Security Penetration Tester
Opensource (Singapore)
مجموع سنوات الخبرة :5 years, 0 أشهر
A seasoned Security Penetration Tester adept at seamlessly integrating security practices into CI/CD pipelines, proficient in cloud configuration security, and with prior collaboration experience with Singapore government entities such as LTA, IRAS, MOM and many more.
• Experienced in performing comprehensive assessments and identifying vulnerabilities in diverse environments.
• Skilled in seamlessly integrating security protocols into clients CI/CD pipelines using DevSecOps techniques to ensure smooth implementation within their network.
• Capable of conducting various scans and producing SSAT cybersecurity reports to bolster the overall security stance.
• Collaborated with esteemed Singapore government entities such as LTA, IRAS, and MOM serving them as clients.
Experienced in conducting VAPT for diverse systems, identified vulnerabilities in over 100 assessments. Proficient in client communication and team leadership, led teams of up to 7 with producing over 50 comprehensive project documents.
• Efectively collaborated with government entities, contributing to the improvement of cybersecurity measures and diversified involvement with various products.
• Increased project delivery eficiency to clients by 20%, optimizing processes and ensuring timely project completion.
• Worked as a contractor for a segment of PIF (SITE) and collaborated with a diverse cross-functional team of 50 professionals to execute projects, emphasizing collaboration and successfully attaining project objectives.
• Showcased strong communication skills by elucidating technical details to non-technical C-suite individuals, ensuring a thorough grasp of cybersecurity concepts. Accomplished this by creating engaging PowerPoint presentations and informative visualization videos.
Conducted scope and budget discussions with clients for projects valued up to $100k, ensuring alignment with financial constraints.
• Proficient in conducting vulnerability assessments and penetration testing across various systems, adept at compiling detailed reports and facilitating efective client communication. Demonstrates expertise in fundamental network protocols, hands-on experience with Windows/Linux, and proficiency in OWASP framework, PCI-DSS, NIST 800-53, and ISO standards.
• Additionally, supported training sessions for NotSoSecure at Blackhat and created a vulnerable lab for an advanced cloud hacking course. This encompassed the entire process from diagram conceptualization to the development of the attacking environment.
• Worked as a contractor for S&P Global, took on a leadership role within an exclusive team focused on thick client penetration testing, uncovering high and critical vulnerabilities within the infrastructure.
Assisted in project management tasks, including planning, execution, and status updates communication.
• Collaborated globally to proactively investigate and manage security threats, focusing on comprehensive event monitoring and timely escalation of incidents.
• Conducted security threat event monitoring and analysis on LYBs global SIEM console in the SOC.
• Reviewed security data sources for anomalies and provided timely detection, identification, and alerting of potential attacks and intrusions.
• Conducted research, analysis, and correlation across diverse data sets, including processing inbound security issues and analyzing alerts from the LYB EDR platform.
• Contributed to project management tasks, resulting in a 10% reduction in project delivery timelines.
• Implemented a new data analysis methodology, leading to a 15% improvement in project tracking accuracy.
• Proficient in technologies such as Active Directory (Azure), Digital Certificates, Databases (SQL, MySQL), Networking (Palo-Alto), Access Controls (SolarWinds), SIEM, ITSM tickets (Service NOW) and Malware Analysis (Cybereason and FireEye).
Diligent Cybersecurity Professional Ensuring Robust Enterprise Protection Through Vulnerability Assessment, Patching Techniques.
• Conducted thorough vulnerability assessments and patching for enterprise infrastructure and network appliances.
• Collaborated with business teams to identify risks and vulnerabilities in their processes and tool/software usage.
• Developed and delivered penetration test reports, showcasing efective communication and client interaction skills.
• Engaged in researching and innovating techniques, tools, and methodologies for enhancing penetration testing services.
• Demonstrated expertise in customizing exploits, scripts, and testing systems for optimal security.