CSSLP Certified Software Security professional with 13 years of experience in software security, performing penetration testing, security code review and secure SDL consultancy for large and specialized firms such as GE (Aviation, NBC, financial), Aspect Security, McAfee/foundstone, Softtek. Also hold a Master degree on e-commerce and I am a developer in Microsoft (ASP.NET, C#, Excel VBA, VB 3.0-6.0, Java EE 5-6), therefore I am able to find or fix vulnerabilities and speak "developer" fluently :). Seee my linkedin profile for references and andorsements http://www.linkedin.com/in/juancarloscalderon
Penetration Testing Job Cost Overview
Typical total cost of oDesk Penetration Testing projects based on completed and fixed-price jobs.
oDesk Penetration Testing Jobs Completed Quarterly
On average, 14 Penetration Testing projects are completed every quarter on oDesk.
Time to Complete oDesk Penetration Testing Jobs
Time needed to complete a Penetration Testing project on oDesk.
Average Penetration Testing Freelancer Feedback Score
Penetration Testing oDesk freelancers typically receive a client rating of 4.41.
I have a affinity for computing and networking and I am a linux enthusiast. I have worked for 2 years as a network administrator (windows and linux servers) and as a programmer with php, mysql, postgres, typo3. Since 2012 I worked in the IT security industry as a penetration tester, mainly for web applications, configuration audits (server, web server, os), mobile app and device reviews, firewall reviews and I am experienced in va/pci dss.
senior experienced application pentester & bughunter. usually as result i create a a report with all discovered vulnerabilities with an detail description, criticality levels, risk assessment and suggested mitigations. tests are done with fix ip which can be unique assigned to me. i am using some tools but most of the tests are done manually.
Are you searching for a software engineer with a proven ability to develop high-performance applications with perfect design? If so, please consider my profile. From experience of 10 years in IT field, I would like to give best about my skills and ability. I have a plenty of experience in C/C++/database design/Penetration Testing (Security Audit) and currently spending last two years in iOS app development. And I am currently holding CEH and OSCP (Security certification).
I have experience in Web Applications Penetration testing, Offensive Security in Web Applications, including Web Services (API), some of the tests I make: SQL Injection, Cross Site Scripting, Fuzzing, Brute Force Attacks, Denial of Service, Information Gathering, Session Management, Authorization Testing, Data Validation Testing, File Inclusion, Server Fingerprinting, Exploitation and Risk Assessment. I currently work for Internet Brands, as a member of the vBulletin QA Team focused in the application's security. I've worked with different project sizes, from small websites, to complex web applications and Web Services.
- Maintaining Windows Server 2008 domain controllers - Maintaining Exchange server 2003 - Maintaining TMG 2010 - Maintaining Cisco routers and switches - Maintaining and servicing workstations, job applications and software - Migration domain controllers - Server and data backup - Establishing IT helpdesk based on Spiceworks - Establishing local test Elastix PBX and connecting remote locations via VoIP using VPN - Projecting building cabeling - Revision IT contracts
•Overall 8+ years of experience in Web Application Penetration Testing/ Vulnerability Assessment and Manual Testing. •Strong Hands-on Experience in Tools like Acunetix, IBM Appscan. Nessus, Nmap, Paros, Burp Suite, Web Scarab. •Worked on major application security testing tools available (both open source and commercial tools). •Trained on ISMS/ISO27001 Lead Auditor. •Continuous research on latest vulnerabilities & exploits •Strong Knowledge in SDLC and STLC. •Excellent in Project management, coordination and client interfacing Skills. •Fair knowledge on Mobile Application Penetration Testing (IOS & Android).