Mikhail Nabiullin

AppSec Engineer, Researcher | OSWE, BSCP, OSCP, CEH

Monopoli, Apulia, Italy

About

Experienced Application Security Engineer specializing in web application security. Certified in OSWE, BurpSuite, OSCP, CEH. Extensive experience in penetration testing. Skilled in identifying vulnerabilities and implementing robust security measures. Strong collaboration and communication abilities.

Experience

  • Data Security Researcher at Bright Data
    Mar 2025 - Present · 1 yr 4 mos

    Bot detection adversarial research

  • Synack Red Team Researcher at Synack Red Team
    Sep 2021 - Present · 4 yrs 10 mos

    - Penetration testing against networks and web applications - 20+ accepted high-impact vulnerabilities

  • Senior Application Security Engineer at Exness
    Mar 2021 - Mar 2025 · 4 yrs 1 mo

    - Consulting software development teams in the security area - BugBounty program management - Security review (design, code) within SSDLC - Manual and automated code review (millions lines of code - mostly Python, Go, Java) - White-box pentesting - Awareness and training for developers, internal CTF organization for development teams - Cloud WAF and AntiBot rules management (Imperva, Cloudflare) - ASPM tools development

  • Penetration Tester at Digital Security
    Aug 2018 - Feb 2021 · 2 yrs 7 mos

    - 30+ Penetration Testing projects - Mostly Web Application pentesting but also Mobile, Desktop apps, Infrastructure (Network, Hosts) - Code reviews (Java, C#) - A long SDLC project - Web/IOS/Android/Desktop apps, Network/Hosts Pen Testing - Development of penetration tester tools and scripts

  • Ministry of Defense of the Republic of Kazakhstan (Astana, Kazakhstan)
    • Senior Network Security Officer
      Mar 2017 - Jul 2018 · 1 yr 5 mos

      - SIEM, IPS/IDS, Firewalls implementation, configuration and administration - Integration network equipment and servers with SIEM - Advising subordinate units on incidents and incident prevention, recommendations development for closing vulnerabilities - Participation in information security tools selection, requirements assessment, testing and implementation - Performing security incident investigations - Documentation and conforming to processes related to security monitoring - Security monitoring

    • Monitoring Officer
      Jun 2016 - Mar 2017 · 10 mos

      - Security monitoring with SIEM, IPS/IDS, DLP, Firewalls, Vulnerability scanners, Network assets scanners, Corporate Antivirus - Monitoring the information flow transmitted through various channels (HTTP / HTTPS, removable storage media, e-mail, printing documents, etc.) - Information security incident response, event logs analysis, violations processing - Participation in security incident investigations