Penetration Tester Security Professional

Duru Emeka

281-***-**** ***********@*****.***

PROFESSIONAL SUMMARY

Inquisitive security professional, dedicated to proactively evaluating defenses using hands-on techniques. Skilled at emulating modern attacks to identify weaknesses before adversaries. Driven to safeguard client’s data through comprehensive penetration testing. EDUCATION

Madonna University – Anambra State, Nigeria August 2011 Bachelor’s Degree, Computer Science

Certifications:

EC-Council Certified Ethical Hacker (CEH) (2023)

WORK EXPERIENCE

Penetration Tester

October 2020– Present

Partners Consulting, Inc -Philadelphia PA

• Conducted penetration tests for 100+ organizations, including Fortune 500 companies, identified and remediated 200+ critical vulnerabilities, including SQL injections, XSS, and remote code execution (RCE), across diverse client networks using Burp Suite, Nmap, and Metasploit, reducing potential data breach by an average of 80%.

• Led a successful red team exercise, simulating spear phishing attacks, privilege escalation and discovering vulnerabilities such as weak passwords, unpatched systems, and insecure network segmentation, using Cobalt Strike, and Social-Engineer Toolkit achieving a 100% compromise of target system, and demonstrating the need for enhance security measure.

• Performed a comprehensive security audit that led to\ the identification and resolution of vulnerabilities, resulting in cost savings of $500,000 by preventing potential damages and data breaches.

• Conducted a web application penetration test and security assessments for an e-commerce platform, identifying vulnerabilities such as payment card data leakage, insecure session management, and insufficient input validation, using Burp Suite and Veracode, and ensuring compliance with PCI-DSS standards.

• Performed network architecture reviews, identifying vulnerabilities such as open ports, weak firewall rules, and unsegmented networks, using Nmap, Wireshark.

• Performed API security assessments, identifying vulnerabilities such as improper authentication/authorization, insecure API endpoints, excessive data exposure, and broken access controls, using Postman and Burp Suite.

• Presented reports and recommendations from penetration tests to executive stakeholders, leading to an increased investment of $300,000 in security measures and improved risk management strategies.

Penetration Tester

January 2019 – September 2020

Enterprise Solutions, Inc – Virginia

• Collaborated with a healthcare organization to perform a vulnerability assessment of their medical device infrastructure, resulting in the identification and resolution of critical vulnerabilities, that once patched, enhanced patient safety and protect sensitive medical data.

• Conducted mobile application security assessments, uncovering vulnerabilities such as insecure data storage, insecure communication channels, insufficient authentication/authorization, and code tampering, using MobSF, Burp Suite.

• Performed incident response activities, investigating and mitigating security incidents in web applications, network including malware infections, data breaches, and unauthorized access, using Wireshark, Splunk, and forensic analysis tools.

• Collaborated with development team to perform security code reviews and implementation of a secure SDLC, integrating Checkmarx and SonarQube into the CI/CD pipeline, and addressing vulnerabilities such as insecure object references, insecure configurations, and weak encryption.

• Conducted threat modeling exercises for web applications, identifying potential attack vectors, analyzing threat scenarios, and recommending security controls, using techniques such as STRIDE, DREAD, and threat modeling frameworks.

• Conducted cloud security assessments, identifying vulnerabilities such as misconfigured security groups, weak access controls, and unencrypted storage, using tools like AWS Inspector and Google Cloud Security Scanner.

SKILLS

• Programming language: Java script.

• Standard & Framework: 10 OWASP Vulnerability, PCI-DSS, HIPAA, GDPR, CCPA.

• Network protocols: TCP/IP, DNS, HTTP, HTTPS, DHCP, UDP, SMTP, RDP, POP3, SMB, SNMP.

• Network security controls: Firewalls, IDS/IPS, Proxies, DLP and VPN.

• Network testing tools: Nmap, Wireshark, Nexpose, Metasploit, Net cat.

• Web application testing tools: Burp Suite pro, OWASP ZAP, Qualys, Nessus, Veracode.

• Mobile and testing tools: MobSF.

• API penetration testing tool: Postman.

• Operating system: Windows, Kali Linux.

• SIEM tools: Splunk, Elastic search

• MITRE ATT&CK: adversary emulation and threat hunting, Incident response

• Report Writing: Strong written and verbal communication to effectively communicate findings, recommendations, and potential risks to technical and non-technical stakeholders.

Contact this candidate