Ayesha A.
Senior Penetration Tester & Security Engineer
Experience
Senior Penetration Tester & Security Engineer
SecurityWall
Engaged as part of a 6-member red team to design and execute a full-scale application security program aligned with ISO 27001 and ISO 27034 standards.
Integrated security best practices across the SDLC, including threat modeling, secure code review, penetration testing, and continuous monitoring.
Scoped multiple domains within the client’s IT infrastructure and identified critical vulnerabilities across web, mobile, API, and cloud assets.
Delivered comprehensive security reports detailing severity levels, business impact, and prioritized remediation recommendations.
Collaborated with development teams to implement fixes, resulting in a 60% reduction in externally reported issues year-over-year.
Conducted internal network penetration testing and lateral movement assessment as part of a 5-member red team.
Gained initial access via exposed services, bypassed AV, escalated privileges, and compromised the Domain Controller using Mimikatz.
Delivered remediation guidance and supported patching efforts to strengthen internal defenses and reduce risk exposure.
Technologies used: Python & Bash Scripting, Metasploit Framework, Nmap, Burp Suite Professional, Wireshark, SQLMap, John the Ripper, Hydra, Aircrack-ng, Nessus, Nexpose, Acunetix, Shodan, Censys, OWASP Amass, Dirsearch, Httprobe, Postman, Cobalt Strike.
Security Analyst
Proto Global Ltd
Led end-to-end security assessments across applications, networks, and cloud environments, remediating 95% of high-risk vulnerabilities within three months.
Designed and implemented an ISO 27001-compliant ISMS and led audits to achieve SOC2, ISO 27001, and GDPR certifications.
Strengthened infrastructure and cloud security using WAF, IDS/IPS, FIM, and AWS/GCP best practices.
Conducted regular risk assessments, access reviews, and background checks to ensure policy compliance, minimize insider threats, and protect sensitive data.
Technologies used: Vanta, AWS Inspector, AWS CloudTrail, AWS GuardDuty, GCP Security Command Center, CrowdStrike, Slack, Notion, Grafana, Jira, Git.
Independent Security Researcher
Freelance
Conducted vulnerability assessments and penetration testing for platforms such as Synack, Bugcrowd, HackerOne, Intigriti, and YesWeHack.
Analyzed Android/iOS and web applications to uncover critical vulnerabilities, including hardcoded secret keys, zero click account takeovers, and logical flaws.
Scoped and evaluated infrastructure, web apps, APIs, and cloud services, resolving over 100 high-severity vulnerabilities.
Delivered detailed security reports and remediation strategies to clients, reducing security incidents by 35% within six months.
Discovered and reported highly critical vulnerabilities to renowned security teams, contributing to the mitigation of significant threats and safeguarding millions of users globally.
Technologies used: Python, Metasploit, Nessus, Burp Suite, MobSF, AWS, Wireshark, Objection, Frida, APKTool, Ghidra, Azure Security Center, Amazon Inspector, Postman.
Languages
Certifications & licenses
Certified Information Security Manager (CISM)
Offensive Security Certified Professional (OSCP)
Similar Freelancers
Discover other experts with similar qualifications and experience
- English
- Deutsch
2025 © FRATCH.IO GmbH. All rights reserved.