Seun A.

Performed web application penetration testing for third-party clients, applying OWASP Top 10 and API Top 10 methodologies while delivering detailed technical and executive-level reports. Conducted security assessments for mobile applications (Android) through static analysis with JADX and Checkmarx, and dynamic analysis using Burp Suite and Genymotion to identify authentication flaws, insecure data storage, and API vulnerabilities. Compiled comprehensive penetration test reports addressing risk ratings, proof-of-concept exploits, and prioritized remediation roadmaps for non-technical stakeholders.

Conducted web application and network penetration tests utilizing Burp Suite, Nmap, and Kali Linux tooling while applying OWASP Top 10 and OWASP API Top 10 methodologies to identify and address critical vulnerabilities in banking systems. Performed SAST reviews with Checkmarx CX-SAST to spot insecure code patterns in in-house developed applications, providing remediation guidance to the development teams. Executed phishing simulations and verified vulnerability exploitability with Metasploit Pro, generating evidence-backed remediation reports. Deployed OpenBas for attack simulation and threat injection to assess security controls against realistic attack scenarios. Managed the entire vulnerability lifecycle with Rapid7 InsightVM, overseeing discovery, severity prioritization, and remediation tracking across various endpoints. Executed quarterly PCI DSS ASV scans using Smart Comply to maintain compliance and audit readiness. Contributed to the organization’s recertification of ISO 27001:2022 by supporting audit documentation and evidence collection. Integrated and deployed MISP and OpenCTI threat intelligence platforms, ingesting IoCs from various sources, such as VirusTotal and AlienVault OTX. Generated actionable threat intelligence reports and developed profiles for threat actors to proactively combat emerging threats in the financial sector. Created Python scripts to automate NIST vulnerability feed extraction and ARP scanning for enhanced asset visibility.

Audited organizational processes for security compliance, identifying gaps and developing data protection policies. Conducted OSINT investigations to pinpoint potential insider threats and external reconnaissance activities. Tested SQL Injection vulnerabilities in controlled environments to provide actionable recommendations for server hardening.

Reviewed security configurations and assessed security features on internally developed websites and mobile applications during quality assurance cycles. Provided technical support to web hosting clients and conducted quality assurance for in-house digital products.

Designed and maintained landing pages, login pages, and blog sites using HTML, CSS, Bootstrap, and WordPress.