Penetration Tester

Experience

Lead Adversary Simulation Specialist / Cyberpoint

January 2023 – Current

Baku, Azerbaijan

• Plan, execute, and lead simulated cyberattacks, also known as red teaming exercises, to assess the organization's overall security posture. Simulate sophisticated, real-world attack scenarios to identify vulnerabilities and weaknesses in systems, networks, and applications.

• Develop and refine TTPs used during adversary simulations to emulate advanced threat actors and their methodologies. Stay updated on the latest threat intelligence, attack vectors, and emerging TTPs to enhance the realism of simulations.

• Simulate advanced persistent threat scenarios to mimic the techniques used by sophisticated adversaries, including nation-state actors or organized cybercrime groups. Mimic the attack lifecycle, from initial compromise to lateral movement and data exfiltration, to evaluate the organization's ability to detect and respond to such threats.

• Conduct proactive threat hunting activities to identify potential indicators of compromise and detect malicious activities within the organization's network and systems. Leverage threat intelligence, log analysis, and advanced detection techniques to uncover stealthy threats that may have evaded traditional security measures.

• Stay abreast of the evolving threat landscape and security technologies by conducting research, attending conferences, and participating in industry forums. Continuously improve methodologies, tools, and techniques used in adversary simulations to stay ahead of emerging threats.

• I performed thorough web penetration tests using a mix of manual assessments and automated tools to uncover vulnerabilities, including but not limited to SQL injection, cross-site scripting (XSS), and insecure direct object references (IDOR). Concurrently, I took the lead in mobile security assessments, carefully examining iOS and Android applications for potential weaknesses such as insecure data storage, insufficient transport layer protection, and insecure session management. Furthermore, I conducted detailed API penetration testing, addressing concerns such as broken authentication and inadequate data validation to enhance overall system security.

Penetration Tester / Xalq Bank

February 2022 – January 2023 

Baku, Azerbaijan

• Plan, execute, and document penetration testing activities, including both internal and external assessments. Simulate real-world attacks to identify vulnerabilities and exploit them ethically to gain unauthorized access to systems.

• Assess the potential impact of identified vulnerabilities and prioritize them based on their severity and the potential risks they pose to the organization's systems, data, and infrastructure.

• Perform comprehensive vulnerability assessments of computer systems, networks, and applications to identify potential security weaknesses or vulnerabilities.

• Plan, execute, and document security testing activities specifically focused on mobile applications. Identify vulnerabilities such as insecure data storage, inadequate authentication mechanisms, insecure communication channels, and other mobile-specific risks.

• I performed thorough web penetration tests using a mix of manual assessments and automated tools to uncover vulnerabilities, including but not limited to SQL injection, cross-site scripting (XSS), and insecure direct object references (IDOR). Concurrently, I took the lead in mobile security assessments, carefully examining iOS and Android applications for potential weaknesses such as insecure data storage, insufficient transport layer protection, and insecure session management. Furthermore, I conducted detailed API penetration testing, addressing concerns such as broken authentication and inadequate data validation to enhance overall system security.

Penetration Tester / Industry Bank

August 2021 – February 2022 

Baku, Azerbaijan

• Plan, execute, and document penetration testing activities, including both internal and external assessments. Simulate real-world attacks to identify vulnerabilities and exploit them ethically to gain unauthorized access to systems.

• Assess the potential impact of identified vulnerabilities and prioritize them based on their severity and the potential risks they pose to the organization's systems, data, and infrastructure.

• Perform comprehensive vulnerability assessments of computer systems, networks, and applications to identify potential security weaknesses or vulnerabilities.

• I performed thorough web penetration tests using a mix of manual assessments and automated tools to uncover vulnerabilities, including but not limited to SQL injection, cross-site scripting (XSS), and insecure direct object references (IDOR). Concurrently, I took the lead in mobile security assessments, carefully examining iOS and Android applications for potential weaknesses such as insecure data storage, insufficient transport layer protection, and insecure session management. Furthermore, I conducted detailed API penetration testing, addressing concerns such as broken authentication and inadequate data validation to enhance overall system security.

Penetration Tester / Kapital Bank

January 2021 - August 2021

Baku, Azerbaijan

• Plan, execute, and document penetration testing activities, including both internal and external assessments. Simulate real-world attacks to identify vulnerabilities and exploit them ethically to gain unauthorized access to systems.

• Assess the potential impact of identified vulnerabilities and prioritize them based on their severity and the potential risks they pose to the organization's systems, data, and infrastructure.

• Perform comprehensive vulnerability assessments of computer systems, networks, and applications to identify potential security weaknesses or vulnerabilities.

• I performed thorough web penetration tests using a mix of manual assessments and automated tools to uncover vulnerabilities, including but not limited to SQL injection, cross-site scripting (XSS), and insecure direct object references (IDOR). Concurrently, I took the lead in mobile security assessments, carefully examining iOS and Android applications for potential weaknesses such as insecure data storage, insufficient transport layer protection, and insecure session management. Furthermore, I conducted detailed API penetration testing, addressing concerns such as broken authentication and inadequate data validation to enhance overall system security.