Konrad
Penetration Tester
- Занятость:
- Полная занятость, неполная занятость.
- Возраст:
- 36 лет
- Город проживания:
- Львов
- Готов работать:
- Днепр, Запорожье, Киев, Львов, Одесса, Удаленно
Контактная информация
Соискатель указал эл. почту и LinkedIn.
Фамилия, контакты и фото доступны только для зарегистрированных работодателей. Чтобы получить доступ к личным данным кандидатов, войдите как работодатель или зарегистрируйтесь.
Получить контакты этого кандидата можно на странице https://www.work.ua/resumes/10695380
Опыт работы
Penetration Tester (Remote)
с 06.2019 по наст. время
(5 лет)
KR. Laboratories, Київ (IT)
— Pentest. Executed 10+ External/Internal penetration tests, including Black-Box, Grey-Box and White-Box types, according to different methodologies: OWASP Top 10, OWASP WSTG, OWASP ASVS, SANS Top 25, MITRE ATTACK, OSSTMM, PTES, BSI, ISSAF, WASC, PTF, DISA STIG. I conduct manual testing using the following Offensive Security tools: Kali Linux, Parrot Linux, Arch Linux, Burp Suite, Metasploit, OWASP Zap, OWASP Amass, NMAP, SQLmap, WPScan, Joomscan, Droopescan, Wireshark, Cobalt Strike, Aircrack-NG, THC Hydra, Hashcat, BeeF and many others.
— Audit. I have conducted more than 20 security audits for various types of applications (Web/Mobile/Cloud/On-Premise/IoT/SCADA), including Vulnerability Scanning and Risk Management. In total, I discovered and investigated more than 300 vulnerabilities of various severity. In my work, utilizing CVE/CWE/Exploit-DB databases, CVSS score system and SAST/DAST scanners, such as: Acunetix, Nessus, Rapid7 Nexpose, OpenVAS, Intruder, WhatWeb, Nikto, Nuclei, Qualys, ImmuniWeb, Detectify, SonarQube, Snyk and others. My reports are detailed, contain actionable recommendations to improve security posture and mitigate identified vulnerabilities. All audits based on compliance requirements: ISO 27001/9001, NIST SP 800-115, COBIT, ITAF, PCI-DSS, HIPAA, SOX.
— Red Team. Led a team in performing Red Team and Social Engineering experiments that simulate real attacks and provide valuable information about security vulnerabilities. Created, selected, modified, tested exploits and backdoors in PHP, Python, JavaScript, Ruby, Perl. Automated processes using Bash and PowerShell. Thought over Offensive Security algorithms and strategy, attack and defense tactics, studied various techniques, methods, phases of Ethical Hacking: Reconnaissance, Network Intelligence, Enumeration, Fuzzing, Bypassing, Spoofing, Exploitation, Post Exploitation, Escalation Privileges.
— Cyber Threat Intelligence. Conducted 5+ OSINT investigations, during which identified various fraudulent schemes, malicious domains and deanonymize intruders. Using such tools as Google Dorks, Maltego, Intelx, Censys, Shodan, MISP, ZoomEye, Cybergordon, SpiderFoot, SecurityTrails, DNSdumpster, DNSlytics, GHUNT, Maigret, Metagoofil, Sherlock, Exiftool, Pymeta, theHarvester and others.
— Endpoint Security. Successfully monitored and protected at least 100 applications and infrastructure systems, using WAF, NGFW, IPS/IDS, DLP, SIEM. Mitigated more than 50 attacks of various types: DDOS, Brute Force, APT, SQL/XSS/PHPi, CSRF/SSRF, LFI/RFI/RCE. During all time, blocked over 400 spam bots and eliminated 200+ threats (phishing, smishing, vishing, doorwaying, spoofing, poisoning, hijacking, clickjacking). Preventing unauthorized access, protecting sensitive data and involving potential data leaks for over 10 clients. Reported to CERT, CSIRT, DFIR and other incident response teams.
Образование
European University
IT Engineering, Київ
Высшее, с 2014 по 2018 (4 года)
Дополнительное образование и сертификаты
Certified Ethical Hacker (CEH)
2020
Сертификат
Знания и навыки
Знание языков
- Английский — свободно
- Украинский — свободно
Дополнительная информация
Professional Penetration Tester with 3+ years of experience. Focused on Web Application Security, Penetration Testing (White/Grey/Black box) and Vulnerability Scanning & Assessment. Has deep dive technical skill and strong background of Ethical Hacking. Understanding most Offensive Security strategies and methodologies.
My articles: https://kr-labs.com.ua/author/konrad-ravenstone/
Some clarifications:
English - only technical
Jobs - only remote
Похожие кандидаты
Аудитор безопасности веб-сайтов, penetration tester
20000 грн, Киев, Удаленно
Penetration Tester
Киев
Junior Penetration Tester
Удаленно
Penetration Tester
Киев
Penetration tester
Хмельницкий, Удаленно