Web Application Penetration Testing

EDUCATION PROFESSIONAL EXPERIENCE

SKILLS

****.********@*****.***

MAJID ADAM ELKAMELY 405-***-****

Rural Sourcing 5-2022/10-2023

I lead a team of 10+ penetration testers on a long-term engagement with a global client.

We perform web application penetration testing for some top financial institutions in the nation as well as Fortune 500 companies. My role permits me to complete multiple penetration tests in a given week while providing detailed reporting to the client upon completion of each test.

. Extensive training in

Design and deployment of cloud infrastructure solutions using the NIST Privacy Framework

Worked on infrastructure as code (IAC) projects using tools like Terraform

Extensive training in cloud computing with a focus on AWS, Microsoft Azure, and Google Cloud Platform.

As a penetration tester I conducted manual pentesting in web applications, API, and mobile to identify the OWASP Top 10 security vulnerabilities for high-profile clients.

I have experience using advanced tools like Burp Suite for web application penetration tests, ZAP for web and mobile environments, and Frida and MobSF for dynamic and static analysis of mobile apps. I can translate all the findings from technical to executive/management terminology.

I conducted penetration testing assessments, external and internal networks, and wireless networks to identify and help mitigate security vulnerabilities:

I used tools such as Metasploit for exploitation, Nmap for network discovery, Burp Suite for web application security testing, and Wireshark for network traffic analysis.

I conducted an extensive penetration testing assessment against a major e-commerce platform. I identified and remediated critical vulnerabilities that exposed customer records.

I was able to uncover any critical SQL injection vulnerabilities and misconfigured access controls, to mitigate any security gaps. I was able to use manual testing to identify and mitigate vulnerabilities such as: SQL injection, cross-site scripting, and privilege escalation techniques

I managed to use penetration testing services including white, black, or gray box methodologies.

Associate Degree of Cyber security

2016-2017

Master’s Degree of Science

2011 – 2012

Network Security.

Cyber Security/Information Systems

Support

Python, SQL, HTML

Protractor, OWASP

Information Security Management

Ethics in Information Technology

Rose State College. Midwest City, Ok.

Oklahoma City University.

Oklahoma City, OK.

Senior Web Application Pentester

Human Resources Assistant Certificate

2010

Bachelor’s Degree of Law

1999

Francis Tuttle Technology Institute.

Oklahoma City, OK.

University of Mohammed V.

Rabat, Morocco

KEY COMPUTER SKILLS:

Object Stream Company 6-2018/2-2020

Implementing new information technology trends and security standards by using NIST

Special Publication 800-53(Rev.4)

Research security requirements for the company and make recommendations to management for the best solution. Perform penetration testing when needed or based on the needs of the company business.

Stay current on IT security trends by doing Seminars and Cyber Security Clubs.

Work with the security team to perform tests and uncover network vulnerabilities. Install security measures to protect systems and information infrastructure, including firewalls and data encryption programs.

Ability to identify and mitigate network vulnerabilities and explain how to mitigate them.

Maintain an updated policy for the company based on the least market standards.

RNT Professional Service 8-2016/4-2018

Work with companies to keep their information systems secured by implementing information security programs.

Translate laws and documents to different languages: French and Arabic.

Using multi-application for pen-testing such as Nessus, and Burp suite.

Security governance principles and concepts, helping companies to reach their compliance based on NIST 800-53 and FISMA. Helping companies that are having outside business to understand and be compliant with GDPR.

Establishing security education, training, and awareness programs through seminars.

FTK

FORMOST

ENCASE

Supervisory Leadership.

Policy & Procedures Oversight.

Customer Service Management

Human Resource Management

Staff Training & Development

Cyber Security/Business Analyst

KEY DIGITAL FORENZSIC APPLICATIONS:

KEY LEADERSHIP SKILLS:

Security Analyst

English: Full Professional Proficiency

French: Native or Bilingual Proficiency

Spanish: Basic

ADDITIONAL SKILLS:

Rural Sourcing 3-2020/5-2022

Supervisory responsibilities, As a team lead. I assist and help the team to reach

The goals.

Responsible for performing manual penetration testing and communicating the findings to both Business and Developers> Using Burp Suite.

Providing technical consultation on Security Tools and Technical Controls.

Perform assessments of security awareness training using social engineering.

Reviewed security documentation and made recommendations. Assisted in conference meetings with the client to mitigate vulnerability findings.

Interview and train the new candidates on how to perform web vulnerabilities: code execution, file upload, SQL, and XSS. Perform penetration testing on French and Arabic Applications. Web Application Pentester

Contact this candidate