Penetration Tester
Current• Implemented OWASP-based security assessments for web applications, leveraging manual testing techniques and industry-standard tools to identify vulnerabilities, including injection flaws, authentication bypasses, and insecure configurations using tools like Burp Suite, identifying critical flaws such as SQL injection, XSS, and CSRF, and delivering comprehensive remediation plans.• Executed advanced penetration testing on networks and infrastructure, using automated and manual techniques to discover vulnerabilities like lateral movement paths, insecure network protocols, and misconfigurations in firewalls and routers.• Secured Mobile Applications on Android and iOS platforms by performing in-depth security assessments, identifying potential risks, and proposing effective strategies for mitigating vulnerabilities.• Assessed the security of IoT devices and networks, performing firmware analysis, protocol testing, and vulnerability exploitation using tools like Binwalk and Wireshark, developing secure configuration and patch management recommendations.• Led phishing and social engineering campaigns, simulating spear-phishing attacks, credential harvesting, and website cloning with tools like the Social-Engineer Toolkit (SET) and pywebcopy, identifying organizational vulnerabilities and enhancing user training programs.• Developed tailored penetration testing strategies based on client infrastructure, leveraging methodologies such as the MITRE ATT&CK framework and OSSTMM to align security assessments with the client's specific threat model and business objectives.• Produced detailed security reports including CVSS-based risk assessments, outlining vulnerabilities such as insecure APIs, improper session management, and outdated cryptographic practices, and providing step-by-step remediation aligned with industry standards like PCI-DSS and NIST