output.
- Validates subject to object based authentication and authorizations of business and mission systems.
- Assesses potential vulnerabilities and validated the presence within targets architecture.
- Documents qualitative risks associated with vulnerabilities discovered during assessment.
- Produce Executive Summaries for Chief Suite (C-Suite) personnel.
- Conduct briefings with business leadership to validate scope(s), objective(s) and desired results.
- Depict step-by-step exploitation of organization in a Security Posture and Analysis (SPA).
- Provide detailed remediation steps to help organizations lower their risk.
Candidate Info
years in workforce
year at this job
Information Systems Security
Penetration Tester
Verify GAT test cases for different Cross-Domain Guardian solutions
- Perform Penetration Testing on Cross-Domain Guardian Solutions
- Develop test cases for JVAP testing
- Perform STIG testing on various operating systems
Candidate Info
years in workforce
years at this job
Management Of Information Systems
Penetration Tester
- Performing penetration testing on internal systems with the use of popular penetration testing tools (metasploit, nmap, netdiscover, aircrack-ng)
- Performed Web Application pen testing with tools and through manual exploitation.
- Designing and remediating datacenters built worldwide to meet many regulations and standards such as HIPAA and PCI
- Developing global security policies to meet European Union strict data privacy requirements.
- Monitor Intrusion Detection System for compromised internal networks, and follow up with investigation.
- Provision deployment of various vendor systems in a secure manner.
- Create Firewall rules for new applications and servers according to company standards.
- Solve security related issues in regards to: User profile and permissions in Active Directory, proxy functions, new systems/applications added to enterprise's network, physical access permissions, mobile security.
