Senior Security Engineer- Lead Penetration Tester
SII
Total years of experience :7 years, 8 Months
• Perform manual and automated Web Application Penetration Testing (DAST), Network Penetration Testing.
• Adhere to the security standards and all policies and procedures identified for the project specified by the organization.
• Conduct comprehensive security testing of mobile applications, develop testing methodologies, and provide actionable recommendations for
vulnerability remediation.
• Prepare and present detailed, written technical information for internal and external audiences.
• Summarize and document results of testing for management reporting including proper disposition of test exceptions
• Conducting targeted penetration testing of exercise and test events with the application of targeted sophisticated attacks as a simulated adversary
• Participating in event planning stages to develop cyber assessment plans and conducting no-notice penetration tests
• Creating Red Team support materials (e.g. Probabilistic Attack Graphs, Cyber Exercise Playbooks etc.)
• Assisting with the on-boarding of new members of the Red Team through work shadowing and knowledge transfer sessions
• Supporting the identification of controls to remediate and/or mitigate identified security weaknesses of systems, applications, processes, and procedures.
• Assists the audit engagement product owner in determining audit program customization requirements and respective program steps.
• Conduct dynamic application security testing using both manual and automated testing tools
• Deliver a complex range of application, code review, mobile and infrastructure related security assessments.
• Summarize and document results of testing for management reporting including proper disposition of test exceptions
• Provide leadership, guidance, and mentoring to less experienced software engineers
• Write, review, and revise product requirements and specifications
• Lead architecture discussions and help drive technical decisions
• Review and influence existing practices and behavior of software engineering teams
• Conduct regular security reviews of both software and processes. Review and create threat models.
• Conduct security code reviews and educate the engineering teams on best practices for writing secure code.
• Implement Secure Software Development Lifecycle (SSDLC) practices
• Develop system requirements and system architecture for new functionality to support updating a connected vehicle
• Develop methodologies to automate the testing from cloud to vehicle.
• Developed reports and presentations for both technical and executive audiences
• Technically lead and collaborate with team colleagues locally and remotely, e.g. design new functions and perform code reviews.
• Identify software security design and architectural risks, and develop mitigation plans
• Identify, evaluate, and help implement technical security controls to continuously improve the organization’s security posture.
• Perform security assessments on native, managed, and interpreted software using static and dynamic analysis techniques
• Mentor software engineers on how to abate security vulnerabilities and threats in applications
• Participate in company level security compliance efforts.
• Develop software solutions following established development standards.
• Develop software that integrates with other systems.
• Unit test each software component to ensure business requirements are fulfilled.
• Analyze suspicious files (executables, scripts, office documents)
• Analyze malware statically and dynamically
• Contribute to the development and maintenance of malware classification automation, analysis platforms and tools.
- Course Introduction and Debugging Basics. - What's Up With The Symbol Files? - Analyzing Symbols With Nm. - System Call Tracing With Strace. - Breakpoints, Examining Registers And Memory. - Modifying Registers And Memory. - GDB Convenience Variables And Calling Routines - Cracking A Simple Binary With Debug Symbols. - Disassembling And Cracking A Simple Binary. - Conditional Breakpoints Using Variables And Registers. - Setting Up Debian Armel In Qemu. - Cracking Programs On Arm Architectures. - iPhone Application Reversing And Cracking With GDB. - GDB On 64 Bit Systems.
The SecurityTube | Pentester Academy is a set of online courses and certifications for Computer Security and Penetration Testing. These courses are ideal for penetration testers, security enthusiasts. The courses leading to the certification exams are entirely practical and hands-on in nature. The final certification exam is fully practical as well and tests the student’s ability to think out of the box and is based on the application of knowledge in practical real-life scenarios. Pentesting Routers Attacking SSH with Metasploit, Nmap, Medusa, Hydra, Ncrack SNMP attacks Bypassing Firewalls Payloads and Shells HTTP/HTTPS tunneling Port Forwaring, Pivoting, Reverse Connects Privilege Escalation and UAC bypass Hash Dumping and Mimikatz Windows Sessions, Stations and Desktops Impersonation attacks WMIC post exploitation Hidden bind shells Bitsadmin Browser Password Recovery PAC Attacks DNS Poisoning Veil Framework and AV Evasion Metasploit Loader 32/64-bit DLL Hijacking basics DLL Hijacking and Meterpreter Privilege Escalation via DLL Hijacking DLL Injection using Appinit_DLLs Stripping Manifest Files for DLL Hijacking Attacking with DLL Forwarding Anti-Forensics techniques Memory Dumping and Analysis
Option : Computer Security. Thesis about an Automated Framework for Malware Analysis using Machine Learning Technologies used: .NET, C#, Python, Malware analysis, Weka, AI, Machine learning, IDA PRO, Anubis, Entity Framework, WPF.
Option : Software Engineering and information systems. Thesis about The implementation of a synchronous MAC protocol for Wireless Sensor Network. Technologies used: .NET, C, GloMoSim