Apply as Developer Hire Developer
Upstaff PDF OnePage PDF

Mykola M Penetration Tester/Application Security Engineer

Information Security and Compliance Officer

Summary

- Experienced software engineer with a strong background in computer science and a master's degree in Computer Science from the National Technical University.
- Proficient in multiple programming languages including Python, PHP, C#, C/C++, Java, and JavaScript.
- Skilled in web and mobile security, with expertise in conducting vulnerability assessments, penetration testing, and security code review.
- Familiar with industry-standard security tools such as Burp Suite, Nessus, OpenVas, nmap, and Metasploit.
- Knowledgeable in methodologies, principles, and patterns of software development, including SDLC and software development best practices.
- Strong problem-solving and analytical skills, demonstrated through the ability to identify and exploit vulnerabilities and develop custom payloads.
- Excellent communication and collaboration skills, working effectively within cross-functional teams and producing comprehensive reports based on findings.

Work Experience

Penetration Tester, Penetration Testing (NDA)

Duration: 08/2021 - present
Summary:

  • Perform vulnerability assessment, penetration testing (infrastructure and web), and security code review
  • Collaborate with the team on threat modeling
  • Use the OWASP WSTG and ASVS checklists
  • Perform manual penetration testing of web applications and network scanning
  • Write reports based on findings

Responsibilities: Perform vulnerability assessment, penetration testing, security code review, collaborate on threat modeling, manual penetration testing, write reports
Technologies: Burp Suite, Nessus, OpenVas, nmap, nikto, nuklei, Linux

Information Security Specialist, Information Security (NDA)

Duration: 08/2020 - 08/2021
Summary:

  • Perform vulnerability assessment, penetration testing (infrastructure and web), and security code review
  • Work closely with the blue team to fix security issues
  • Plan and perform emulation of external and internal attacks against bank infrastructure
  • Collaborate with the team on threat modeling
  • Perform manual penetration testing of web applications and network scanning
  • Write reports based on findings
  • Define security requirements for mobile applications and infrastructure
  • Create custom undetectable payloads to get a reverse shell

Responsibilities: Perform vulnerability assessment, penetration testing, security code review, collaborate on threat modeling, manual penetration testing, write reports, define security requirements, create custom payloads
Technologies: Burp Suite, Acunetix, MobSF, Nessus, OpenVas, nmap, nikto, nuklei, metasploit, armitage, Linux, Windows

Security Researcher, NDA

Duration: 04/2018 - 08/2020

Summary:

  • PoC exploits for CVE, research how to backport security patches, backport security patches to PHP interpreter
  • Research functionality of signing packages and found a bug with the verification of signatures with RPM

Responsibilities: Develop PoC exploits, research backporting security patches, backport security patches, research package signing functionality, bug fixing
Technologies: Python, Jenkins, rpm specs, Bash, C, SonarQube

Education

  • Master degree in Computer science
    National Technical University
    06/2020 – 12/2021
  • Bachelor degree in Computer science
    National Technical University
    09/2018 – 06/2020
  • Junior software engineer
    olytechnic College
    09/2014 – 06/2018

Certification

  • Hacktory Web Security Professional
  • CompTIA Pentest+ (Ethical Hacking) Course & Practice Exam
  • TryHackMe Web Fundamentals
  • Tryhackme SOC (Level 1) Finished PMAT from TCM Security Academy