Driven Security Researcher with over 4 years of experience specializing in application security and penetration testing. Proficient in using tools like Burpsuite and Kali Linux to uncover vulnerabilities in web applications and APIs. Successfully collaborated with development teams to remediate security flaws, while also executing threat hunting operations that improved organizational security posture. Ready to bring expertise and a results-oriented approach to enhance security measures and protect critical assets.
Executed thorough security assessments and penetration testing on web applications, APIs, and various systems, uncovering critical security vulnerabilities.
Leveraged advanced security toolkits, including Burpsuite and Kali Linux, to scrutinize intricate systems and pinpoint potential security threats.
Partnered with development teams to convey identified vulnerabilities and deliver strategic, actionable recommendations for effective remediation.
02/2025 – 05/2025
Penetration Tester Intern, Syntactics Inc.
Philippines, On-site
Performed comprehensive security assessments and penetration testing on web applications, APIs, and other systems, identifying significant security flaws.
Demonstrated proficiency in utilizing security toolkits such as Burpsuite and Kali Linux to analyze complex systems and highlight potential security risks.
Collaborated closely with development teams to disclose vulnerabilities and provide clear, actionable recommendations for remediation.
Conducted proactive threat hunting operations to discover valid credentials compromised in public data breaches, correlating leaked data with internal user accounts, assessing risk, and facilitating remediation actions, including enforced password resets and MFA implementation.
Education
2021 – Present
University of Science and Technology of Southern Philippines Bachelor of Science in Information Technology (BSIT), Information Technology
CDO, Philippines
Skills
JavaScript (React.js, Node.js, NEXT.js)
Python
PHP (Laravel)
VSCode
Git
Postman
Docker
Web Application Security (OWASP Top 10, XSS, CSRF, SQL Injection)
Demonstrated advanced proficiency in application security by successfully completing a 7-hour practical exam involving real-world pentesting scenarios, including complex attack vectors such as SSRF, RCE, and API vulnerabilities.
Demonstrated proficiency in identifying and mitigating network vulnerabilities, configuring secure systems in Linux and Windows, and understanding of social engineering attacks and basic malware analysis.
Validated expertise in API security through completion of five core courses and a rigorous 100-question examination, covering topics like OWASP API Security Top 10, authentication strategies, and API server hardening.
Web Application Penetration Tester eXtreme (eWPTX)
Successfully completed an 18-hour, hands-on assessment simulating real-world web application penetration testing engagements. Demonstrated proficiency in advanced exploitation techniques, including bypassing WAFs, conducting API security assessments, and delivering comprehensive reports aligned with industry standards.
CVE Publication
CVE-2025-4691, Wordpress Plugin
identifies an Insecure Direct Object Reference (IDOR) vulnerability in the eaSYNC Booking plugin for WordPress, which is commonly used by hotels, restaurants, and car rental services. This vulnerability affects all versions up to and including 1.3.21