Andrew Resulto
@andrewresulto
Experienced penetration tester and red team specialist, delivering VAPT, adversary emulation, and AI-focused security assessments.
PhilippinesWhat I'm looking for
I’m an experienced Penetration Tester and Red Team professional specializing in vulnerability assessment and penetration testing across web applications, APIs, network infrastructure, and cloud infrastructure, including Active Directory domain penetration testing. I combine adversary emulation and exploit development to uncover critical vulnerabilities and simulate real-world attack scenarios, including mobile platforms.
In my recent roles, I’ve conducted internal and external VAPT for zero-trust web application solutions and cloud security products while partnering with product engineering to integrate security best practices across the development lifecycle. I also collaborate with Security Operations Center teams by running red team exercises with defensive monitoring (blue teaming), delivering actionable VAPT reporting and remediation guidance, and executing specialized red teaming for AI-driven product functionalities (LLM testing, phishing activities, and privilege escalation techniques).
Experience
Work history, roles, and key accomplishments
Penetration Tester
KMC Solutions / Zero Trust Segmentation Company
Jul 2023 - Present (2 years 11 months)
Conducted internal and external VAPT for zero-trust web applications, network infrastructure, cloud security products, and APIs. Performed red/blue teaming with Windows and cloud infrastructure, including phishing simulations and AI/LLM adversarial testing (e.g., data poisoning, model evasion).
Senior Penetration Tester
ION Management Solutions Inc.
Nov 2022 - Jun 2023 (7 months)
Performed internal and external VAPT for web applications, mobile apps (Android and iOS), and APIs. Produced client-ready reports with vulnerability risk ratings and remediation recommendations, and presented findings to technical and business stakeholders.
Senior Penetration Tester
Philippine Digital Asset Exchange (PDAX)
Aug 2022 - Nov 2022 (3 months)
Performed security testing on cryptocurrency platforms, covering both web and mobile applications, to identify and exploit vulnerabilities. Delivered VAPT reports with impact analysis and remediation steps, and presented results to technical teams and business stakeholders.
Penetration Tester
ERNI Philippines
Aug 2021 - Aug 2022 (1 year)
Performed vulnerability assessment and penetration testing on internally developed web and mobile applications, identifying issues such as authentication flaws, injection attacks, and insecure data handling. Extended assessments to CI/CD pipelines to help integrate security controls across the software development lifecycle.
Vulnerability and Exploit Protection
Aurecon Manila
Feb 2021 - Aug 2021 (6 months)
Supported continuous vulnerability management by scanning assets, identifying weaknesses, and coordinating remediation and risk mitigation. Managed security incident tickets end-to-end and investigated attack vectors and indicators of compromise to determine scope and impact.
IT Specialist - Cybersecurity
Philippine Cyberwarriors Co. Ltd.
Jan 2016 - Jan 2021 (5 years)
Conducted regular vulnerability assessments and penetration testing on client environments to identify risks in web applications and network infrastructure. Delivered prioritized remediation recommendations and provided technical troubleshooting and IT support for hardware, software, and network-related issues.
Education
Degrees, certifications, and relevant coursework
Andrew hasn't added their education
Don't worry, there are 90k+ talented remote workers on Himalayas
Tech stack
Software and tools used professionally
Availability
Location
PhilippinesAuthorized to work in
Job categories
Skills
Interested in hiring Andrew?
You can contact Andrew and 90k+ other talented remote workers on Himalayas.
Message AndrewFind your dream job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
