Penetration Testing Cybersecurity Consultant

AIZA WASEEM

Sr. Cybersecurity Consultant

**********.**@*****.*** 732-***-**** New Jersey, USA

Specializing in Cybersecurity Operations Threat Hunting Penetration Testing Cloud & DevSecOps

Cybersecurity Consultant with over 5 years of hands-on experience in offensive and defensive security, specializing in web application penetration testing, cloud security, and DevSecOps integration. Proven expertise in identifying and mitigating vulnerabilities, securing APIs and cloud-native workloads, and aligning security strategies with frameworks like OWASP, NIST, and PCI-DSS. Adept at working across hybrid infrastructures, leveraging automation and scripting to improve response time and reduce risks. Experienced in configuring and maintaining Linux servers, managing file systems, user access, and automating tasks using Bash and cron.

CORE COMPETENCIES:

Penetration Testing & AppSec: OWASP Top 10, API Security (OAuth2, JWT, SAML), SAST/DAST, Bug Bounty Triage

Security Tools: Burp Suite, OWASP ZAP, Nessus, Metasploit, Nmap, Wireshark, Nikto, SQLmap, Postman

DevSecOps: CI/CD Security, GitOps (Argo CD, Flux), Trivy, Clair, Ansible, Docker, Kubernetes

Cloud Security: AWS (EC2, S3, IAM, VPC), CloudWatch, WAF, GuardDuty

SIEM & Monitoring: Splunk ES, IBM QRadar, Sysdig, Falco, Nagios

Network & Endpoint Security: IDS/IPS, Cisco ASA, Checkpoint, VPNs, Cisco AMP, FireEye

Compliance & Governance: PCI-DSS, ISO 27001, NIST 800-53, HIPAA, GDPR

Scripting & Automation: Bash, Python (automation, parsing logs, recon), Regex, CRON jobs

Ticketing tool: ServiceNow, Jira

Vulnerability Management: Risk assessment, remediation planning, patch management

Manual & Functional Testing: (Web, Mobile, API)

SQL-based Data Validation: SSMS, pgAdmin, Toad, Data Grip, Query Surge, Selenium

Agile Scrum Team Collaboration: Jira, Confluence, Slack, Microsoft Teams, Azure DevOps, Miro, Zoom

QA Strategy Development & Execution: TestRail, Jira, Azure DevOps, qTest

Wells Fargo – Florida

Sr. Cybersecurity Consultant

Feb 2022 – Present

Conducted penetration tests on critical web applications, APIs, and cloud services; identified OWASP Top 10 issues including SQLi, XSS, IDOR, SSRF.

Developed custom security reports with risk scoring (CVSS) and detailed mitigation plans for engineering teams.

Executed API testing with Postman and Burp Suite Pro; validated token auth (OAuth2, JWT), rate limiting, and session management.

Integrated Trivy and Clair into CI/CD for automated container scanning and secure deployments.

Deployed Sysdig and Falco to monitor runtime threats in Kubernetes; enforced security policies for container workloads.

Partnered with DevOps to embed DevSecOps pipelines for secure image builds and code analysis.

Managed vulnerability lifecycle using Tenable, Nessus, and Qualys; tracked remediation with Jira/SNOW.

Supported WAF policy tuning and rule updates to block malicious traffic targeting public-facing web services.

Conducted phishing simulations and red team exercises; delivered training on secure development and hardening practices.

Led incident response and threat hunting activities using QRadar and Splunk; reduced false positives by 30%.

Key Achievements:

Reduced post-deployment vulnerabilities by 60% in high-risk apps through early SDLC integration.

Streamlined security testing efforts, saving ~30% analyst time using automation scripts and pre-configured scanning templates.

IBM – New York, NY

Linux Administrator / DevSecOps Engineer

May 2020 – Sep 2021

Managed and secured Linux systems (RHEL, CentOS, Ubuntu) for enterprise applications.

Built and deployed Dockerized microservices; orchestrated with Kubernetes and Helm in staging and production.

Created Ansible playbooks for patching, system hardening, and provisioning; maintained GitOps pipeline.

Configured IAM roles and policies in AWS to enforce least privilege and secure cloud access.

Implemented monitoring using Nagios, CloudWatch, and custom Bash scripts to detect anomalies.

Built secure backup processes using AWS S3 and Glacier, with lifecycle and access control policies.

PROJECT HIGHLIGHTS:

Web App Pentesting Simulation Lab: Built a home lab using DVWA, OWASP Juice Shop, and Mutillidae for ongoing testing practice.

Automated Recon Toolkit (Python): Scripted a custom reconnaissance tool combining Nmap, WhatWeb, and Sublist3r with report generation.

Cloud Threat Detection Dashboard: Built a Splunk-based dashboard for AWS alerts using CloudTrail and GuardDuty logs.

EDUCATION

M.S. in Cybersecurity

Saint Peter’s University – 2022 to 2024

Contact this candidate