Konrad
Penetration Tester
- Employment:
- Full-time, part-time.
- Age:
- 36 years
- City of residence:
- Lviv
- Ready to work:
- Dnipro, Kyiv, Lviv, Odesa, Remote, Zaporizhzhia
Contact information
The job seeker has entered a email and LinkedIn.
Name, contacts and photo are only available to registered employers. To access the candidates' personal information, log in as an employer or sign up.
You can get this candidate's contact information from https://www.work.ua/resumes/10695380
Work experience
Penetration Tester (Remote)
from 06.2019 to now
(5 years)
KR. Laboratories, Київ (IT)
— Pentest. Executed 10+ External/Internal penetration tests, including Black-Box, Grey-Box and White-Box types, according to different methodologies: OWASP Top 10, OWASP WSTG, OWASP ASVS, SANS Top 25, MITRE ATTACK, OSSTMM, PTES, BSI, ISSAF, WASC, PTF, DISA STIG. I conduct manual testing using the following Offensive Security tools: Kali Linux, Parrot Linux, Arch Linux, Burp Suite, Metasploit, OWASP Zap, OWASP Amass, NMAP, SQLmap, WPScan, Joomscan, Droopescan, Wireshark, Cobalt Strike, Aircrack-NG, THC Hydra, Hashcat, BeeF and many others.
— Audit. I have conducted more than 20 security audits for various types of applications (Web/Mobile/Cloud/On-Premise/IoT/SCADA), including Vulnerability Scanning and Risk Management. In total, I discovered and investigated more than 300 vulnerabilities of various severity. In my work, utilizing CVE/CWE/Exploit-DB databases, CVSS score system and SAST/DAST scanners, such as: Acunetix, Nessus, Rapid7 Nexpose, OpenVAS, Intruder, WhatWeb, Nikto, Nuclei, Qualys, ImmuniWeb, Detectify, SonarQube, Snyk and others. My reports are detailed, contain actionable recommendations to improve security posture and mitigate identified vulnerabilities. All audits based on compliance requirements: ISO 27001/9001, NIST SP 800-115, COBIT, ITAF, PCI-DSS, HIPAA, SOX.
— Red Team. Led a team in performing Red Team and Social Engineering experiments that simulate real attacks and provide valuable information about security vulnerabilities. Created, selected, modified, tested exploits and backdoors in PHP, Python, JavaScript, Ruby, Perl. Automated processes using Bash and PowerShell. Thought over Offensive Security algorithms and strategy, attack and defense tactics, studied various techniques, methods, phases of Ethical Hacking: Reconnaissance, Network Intelligence, Enumeration, Fuzzing, Bypassing, Spoofing, Exploitation, Post Exploitation, Escalation Privileges.
— Cyber Threat Intelligence. Conducted 5+ OSINT investigations, during which identified various fraudulent schemes, malicious domains and deanonymize intruders. Using such tools as Google Dorks, Maltego, Intelx, Censys, Shodan, MISP, ZoomEye, Cybergordon, SpiderFoot, SecurityTrails, DNSdumpster, DNSlytics, GHUNT, Maigret, Metagoofil, Sherlock, Exiftool, Pymeta, theHarvester and others.
— Endpoint Security. Successfully monitored and protected at least 100 applications and infrastructure systems, using WAF, NGFW, IPS/IDS, DLP, SIEM. Mitigated more than 50 attacks of various types: DDOS, Brute Force, APT, SQL/XSS/PHPi, CSRF/SSRF, LFI/RFI/RCE. During all time, blocked over 400 spam bots and eliminated 200+ threats (phishing, smishing, vishing, doorwaying, spoofing, poisoning, hijacking, clickjacking). Preventing unauthorized access, protecting sensitive data and involving potential data leaks for over 10 clients. Reported to CERT, CSIRT, DFIR and other incident response teams.
Education
European University
IT Engineering, Київ
Higher, from 2014 to 2018 (4 years)
Additional education and certificates
Certified Ethical Hacker (CEH)
2020
Certificate
Knowledge and skills
Language proficiencies
- English — fluent
- Ukrainian — fluent
Additional information
Professional Penetration Tester with 3+ years of experience. Focused on Web Application Security, Penetration Testing (White/Grey/Black box) and Vulnerability Scanning & Assessment. Has deep dive technical skill and strong background of Ethical Hacking. Understanding most Offensive Security strategies and methodologies.
My articles: https://kr-labs.com.ua/author/konrad-ravenstone/
Some clarifications:
English - only technical
Jobs - only remote
Similar candidates
Аудитор безопасности веб-сайтов, penetration tester
20000 UAH, Kyiv, Remote
Penetration Tester
Kyiv
Junior Penetration Tester
Remote
Penetration Tester
Kyiv
Penetration tester
Khmelnytskyi, Remote