Upstaff Sign up
Mykola M
Estonia 🇪🇪
Upstaffer since October 03, 2023
Book a call Download PDF resume

Mykola M — Penetration Tester/Application Security Engineer

Expertise in Information Security and Compliance Officer.

Last verified on October 03, 2023

Core Skills

Penetration testing

Bio Summary

- Experienced software engineer with a strong background in computer science and a master's degree in Computer Science from the National Technical University. - Proficient in multiple programming languages including Python, PHP, C#, C/C++, Java, and JavaScript. - Skilled in web and mobile security, with expertise in conducting vulnerability assessments, penetration testing, and security code review. - Familiar with industry-standard security tools such as Burp Suite, Nessus, OpenVas, nmap, and Metasploit. - Knowledgeable in methodologies, principles, and patterns of software development, including SDLC and software development best practices. - Strong problem-solving and analytical skills, demonstrated through the ability to identify and exploit vulnerabilities and develop custom payloads. - Excellent communication and collaboration skills, working effectively within cross-functional teams and producing comprehensive reports based on findings.

Technical Skills

Programming Languages C, C#, C++, Java, JavaScript, PHP, Python
Security Burp Suite, Nessus, Nikto, OpenVas, Wireshark
Industry Domain Experience Information Security
QA, Test Automation, Security Acunetix, AFL Service Solutions, Armitage, Burp Suite, dnSpy/ilSpy, Fiddler, Fuzzing, Ghidra, libFuzzer, Metasploit, Mobile Security, MobSF, MSTG, Nessus, Network Scanning, Nikto, Nmap, OpenVas, Penetration testing, pwntools, Security Code Review, Security Source Code Review, Threat Modeling, Vulnerability Assessment, web application security, Web Security, Wireshark, Yara
Scripting and Command Line Interfaces Bash
Virtualization, Containers and Orchestration Docker
Version Control Git
Deployment, CI/CD & Administration Jenkins, SonarQube
Operating Systems Linux, Windows

Work Experience

Penetration Tester, Penetration Testing (NDA)

Duration: 08/2021 - present
Summary:

  • Perform vulnerability assessment, penetration testing (infrastructure and web), and security code review
  • Collaborate with the team on threat modeling
  • Use the OWASP WSTG and ASVS checklists
  • Perform manual penetration testing of web applications and network scanning
  • Write reports based on findings

Responsibilities: Perform vulnerability assessment, penetration testing, security code review, collaborate on threat modeling, manual penetration testing, write reports
Technologies: Burp Suite, Nessus, OpenVas, nmap, nikto, nuklei, Linux

Information Security Specialist, Information Security (NDA)

Duration: 08/2020 - 08/2021
Summary:

  • Perform vulnerability assessment, penetration testing (infrastructure and web), and security code review
  • Work closely with the blue team to fix security issues
  • Plan and perform emulation of external and internal attacks against bank infrastructure
  • Collaborate with the team on threat modeling
  • Perform manual penetration testing of web applications and network scanning
  • Write reports based on findings
  • Define security requirements for mobile applications and infrastructure
  • Create custom undetectable payloads to get a reverse shell

Responsibilities: Perform vulnerability assessment, penetration testing, security code review, collaborate on threat modeling, manual penetration testing, write reports, define security requirements, create custom payloads
Technologies: Burp Suite, Acunetix, MobSF, Nessus, OpenVas, nmap, nikto, nuklei, metasploit, armitage, Linux, Windows

Security Researcher, NDA

Duration: 04/2018 - 08/2020

Summary:

  • PoC exploits for CVE, research how to backport security patches, backport security patches to PHP interpreter
  • Research functionality of signing packages and found a bug with the verification of signatures with RPM

Responsibilities: Develop PoC exploits, research backporting security patches, backport security patches, research package signing functionality, bug fixing
Technologies: Python, Jenkins, rpm specs, Bash, C, SonarQube

Education

  • Master degree in Computer science
    National Technical University
    06/2020 – 12/2021
  • Bachelor degree in Computer science
    National Technical University
    09/2018 – 06/2020
  • Junior software engineer
    olytechnic College
    09/2014 – 06/2018

Certification

  • Hacktory Web Security Professional
  • CompTIA Pentest+ (Ethical Hacking) Course & Practice Exam
  • TryHackMe Web Fundamentals
  • Tryhackme SOC (Level 1) Finished PMAT from TCM Security Academy

How to hire with Upstaff

1

Talk to Our Talent Expert

Our journey starts with a 30-min discovery call to explore your project challenges, technical needs and team diversity.

2

Meet Carefully Matched Talents

Within 1-3 days, we’ll share profiles and connect you with the right talents for your project. Schedule a call to meet engineers in person.

3

Validate Your Choice

Bring new talent on board with a trial period to confirm you hire the right one. There are no termination fees or hidden costs.

Why Upstaff

Upstaff is a technology partner with expertise in AI, Web3, Software, and Data. We help businesses gain competitive edge by optimizing existing systems and utilizing modern technology to fuel business growth.

Real-time project team launch

<24h

Interview First Engineers

Upstaff's network enables clients to access specialists within hours & days, streamlining the hiring process to 24-48 hours, start ASAP.

x10

Faster Talent Acquisition

Upstaff's network & platform enables clients to scale up and down blazing fast. Every hire typically is 10x faster comparing to regular recruitement workflow.

Vetted and Trusted Engineers

100%

Security And Vetting-First

AI tools and expert human reviewers in the vetting process is combined with track record & historically collected feedbacks from clients and teammates.

~50h

Save Time For Deep Vetting

In average, we save over 50 hours of client team to interview candidates for each job position. We are fueled by a passion for tech expertise, drawn from our deep understanding of the industry.

Flexible Engagement Models

Arrow

Custom Engagement Models

Flexible staffing solutions, accommodating both short-term projects and longer-term engagements, full-time & part-time

Sharing

Unique Talent Ecosystem

Candidate Staffing Platform stores data about past and present candidates, enables fast work and scalability, providing clients with valuable insights into their talent pipeline.

Transparent

$0

No Hidden Costs

Price quoted is the total price to you. No hidden or unexpected cost for for candidate placement.

x1

One Consolidated Invoice

No matter how many engineers you employ, there is only one monthly consolidated invoice.

Ready to hire Mykola M
or someone with similar Skills?
Book a call with Mykola M
Looking for Someone Else? Join Upstaff access to All profiles and Individual Match
Start Hiring