Lead Penetration Tester

I am a Penetration Tester and Security Researcher with experience assessing web applications, APIs, mobile applications (Android & iOS), and enterprise infrastructure across both internal and external environments. My experience includes black-box, gray-box, and white-box assessments, with a strong focus on manual testing, business logic vulnerabilities, authentication and authorization flaws, privilege escalation, and attack chaining.

I assess Active Directory environments, network architectures, trust relationships, and privilege boundaries to uncover opportunities for lateral movement and domain compromise. I also evaluate security controls by testing endpoint protection, EDR/XDR solutions, and detection capabilities against adversarial techniques. Security research is a significant part of my work. I regularly perform vulnerability research, source code review, and responsible disclosure. My research has resulted in publicly assigned CVE-2026-48849 and security fixes in widely used software

Beyond identifying vulnerabilities, I collaborate with engineering and IT teams to provide risk-based remediation guidance, improve security configurations, and validate fixes through retesting.