Penetration Tester

Candidate brings a robust background in cybersecurity, complemented by a Bachelor's degree in engineering. With a diverse professional journey, they have accumulated valuable experience in several banks, specializing as a penetration tester and vulnerability manager. Currently, they hold the position of a Lead Adversary Simulation Specialist at an MSSP (Managed Security Service Provider) company. In their role, the candidate actively contributes to helping various clients identify vulnerabilities and assess their resilience against cyberattacks. Employing advanced techniques, they play a crucial role in fortifying defenses and ensuring clients are well-prepared to combat evolving cyber threats. The candidate also holds offensive security certifications, underscoring their commitment to excellence and proficiency in offensive security strategies. These certifications further validate their expertise in employing advanced techniques to identify vulnerabilities and enhance cyber resilience. In their tenure at Cyberpoint company, the candidate specialized in red teaming for an impressive 10 months.

Baku Engineering University

Certifications:

• Zero-Point Security / Red Team Lead

• Offsec Experienced Penetration Tester (OSEP) 

• Offensive Security Certified Professional (OSCP) 

• Cisco Certified Network Associate Routing and Switching (CCNA ROUTING AND

• SWITCHING) 

Lead Adversary Simulation Specialist / Cyberpoint

January 2023 – Current

Baku, Azerbaijan

• Plan, execute, and lead simulated cyberattacks, also known as red teaming exercises, to assess the organization's overall security posture. Simulate sophisticated, real-world attack scenarios to identify vulnerabilities and weaknesses in systems, networks, and applications.

• Develop and refine TTPs used during adversary simulations to emulate advanced threat actors and their methodologies. Stay updated on the latest threat intelligence, attack vectors, and emerging TTPs to enhance the realism of simulations.

• Simulate advanced persistent threat scenarios to mimic the techniques used by sophisticated adversaries, including nation-state actors or organized cybercrime groups. Mimic the attack lifecycle, from initial compromise to lateral movement and data exfiltration, to evaluate the organization's ability to detect and respond to such threats.

• Conduct proactive threat hunting activities to identify potential indicators of compromise and detect malicious activities within the organization's network and systems. Leverage threat intelligence, log analysis, and advanced detection techniques to uncover stealthy threats that may have evaded traditional security measures.

• Stay abreast of the evolving threat landscape and security technologies by conducting research, attending conferences, and participating in industry forums. Continuously improve methodologies, tools, and techniques used in adversary simulations to stay ahead of emerging threats.

• I performed thorough web penetration tests using a mix of manual assessments and automated tools to uncover vulnerabilities, including but not limited to SQL injection, cross-site scripting (XSS), and insecure direct object references (IDOR). Concurrently, I took the lead in mobile security assessments, carefully examining iOS and Android applications for potential weaknesses such as insecure data storage, insufficient transport layer protection, and insecure session management. Furthermore, I conducted detailed API penetration testing, addressing concerns such as broken authentication and inadequate data validation to enhance overall system security.

Penetration Tester / Xalq Bank

February 2022 – January 2023 

Baku, Azerbaijan

• Plan, execute, and document penetration testing activities, including both internal and external assessments. Simulate real-world attacks to identify vulnerabilities and exploit them ethically to gain unauthorized access to systems.

• Assess the potential impact of identified vulnerabilities and prioritize them based on their severity and the potential risks they pose to the organization's systems, data, and infrastructure.

• Perform comprehensive vulnerability assessments of computer systems, networks, and applications to identify potential security weaknesses or vulnerabilities.

• Plan, execute, and document security testing activities specifically focused on mobile applications. Identify vulnerabilities such as insecure data storage, inadequate authentication mechanisms, insecure communication channels, and other mobile-specific risks.

• I performed thorough web penetration tests using a mix of manual assessments and automated tools to uncover vulnerabilities, including but not limited to SQL injection, cross-site scripting (XSS), and insecure direct object references (IDOR). Concurrently, I took the lead in mobile security assessments, carefully examining iOS and Android applications for potential weaknesses such as insecure data storage, insufficient transport layer protection, and insecure session management. Furthermore, I conducted detailed API penetration testing, addressing concerns such as broken authentication and inadequate data validation to enhance overall system security.

Penetration Tester / Industry Bank

August 2021 – February 2022 

Baku, Azerbaijan

• Plan, execute, and document penetration testing activities, including both internal and external assessments. Simulate real-world attacks to identify vulnerabilities and exploit them ethically to gain unauthorized access to systems.

• Assess the potential impact of identified vulnerabilities and prioritize them based on their severity and the potential risks they pose to the organization's systems, data, and infrastructure.

• Perform comprehensive vulnerability assessments of computer systems, networks, and applications to identify potential security weaknesses or vulnerabilities.

• I performed thorough web penetration tests using a mix of manual assessments and automated tools to uncover vulnerabilities, including but not limited to SQL injection, cross-site scripting (XSS), and insecure direct object references (IDOR). Concurrently, I took the lead in mobile security assessments, carefully examining iOS and Android applications for potential weaknesses such as insecure data storage, insufficient transport layer protection, and insecure session management. Furthermore, I conducted detailed API penetration testing, addressing concerns such as broken authentication and inadequate data validation to enhance overall system security.

Penetration Tester / Kapital Bank

January 2021 - August 2021

Baku, Azerbaijan

• Plan, execute, and document penetration testing activities, including both internal and external assessments. Simulate real-world attacks to identify vulnerabilities and exploit them ethically to gain unauthorized access to systems.

• Assess the potential impact of identified vulnerabilities and prioritize them based on their severity and the potential risks they pose to the organization's systems, data, and infrastructure.

• Perform comprehensive vulnerability assessments of computer systems, networks, and applications to identify potential security weaknesses or vulnerabilities.

• I performed thorough web penetration tests using a mix of manual assessments and automated tools to uncover vulnerabilities, including but not limited to SQL injection, cross-site scripting (XSS), and insecure direct object references (IDOR). Concurrently, I took the lead in mobile security assessments, carefully examining iOS and Android applications for potential weaknesses such as insecure data storage, insufficient transport layer protection, and insecure session management. Furthermore, I conducted detailed API penetration testing, addressing concerns such as broken authentication and inadequate data validation to enhance overall system security.