Ivan Spiridonov

Offensive Security Consultant | OSCE³ [OSWE | OSEP | OSED] | OSCP | CRTO | CRTL | CRTE | 10xCVEs

Bulgaria

About

Cybersecurity isn’t just a job for me - it’s a craft. I specialize in identifying and resolving complex security vulnerabilities, with hands-on experience across offensive and defensive security. I hold certifications including OSCE³ (OSEP, OSWE, OSED), OSCP, CRTO, CRTL, and CRTE, which reflect both deep technical knowledge and a commitment to continuous learning. My work ranges from reverse engineering and red teaming to advanced attack simulations - all with the goal of helping organizations stay ahead of evolving threats. I believe in building security that’s proactive, practical, and rooted in real-world tactics. At the core of everything I do is a focus on trust, integrity, and staying sharp in a field that never stands still.

Experience

  • Senior Information Security Penetration Tester at A-LIGN
    Jun 2022 - Present · 4 yrs 2 mos

    • Conducted penetration testing and consulting services for clients globally. • Led assessments for SOC 1, SOC 2, PCI DSS, FISMA, ISO 27001, FedRAMP, HIPAA, HITRUST. • Contributed to A-LIGN as a licensed CPA firm, QSAC, ISO 27001 certification body, HITRUST Assessor, and FedRAMP 3PAO.

  • Team Lead Information Security Penetration Tester at Stingrai
    Jul 2025 - Present · 1 yr 1 mo

  • Core Penetration Tester at Cobalt
    Feb 2019 - Present · 7 yrs 6 mos

    • Developed risk assessment reports to identify threats and vulnerabilities. • Conducted IT audit assessments for systems or applications to recommend solutions to mitigate risks. • Designed tests and tools to break into security-protected applications and networks to probe for vulnerabilities.

  • Security Researcher / Red Teaming at Synack Red Team
    Nov 2018 - Present · 7 yrs 9 mos

    • Developed risk assessment reports to identify threats and vulnerabilities. • Conducted bug bounty hunting, web and mobile applications penetration testings.

  • Information Security Penetration Tester at Obrela Security Industries
    Nov 2017 - Apr 2022 · 4 yrs 6 mos

    • Conducted penetration testing on network devices, web applications, and mobile applications in collaboration with external vendors. • Developed testing methodologies and tools to detect and exploit vulnerabilities in security-protected applications and networks. • Performed IT audit assessments on networks, web, and mobile applications to identify potential risks and provide mitigation solutions.