Jakub Stuglik

Cybersecurity Consultant | Penetration Tester · AppSec · Web/API Security | eWPTX v3

Katowice Metropolitan Area

About

Cybersecurity Consultant and Penetration Tester with 3 years of hands-on experience in web/API penetration testing, application security, vulnerability assessment and remediation-focused reporting for regulated financial environments. In my current role at KPMG, I perform web and API security testing, validate vulnerabilities, develop proof-of-concept exploits, conduct external attack surface analysis and support infrastructure/cloud security reviews. I work with tools such as Burp Suite Professional, OWASP ZAP, Nmap, Nessus, Postman, Wireshark and Bash/Python scripts. I am particularly interested in application security, product security, offensive security, vulnerability management, cloud security and AI-assisted security testing. I also explore security testing of LLM-based agents and agentic workflows. Certified in eWPTX v3 – Web Application Penetration Tester eXtreme. Additional background includes CCSK v4.1 Foundation Training, Cisco Networking Academy CCNAv7 coursework and PCAP: Programming Essentials in Python. GitHub: github.com/Stuglik-Jakub

Experience

  • KPMG Poland ()
    • Cybersecurity Consultant | Penetration Tester
      Oct 2025 - Present · 10 mos

      - Performed web and API penetration testing for regulated financial clients. - Identified and validated authentication, authorization, access control, business logic and input validation issues. - Developed proof-of-concept exploits and retested vulnerabilities using Burp Suite Professional, OWASP ZAP, Nmap, Nessus, Postman and custom scripts. - Tested LLM-based agents and agentic workflows for security weaknesses. - Conducted OSINT and external attack surface analysis to identify exposed services and misconfigurations. - Supported infrastructure and cloud security reviews. - Automated reconnaissance and evidence collection using Bash and Python. - Delivered remediation-focused reports for technical and non-technical stakeholders.

    • Junior Cybersecurity Consultant | Junior Penetration Tester
      Jul 2023 - Sep 2025 · 2 yrs 3 mos

      - Supported web and API security assessments for enterprise clients. - Assisted in vulnerability validation, evidence collection and remediation-focused reporting. - Used tools such as Burp Suite, Nmap, Nessus, Postman and OSINT utilities during security testing activities.