Max Khramov

Web & API Pentesting + AWS Security Reviews for B2B SaaS | OSCP · AWS Certified Security

Split, Split-Dalmatia, Croatia

About

I am a highly motivated and skilled security engineer with expertise in web, mobile, and cloud penetration testing, as well as vulnerability management. I am an Offensive Security Certified Professional (OSCP), AWS Certified Solutions Architect, and AWS Certified Security. I am passionate about finding and mitigating security vulnerabilities and committed to improving the security of projects. In my work, I am constantly seeking ways to enhance the resilience of projects against potential threats and to provide valuable insights to clients

Experience

  • Application Security Engineer at NDA
    Jul 2023 - Present · 3 yrs 1 mo

    -Led extensive penetration testing and vulnerability management for web, API, network (PCI DSS compliant), and mobile applications, providing technical guidance for the remediation of high-risk flaws -Conducted manual and automated secure code reviews using Snyk and Semgrep for JavaScript applications, eliminating high-risk flaws prior to production release -Applied AWS and Kubernetes security best practices, focusing on infrastructure hardening and reducing the attack surface through basic configuration audits -Streamlined vulnerability management within the SDLC by implementing tracking workflows that reduced the mean time to remediate (MTTR) critical findings -Guided junior team members in strengthening their vulnerability analysis and mitigation skills

  • Application Security Engineer at Growe
    Nov 2022 - Jul 2023 · 9 mos

    -Conducted detailed security assessments of payment provider integrations, discovered critical vulnerabilities that prevented multi-million losses -Managed external security communications with Payment Service Providers (PSPs) to disclose vulnerabilities and coordinate secure transaction processing -Integrated SAST tools into GitLab CI/CD pipelines, reducing the mean time to remediate (MTTR) vulnerabilities by 30% -Executed comprehensive security evaluations of third-party JavaScript scripts, mitigating potential risks to web applications

  • Application Security Engineer at PAR Retail
    Mar 2022 - Nov 2022 · 9 mos

    -Conducted comprehensive penetration tests across web applications, api, networks (PCI DSS compliant), and mobile applications, identifying and mitigating vulnerabilities to bolster system security -Performed detailed cloud security assessments, evaluating and enhancing cloud infrastructures to protect against emerging threats -Developed and implemented information security standards and policies, ensuring consistent security practices across all phases of the SDLC -Fostered a culture of security awareness and best practices within the development teams, improving the overall security posture of projects

  • Penetration Tester at Berezha Security Group
    Oct 2020 - Mar 2022 · 1 yr 6 mos

    -Identified critical vulnerabilities for clients across the fintech, gambling, and healthcare industries and provided actionable remediation guidance to engineering teams to ensure effective risk mitigation -Demonstrated expertise in web, network, and Android application penetration testing, employing advanced techniques to uncover security weaknesses -Conducted detailed assessments of cloud infrastructures, identifying vulnerabilities and verifying the effectiveness of security controls -Participated in creating threat models to identify system-level vulnerabilities, aiding in the design of robust security defenses