SEARCH

Penetration Tester Resume Example

Resume Score: 70%

Love this resume? Build Your Own Now
PENETRATION TESTER
Profile

Cyber security professional versed in penetration testing techniques.  Brings project management experience and creative problem solving abilities. Works well in a team or independently.

Relevant Skills
  • OSCP, eWPT, GSEC, MCSE, CCNA, Network+
  • Analyze/modify exploit code in Python,C,Perl,Ruby,PHP
  • Kali  
  • Basic scripting bash & python
  • AV evasion techniques, persistence, pivoting
  • Metasploit, Veil-Framework
  • OpenVAS, Nexpose
  • Linux, Windows
  • Hyper-V, VMWare
  • Burp, Nikto, DirBuster, SQLMap
  • OWASP Top 10
  • Privilege escalation (Linux/Windows)
  • PowerSploit, Nishang, PowerTools
Highlights
  • Penetration test of New Zealand college IT assets as part of establishing compliance with new cyber security guidelines set by NZQA and NZSIT.  Compliance achieved.

 

  • Penetration test for international trade and development company of targeted servers to identify/validate (and eliminate) unauthorized pathways of access to confidential data.
??
  • Successfully led transition of Multiple Listing Service (MLS) database system serving 14 counties to next generation technology providing service to over 450 offices and 3,000+ real estate professionals.
??
  • Penetration test of Offensive Security network - used Kali Linux, public/custom exploits and privilege escalation techniques to gain administrator, system or root access to 50+ machines with unique vulnerabilities.  Exploited variety of Unix/Linux boxes (Ubuntu, Fedora, Redhat, SunOS, FreeBSD) and most Windows versions. Written report on vulnerabilities, exploitation and remediation.
Professional Experience
Penetration Tester
February 2011 to Current Impact Venture Group, Inc. - NY / New Zealand
  • Internal and external penetration testing (plan, discover, attack, report).
  • Web application testing (manually and with tools such as Burp, Dirbuster, Nikto, SqlMap, Beef-xss, Hydra, Patator).
  • Conduct vulnerability assessment and review results. Collaborate with client's IT staff to rank vulnerabilities. Validate high risk vulnerabilities on specific targets. Develop remediation action plan.
  • Establish and/or encourage ongoing vulnerability management process (scan, assess, patch, report).
  • Effectively communicate with technical/non-technical personnel before, during and after engagement.
  • Research emerging threats, develop test plan environment, test exploits, tools in lab prior to deployment in production environment.
  • Ongoing skill set development: cyber security news, tools, vulns, exploits, remediation, blogs, courses.   Always on the hunt for custom tools, tweaks, methods to be more effective during engagements.
IT Consultant
June 2001 to December 2010 Impact Systems, Inc. - NY / New Zealand
  • Provided Information Technology consulting for broker offices that were outside the scope of GRAR's level of support (network design, hardware/software configuration, troubleshoot complex network issues).
  • Provided Information Technology consulting/administration in New Zealand for clients.
  • Understand the objective/requirements of the client, research, identify the best solution after factoring in all the variables, implement and test.
  • Router, Firewall, Server, client configuration and system hardening.
  • For national hardware wholesaler, develop central database to integrate with ODBC compliant inventory management and accounting.
  • Implemented business management software for client to facilitate tracking tasks, jobs and work orders among departments.  Provided basic training to staff on how to administer, create, track and modify tickets. software.

Business Development

  • Founder of The SpeedPost System. From concept to implementation, designed and built innovative structural foundation. Established network of SpeedPost dealers and direct-buy clients.
  • Designed, developed and sourced the SpeedPost TorqueMaster machine production with national manufacturer.
  • Managed all aspects of IT (website, dealer/client/inventory database, network, security of intellectual property).
  • Sold company.
Director of Information Technology
February 2002 to January 2004 Greater Rochester Association of Realtors - NY
  • Provided information technology leadership, direction and support for the organization.
  • Managed IT department that provided network and MLS support for over 3,000 members and staff.
  • Reported on industry trends, budget, website traffic, security topics at board meetings. 
  • Responsible for the confidentiality, security and integrity of the company's IT assets.
  • Evolution of company website (Homesteadnet.com).
  • Organized focus groups with over 200 real estate professionals to identify must-haves for next generation MLS database. Sourced, developed and implemented MLS.
Network Engineer
June 1998 to February 2002 Greater Rochester Association of Realtors - NY
  • Network Engineer for multi-domain network of Windows/Unix servers, Cisco routers, and Watchguard firewalls.
  • Maintain security of the network and the MLS database.
  • Deliver and discuss weekly security and operating reports for LAN/WAN environment to Director of IT.
  • Researched and implemented SUPRA key card system which allowed members to access visitor information at house listings via wireless PDA's.
  • Webmaster responsibilities for high traffic company website (Homesteadnet.com - 3 million hits per month).
  • Perform regular security tests and log review to identify/resolve vulnerabilities.
  • Designed, planned and implemented migration to new LAN design which included Windows 2000 Active Directory domain, XP Pro clients, HP-UX servers, Cisco routers, Watchguard firewalls with VPN access.
Professional Development
  • Offensive Security Certified Professional (OSCP)
  • GIAC Security Essentials Certification (GSEC)
  • Microsoft Certified Systems Engineer+Internet(MCSE+I)
  • Offensive Security Penetration Testing with Kali (PWK)
  • Cyber Security resources from SANS, Seclist.org, Rapid 7, SecurityFocus, Offensive Security, corelan.be, exploit-db.com

 

 * References available upon request
  • eLS Web Application Penetration Tester (eWPT)
  • Cisco Certified Network Associate (CCNA
  • Microsoft Certified Systems Engineer (MCSE
  • Network+
  • Microsoft Certified Professional (MCP)
  • eLS Web Application Penetration Testing (WAPTv2
  • Linux+ and Security+ Courses
  • Hacking challenges hosted by security community.   
  • High School Graduate
Build Your Own Now

Resume Overview

Companies Worked For:

  • Impact Venture Group, Inc.
  • Impact Systems, Inc.
  • Greater Rochester Association of Realtors

Job Titles Held:

  • Penetration Tester
  • IT Consultant
  • Director of Information Technology
  • Network Engineer

Advertisement

Similar Resumes

View All

Penetration Tester

Motivon Inc

Bolingbrook, Illinois

Posted 918 days ago