Security Engineer and Security DevOps - 22108 Outstaffing

Posted more than 30 days ago
Specialization: DevOps
Open to offers now
Ukraine
Kyiv, Kharkiv, Lviv, Odesa, Dnipro
More than 3 years
Upper Intermediate
Considering options
Full-time office work
Part-time work
Remote work (full-time)
Freelance (one-time projects)
Relocate
Information Security Specialist Web APP Pentester Mobile APP Pentester Security Engineer SecDevOps

4+ years of experience in Peneration Tester, Security Engineer and Security DevOps. Advanced knowledge of Penetration testing techniques and methodologies. SecDevOps professional skills. AWS skills.

Fluent use of vulnerability scanners, Linux and Windows scanners, network traffic monitoring tools, Protecting web-servers, and mobile applications.

Use logical and methodical approach to achieving tasks and objectives; able to build and implement sophisticated plans; determined and decisive; use initiative to meet and resolve challenges.

Native language – Ukrainian.

Fluent Russian, fluent English.


Programming Languages/ Technologies

§ Python

§ Bash

§ Php

§ Javascript

§ HTML

§ Ruby

§ C\C++

§ SIEM

§ Technical Documentation/Penetration Testing Reports/Proposals

§ Reverse Engineering

 

RDBMS

§ My SQL

§ PostgreSQL

§ SQLite

Development Tools

§ Ansible (basic)

§ AWS/Kubernetes

§ Docker

§ Jenkins

§ GitLab

§ Git

§ CI/CD

 

Virtualization environments

§ VMWare

§ VirtualBox

 

Operating Systems

§ Microsoft Windows 95/ 98/ 2000/ XP/ 2003 Server/ Vista / 7/8/10

§ Kali Linux

§ Ubuntu

§ CentOS

 

Application/Web Servers

§ Nginx

§ Php-fpm

§ Tomcat

§ IIS

§ Apache

§ Redis

§ Active Directory

§ DNS

§ DHCP

§ SNMP

§ SMB

 

Methodologies

§ OWASP

§ NIST

§ ISACA

Testing Tools

§ Nmap

§ Nikto

§ Burp Suite

§ OWASP ZAP

§ Nessus

§ Wireshark

§ Maltego

§ Sqlmap

§ Gobuster

§ Metasploit

§ Cloudflare

§ Slither

 

Hardware

§ Network technologies

§ Different technological device

 

Experience
Mobile penetration tester
Pentest of mobile application
August 2021 - September 2021

Mobile application for IOS and Android - a wallet for cryptocurrency, which is used for transactions between different currencies


§ Analyze the system and prepare scope of work

§ Reverse Engineering of Android app

§ Testing security of the apps

§ Dynamic and Static testing

§ Test api and requests to the server

§ Prepare a detailed report on found vulnerabilities including executive summary, risk level of each vulnerability and recommendations on how to fix them.

Industry-standard penetration testing tools and frameworks, including Nmap, Sniper, Nessus, Maltego, Hydra, the Metasploit Framework, Searchsploit, Dirb, Gobuster, Wireshark, Burp Suite, Tcpdump and Sqlmap

 


Security Engineer
Australian company
May 2020 - July 2021

An enterprise company requested DDoS protection and full security audit of the website on AWS managed with Kubernetes. At the time of DDoS attacks Kubernetes scaled used resources up to 8 servers. However, even this scaling did not help agains the attacks. So our team has configured proper security rules, managed WAF and firewall and has written own solution. After this complex approach any attack could not harm the system.


§ external threat modeling

§ information gathering

§ testing AWS security groups

§ identity and access management

§ test data protection

§ internal threat modeling

§ web app code review

§ communication with client's security engineer

§ generating a report with executive summary, risk level of each vulnerability and recommendations on how to fix them.



Penetration tester, SecDevOps
NDA
2021 - 2021

The client with the bank system requested to perform a penetration testing against his system. The test scope for this engagement included a businesscritical web application on AWS cloud web hosting, company's internal network, as well as a company's Security Information and Event Management (SIEM) system.

  • Perform penetration tests on the systems
  • Create new testing methods to identify vulnerabilities
  • Pinpoint methods and entry points that attackers may use to exploit vulnerabilities or weaknesses
  • Search for weaknesses in common software, web applications and proprietary systems
  • Research, evaluate, document and discuss findings with IT teams and management
  • Review and provide feedback for information security fixes
  • Establish improvements for existing security services, including hardware, software, policies and procedures

Identify areas where improvement is needed in security education and awareness for users

Industry-standard penetration testing tools and frameworks, including Nmap, Sniper, Nessus, Maltego, Hydra, the Metasploit Framework, Searchsploit, Dirb, Gobuster, Wireshark, Burp Suite, Tcpdump and Sqlmap. AWS infrastructure deployment.

 

 


Penetration Tester
Estonian company
October 2020 - December 2020

During a penetration test of cryptocurrency website, a critical vulnerability was found. This vulnerability allowed to get all confidential information about the users, including emails, wallets and balances, etc. knowing user ID. The vulnerability was amplified with the fact that it was easy to generate all possible IDs with own written script. Our team helped to fix this vulnerability as soon as it was found.


§ analyze the system and prepare scope of work

§ gather information about the system

§ check used services and their versions

§ find exploits for these services

§ test api and requests to the server

§ get access to the database

prepare a detailed report on found vulnerabilities including executive summary, risk level of each vulnerability and recommendations on how to fix them.

Curl, Burp Suite, Requests interception, modification, injections of malicious code, own written bash script to brute force user ID values.

 


Security Engineer
Canadian company
December 2019 - June 2020

A website of an e-commerce company.


§ external threat modeling

§ information gathering

§ analyzing logs

§ performance monitoring

§ testing production environments

§ identity and access management

§ test data protection

§ internal threat modeling

§ communication with client's security engineer

generating a report with executive summary, risk level of each vulnerability and recommendations on how to fix them


Cloudflare, WAF, firewall, own solution written in php, Zabbix, Burp Suite.

 


Estonian software development
Local Network Penetration tester
May 2019 - November 2019

An internal network of a software development company

Responsibilities:

§ analyzing internal network traffic

§ security testing of devices in the network

§ analyzing logs

§ performance monitoring

§ testing production environments

§ test data protection

§ communication with client's security engineer

§ generating a report with executive summary, risk level of each vulnerability and recommendations on how to fix them


Tools & Technologies:

WAF, firewall, Zabbix, Burp Suite, Nmap, Wireshark.


Freelance
Security Analyst
2018 - 2019

Responsibilities:

·        Research and analyze data from internal and 3rd-party sources to find new ways to expand our security value, validate and optimize newly created security content to improve product precision

·        Triage and analyze vulnerability data as well as additional metadata to verify and determine the severity and potential exploitability of vulnerabilities in various runtime environments

·        Set high-quality standards, ensuring the accuracy, and the reliability of our proprietary database.

·        Use statistical tools to interpret data sets, paying particular attention to trends and patterns that could be valuable for diagnostic and predictive analytics efforts.

·        Build and improve the security logic products.

Tools & Technologies:

WAF, firewall, SQL, NoSQL, AWS, Nmap, Sniper, Nessus, Maltego


Similar candidates
Open to offers now
Ukraine
Kyiv, Kharkiv, Lviv, Odesa, Dnipro
More than 3 years
Upper Intermediate
Considering options
Full-time office work
Part-time work
Remote work (full-time)
Freelance (one-time projects)
Relocate
We use cookies
accept