Lead Penetration Tester

I am a Penetration Tester with 2.5+ years of experience conducting web application, mobile (Android & iOS), and enterprise infrastructure security assessments across internal and external environments. My work focuses on identifying exploitable weaknesses, mapping realistic attack paths, and demonstrating measurable business impact through controlled exploitation. In internal assessments, I analyze network architecture and Active Directory environments to identify privilege boundaries, trust relationships, and lateral movement opportunities. I prioritize attack path validation, assessing how an initial foothold could escalate toward broader compromise within enterprise domains.

My methodology emphasizes manual testing, business logic flaw discovery, authentication and authorization bypass analysis, privilege escalation, and structured attack chaining. Where in scope, I also evaluate the effectiveness of security controls by validating detection and response mechanisms, including endpoint and XDR defenses, to assess resilience against adversarial techniques. Beyond vulnerability discovery, I work closely with engineering and IT teams to provide risk-prioritized remediation guidance, support secure configuration improvements, and conduct retesting to ensure effective resolution. Alongside enterprise engagements, I undertake independent security testing and source code reviews, helping organizations strengthen secure development practices and reduce overall attack surface exposure.