Penetration Tester Web Application
Resume:
Cincinnati, OH *****
*******.*****@*****.***
Penetration Tester
PERSONAL PROFILE
Highly Experienced Offensive Security Researcher and Practitioner Highly skilled Offensive Security Researcher and Practitioner with extensive experience in wireless security, man-in-the-middle attacks, web application exploitation, and post-exploitation network pivoting. Delivered technical presentations at CircleCityCon, BSides Indy, and DerbyCon 4.0 (2014-2015), and contributed to Exploit-DB (e.g., GHDB #4616). Adept at rapidly mastering new technologies with minimal supervision. Collaborative, results-driven, and detail-oriented, with a proven ability to solve complex problems and mentor junior team members.
SKILLS SUMMARY
Linux environments, Black Box Testing, Fuzz Testing, SMTP, Apache, Router Configuration, Switch Configuration, Server Systems & Applications, Detail Oriented, Operating Systems, Firewalls, BurpSuite, CAN Bus,SAST & DAST, Python, Bash, Web Application Firewalls, Metasploit, Kali, Nmap, Nessus,TCP/IP
PROFESSIONAL HISTORY
Software Security Consultants LLC. (Feb 2024 - Feb 2025)
Sr Penetration Tester
●Scoped penetration tests with clients, ensuring comprehensive coverage of IoT devices, networks, and web applications
●Mentored junior team members, enhancing team capabilities and fostering skill development
●Developed test cases and SOPs for offensive security tasks, streamlining processes and improving consistency
●Conducted wireless, network, and web application testing, including a full exploit chain for smart TVs to demonstrate risk
●Calculated risk using CVSS and CIA triad, delivering actionable remediation steps to stakeholders.
Ignyte Assurance Platform (Sept 2023 - Oct 2023) Contract
Web Application Security Engineer / Penetration Tester
●Performed manual penetration testing using BurpSuite, identifying OWASP Top 10 vulnerabilities.
●Documented findings and presented detailed reports with remediation strategies to clients.
Amnesiac LLC (Sept 2023 - Sept 2023) Contract
Web Application Security Consultant / Application Penetration Tester
●Secured CI/CD pipeline through consultation and DAST scanning with BurpSuite
●Conducted penetration tests, calculated risk, and provided remediation guidance in detailed reports.
ProCircular (June 2022 - Oct 2022)
Web Application Security Consultant
●Executed manual and DAST-based web application penetration tests, focusing on OWASP Top 10 risks.
●Produced actionable reports with replication steps, assessed risk, and provided remediation plans, reviewed with stakeholders
Redlegg (December 2021) Contract
Penetration Tester
●Performed SOC2 compliance testing, auditing internal networks and applications.
●Delivered findings and mitigation strategies to clients, enhancing organizational security posture.
Ignyte Assurance Platform (2016 - OCT 2020 )
Product Security Engineer / Penetration Tester
●Conducted SAST/DAST testing across client networks and applications, ensuring secure configurations.
●Collaborated with developers for shift-left testing, strengthening SDLC security practices.
●Designed Black Box testing procedures and led Red Team methodology development, including training programs
●Built client WAFs using ModSecurity (Apache/NGINX), addressing critical security gaps
Theia Labs (2015 - 2016)
Penetration Tester
●Performed offensive security testing on client networks and applications, manually exploiting vulnerabilities.
●Delivered detailed documentation and stakeholder-ready reports.
STC Media Partners (June 2014 – April 2015)
Network Administrator
●Designed and maintained a complex 4G LTE mobile network and Ubuntu-based server environments.
●Configured firewalls, IDS/IPS, and VM instances for user provisioning and permissions management.
Vinnings Management, Marrietta, Georgia (April 1999– June 2000)
IT Help Desk/Systems Administrator
●Resolved production issues, implemented password reset configurations, and maintained tape backup systems.
Cameron Maerz
Contact this candidate