London, England, United Kingdom
Website: https://utkusen.com
- Handled SAST/DAST scans and managed the overall vulnerability management process. Performed AWS architecture reviews and conducted penetration tests on our applications. Assisted developers in fixing identified vulnerabilities.
- Designed custom scanning architectures, developed DevSecOps pipelines/custom tools for SAST, DAST, Secret scanning and reporting vulnerabilities. This was achieved by creating a scalable AWS architecture, which includes AWS ECS/Fargate, API Gateway, SQS, and Lambda. - Conducted penetration tests on various systems and applications and led realistic red teaming exercises. - Launched and managed a HackerOne bug bounty program.
- Invicti is the umbrella company of Acunetix and Netsparker security scanners. - Assisted key clients, such as Apple, in integrating our DAST tools into their DevOps lifecycle, configuring and deploying tools based on specific needs. Addressed troubleshooting and supported the construction of vulnerability management programs. - I wrote scanner rules in Javascript to detect new types of vulnerabilities. These codes were used to scan a variety of web applications, and they were able to identify vulnerabilities that were not detected by our main scanner.
- Managed complex bug bounty programs for top global companies on HackerOne, such as Paypal, Amazon, Spotify, Nintendo. - Triaged incoming vulnerabilities, prioritizing those that posed the greatest risk to the company's security. Worked with engineers to quickly fix vulnerabilities and ensure that they were not exploited.