Mykola M, Penetration Tester/Application Security Engineer
B2 (Upper-Intermediate) English
Middle (3-5 years)
Estonia
Summary
- Experienced software engineer with a strong background in computer science and a master's degree in Computer Science from the National Technical University.
- Proficient in multiple programming languages including Python, PHP, C#, C/C++, Java, and JavaScript.
- Skilled in web and mobile security, with expertise in conducting vulnerability assessments, penetration testing, and security code review.
- Familiar with industry-standard security tools such as Burp Suite, Nessus, OpenVas, nmap, and Metasploit.
- Knowledgeable in methodologies, principles, and patterns of software development, including SDLC and software development best practices.
- Strong problem-solving and analytical skills, demonstrated through the ability to identify and exploit vulnerabilities and develop custom payloads.
- Excellent communication and collaboration skills, working effectively within cross-functional teams and producing comprehensive reports based on findings.
Main Skills
Penetration testing
Security
Programming Languages
Industry Domain Experience
QA, Test Automation, Security
Scripting and Command Line Interfaces
Virtualization, Containers and Orchestration
Version Control
Deployment, CI/CD & Administration
Operating Systems
Work Experience
Penetration Tester, Penetration Testing (NDA)
Duration: 08/2021 - present
Summary:
- Perform vulnerability assessment, penetration testing (infrastructure and web), and security code review
- Collaborate with the team on threat modeling
- Use the OWASP WSTG and ASVS checklists
- Perform manual penetration testing of web applications and network scanning
- Write reports based on findings
Responsibilities: Perform vulnerability assessment, penetration testing, security code review, collaborate on threat modeling, manual penetration testing, write reports
Technologies: Burp Suite, Nessus, OpenVas, nmap, nikto, nuklei, Linux
Information Security Specialist, Information Security (NDA)
Duration: 08/2020 - 08/2021
Summary:
- Perform vulnerability assessment, penetration testing (infrastructure and web), and security code review
- Work closely with the blue team to fix security issues
- Plan and perform emulation of external and internal attacks against bank infrastructure
- Collaborate with the team on threat modeling
- Perform manual penetration testing of web applications and network scanning
- Write reports based on findings
- Define security requirements for mobile applications and infrastructure
- Create custom undetectable payloads to get a reverse shell
Responsibilities: Perform vulnerability assessment, penetration testing, security code review, collaborate on threat modeling, manual penetration testing, write reports, define security requirements, create custom payloads
Technologies: Burp Suite, Acunetix, MobSF, Nessus, OpenVas, nmap, nikto, nuklei, metasploit, armitage, Linux, Windows
Security Researcher, NDA
Duration: 04/2018 - 08/2020
Summary:
- PoC exploits for CVE, research how to backport security patches, backport security patches to PHP interpreter
- Research functionality of signing packages and found a bug with the verification of signatures with RPM
Responsibilities: Develop PoC exploits, research backporting security patches, backport security patches, research package signing functionality, bug fixing
Technologies: Python, Jenkins, rpm specs, Bash, C, SonarQube
Education
- Master degree in Computer science
National Technical University
06/2020 – 12/2021 - Bachelor degree in Computer science
National Technical University
09/2018 – 06/2020 - Junior software engineer
olytechnic College
09/2014 – 06/2018
Certification
- Hacktory Web Security Professional
- CompTIA Pentest+ (Ethical Hacking) Course & Practice Exam
- TryHackMe Web Fundamentals
- Tryhackme SOC (Level 1) Finished PMAT from TCM Security Academy