Katowice Metropolitan Area
Cybersecurity Consultant and Penetration Tester with 3 years of hands-on experience in web/API penetration testing, application security, vulnerability assessment and remediation-focused reporting for regulated financial environments. In my current role at KPMG, I perform web and API security testing, validate vulnerabilities, develop proof-of-concept exploits, conduct external attack surface analysis and support infrastructure/cloud security reviews. I work with tools such as Burp Suite Professional, OWASP ZAP, Nmap, Nessus, Postman, Wireshark and Bash/Python scripts. I am particularly interested in application security, product security, offensive security, vulnerability management, cloud security and AI-assisted security testing. I also explore security testing of LLM-based agents and agentic workflows. Certified in eWPTX v3 – Web Application Penetration Tester eXtreme. Additional background includes CCSK v4.1 Foundation Training, Cisco Networking Academy CCNAv7 coursework and PCAP: Programming Essentials in Python. GitHub: github.com/Stuglik-Jakub
- Performed web and API penetration testing for regulated financial clients. - Identified and validated authentication, authorization, access control, business logic and input validation issues. - Developed proof-of-concept exploits and retested vulnerabilities using Burp Suite Professional, OWASP ZAP, Nmap, Nessus, Postman and custom scripts. - Tested LLM-based agents and agentic workflows for security weaknesses. - Conducted OSINT and external attack surface analysis to identify exposed services and misconfigurations. - Supported infrastructure and cloud security reviews. - Automated reconnaissance and evidence collection using Bash and Python. - Delivered remediation-focused reports for technical and non-technical stakeholders.
- Supported web and API security assessments for enterprise clients. - Assisted in vulnerability validation, evidence collection and remediation-focused reporting. - Used tools such as Burp Suite, Nmap, Nessus, Postman and OSINT utilities during security testing activities.