Cybersecurity Student with Enterprise IT & Penetration Skills
Resume:
Andrew Xie
929-***-**** *******.****@*****.*** Linkedin Github Brooklyn, NY
Seeking a Co-op/Internship involving Cybersecurity and cyber-risk starting in the summer of 2026 EDUCATION
Rochester Institute of Technology Rochester, NY Expected May 2027 Bachelors of Science Majoring in Cybersecurity GPA 3.64 RELEVANT COURSEWORK
Cybersecurity: Reverse Engineering, Cyber Defense Techniques, Risk Management, Web Application Security Network: Systems Administration, Network Services, Security Audit Ethics: Cyber-Policy & Law, Criminal Justice
Software Development: Python & Java Development, Database and Data Modelling SKILLS
Cybersecurity: Vuln. Assessment & Scanning, Exploitation, OS Hardening, Malware Analysis (Static/Dynamic) System Admin: Active Directory, Domain Mgmt., Topology and Network Mgmt., Group Policy, Windows, Linux, Azure, VMware Programming Languages: Python, Java, C, 86x Assembly, PowerShell Tools: Wireshark, Ghidra, x64dbg, Procmon, Metasploit, SCCM, SCOM, SCVMM, Git, Ansible, Terraform, MITRE EXPERIENCE
Wegmans Rochester, NY System’s Administration Co-Op May 2025 - Jan 2026
● Managed enterprise Active Directory environments, provisioning 1000+ users and enforcing least-privilege access across multiple domains.
● Developed 5+ PowerShell scripts to support vulnerability remediation and system diagnostics across 300+ Windows servers.
● Remediated an average of 2-3 critical security vulnerabilities monthly through patching, system & configuration hardening, and decommissioning insecure assets.
● Monitored and analyzed system health and security alerts using SCOM, SCCM, and SCVMM, improving uptime and detecting misconfigurations.
● Provisioned and maintained virtual machines in both VMware/Hyper-V and Azure clusters alike.
● Troubleshot login, network, permissions & access, and service-related issues for internal and external users.
● Collaborated cross-functionality to implement secure configurations and resolve enterprise-wide infrastructure issues. PROJECTS
Cyber Defense Techniques Competition Jan 2026 - Present
● Implemented a Python-based lateral movement simulation tool to test detection and credential security within Active Directory environments.
● Automated Active Directory & DNS hardening via PowerShell scripts, including password rotation, service auditing, and event logging every 5 minutes.
● Maintained 100% uptime on the domain controller while handling continuous simulated business operations and incident response tasks provided every 30 minutes.
● Built vulnerable misconfigured domain controller, SMB server, and SMTP servers within a multi-service lab via Ansible to emulate enterprise infrastructure and security gaps.
● Monitored activity via Wazuh to map actions & users with malicious behavior and service downtime.
● Remediated real-time access, service, and network issues to handle disputes and assist teams in difficulties. Social Engineering CTF Competition Mar 2026 - Present
● Conducted reconnaissance using OSINT to map targets, roles, internal processes, as well as capture flags in obscure locations.
● Developed pretexts and engagement strategies leveraging mapped information based on the target’s network.
● Executed simulated information extraction attacks, such as phishing and vishing, while adhering to competition rules and ethical boundaries.
● Maintained detailed documentation and reporting, including target interactions, methods used, and actionable recommendations. Malware Analysis Report Apr 2025 - May 2025
● Conducted static and dynamic malware analysis using Ghidra, x64dbg, and Procmon.
● Identified registry changes, API calls, and network behavior including TCP & HTTP communications.
● Produced a detailed report on malware functionality, persistence mechanisms, and data exfiltration risks. Vulnerability Assessment (Team Lead)Nov 2023 - Dec 2023
● Led a team conducting a NIST-based risk assessment of enterprise infrastructure.
● Identified critical vulnerabilities, mapped exploitation paths, and recommended mitigations.
● Prioritized quantitative risks based on impact, likelihood, and remediation effort.
Contact this candidate