About Mariano
As a highly skilled and detail-oriented Penetration tester, I am seeking everyday to improve my expertise in ethical hacking, red teaming, vulnerability assessment and security testing to identify and mitigate risks within complex IT infrastructures.
Proficient in using advanced tools such as Burp Suite Professional, Metasploit, ffuf, Nikto, Nmap, WPScan, netexec, and testssl for comprehensive penetration testing.
Skilled in conducting vulnerability assessments with Greenbone and Nessus Expert to identify and remediate security risks.
Possess expertise in identifying and exploiting vulnerabilities such as XXE, RXSS, SXSS, SSRF, IDOR, SQL Injection (SQLi), Local File Inclusion (LFI), Remote File Inclusion (RFI), and file upload attacks.
Utilize OSINT tools including 4iQ, Shodan, FOFA, Maltego, FOCA, Gospider, and Google Dorks to gather actionable information.
Apply tools and techniques for internal assessments, including LaZagne, PowerUp, PowerView, Mimikatz, Inveigh, Pypykatz, samdump2, ldapsearch, bloodhound, impacketkit, and windapsearch.
Demonstrate ability in advanced pivoting and lateral movement using ligolo-ng for secure and effective network penetration testing.
Some of my soft skills:
● Problem solving
● Effective Communication
● Time management
● Persistence
● Teamwork
Spanish
Native or bilingual
English
Fluent
Remote only
Primarily works remotely
Experience
- KPMGPenetration testerTELECOMMUNICATIONSAugust 2020 - Today (5 years and 10 months)Spain
- Execute comprehensive Vulnerability Assessments and Penetration Testing (VAPT) projects across diverse domains, including infrastructure, networks, web applications and APIs.
- Conduct in-depth security assessments for over 100 client applications and systems, providing actionable recommendations to strengthen their security posture.
- Perform black-box/grey-box VAPT exercises, leveraging advanced techniques to identify and remediate vulnerabilities with precision and efficiency.
- Manage end-to-end client engagements, maintain clear communication, and deliver high-quality results within defined timelines.
- Conduct internal and external infrastructure security assessments, simulating real-world attack scenarios on Enterprise Active Directory (AD) environments to evaluate and enhance security resilience.
- Demonstrate extensive knowledge of the OWASP Penetration Testing Checklist and deliver exceptional reporting with clarity and detail.
- SevenShiftSecurity and Web Development InternTELECOMMUNICATIONSMarch 2020 - July 2020 (4 months)Madrid, Spain
- Man-in-the-Middle (MitM) Simulation: Implemented MitM attacks using Mosquitto (MQTT broker) and HAProxy to intercept and manipulate IoT traffic, demonstrating risks in unsecured message brokering.
- Protocol & Traffic Analysis: Captured and analyzed network communications of a BLE (Bluetooth Low Energy) smart bulb with Wireshark, identifying protocol weaknesses, insecure transmissions, and potential attack vectors.
- IoT Pentesting & Security Assessment: Conducted penetration testing on IoT devices focusing on MQTT and BLE, testing authentication, encryption, and resilience against spoofing or replay attacks.
- Web Security & Maintenance: Developed, maintained, and secured a WordPress website, applying hardening practices (secure configurations, patch management, plugin vulnerability assessments, WAF implementation).
Recommendations
Be the first to recommend Mariano
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Higher Technician in Computer Network Systems ManagementIES Francisco de Goya2020
Certifications
- Certified Penetration Testing Specialist (CPTS)Hack The Box2025