Ayesha Ali
@ayeshaali3
OSCP+ penetration tester delivering risk-prioritized findings and developer-ready fixes.
What I'm looking for
I’m an Offensive Security Certified Professional Plus (OSCP+) with 3+ years of hands-on experience in web application, API, Active Directory, cloud, and infrastructure penetration testing. I focus on finding real attack paths—not just isolated bugs—and translating them into actionable, risk-prioritized remediation.
In my current role as a Penetration Tester, I lead full-cycle engagements for enterprise clients, uncovering sophisticated attack chains across web apps, REST APIs, mobile platforms, and infrastructure. I also run Active Directory security assessments, simulating threat actor tactics like lateral movement and privilege escalation, with attack path mapping to highlight critical weaknesses.
My testing approach is structured and evidence-driven: I validate issues like SQLi, XSS, CSRF, IDOR, SSRF, broken authentication, and session management flaws using tools such as Burp Suite Pro, OWASP ZAP, and SQLMap. I provide CVSS-scored reports with clear reproduction steps and developer-ready guidance tailored for both technical and non-technical stakeholders.
I complement corporate testing with an active bug bounty track record on YesWeHack and Standoff365, specializing in auth bypasses, business logic vulnerabilities, and API misconfigurations that scanners often miss. I’ve also built strong results in international CTFs and received Hall of Fame recognition from companies including Google, Pinterest, and OPPO.
Experience
Work history, roles, and key accomplishments
Penetration Tester
SecurityWall
Jul 2025 - Present (1 year)
Lead full-cycle penetration testing engagements across web applications, REST APIs, mobile platforms, and infrastructure, identifying critical vulnerabilities and attack chains. Conduct Active Directory assessments and web exploitation for issues such as SQLi, XSS, CSRF, IDOR/BOLA, and SSRF, delivering CVSS-scored findings with remediation guidance.
Bug Bounty Hunter
YesWeHack
Jun 2025 - Present (1 year 1 month)
Identify and responsibly disclose OWASP Top 10 vulnerabilities, including Broken Access Control, IDOR, SSRF, Broken Authentication, and Injection issues. Perform API security testing on REST endpoints and report findings with severity and business impact analysis.
Bug Bounty Hunter
Standoff365
Jun 2024 - May 2026 (1 year 11 months)
Specialize in authentication bypasses, business logic vulnerabilities, and API misconfigurations that automated scanners often miss. Follow a structured penetration testing workflow (scoping, recon, enumeration, exploitation, and responsible disclosure) across program targets.
Education
Degrees, certifications, and relevant coursework
Virtual University of Pakistan
Bachelor of Science, Computer Science
2024 - 2028
Pursuing a Bachelor of Science in Computer Science at Virtual University of Pakistan from October 2024 to October 2028.
Availability
Location
Authorized to work in
Job categories
Skills
Interested in hiring Ayesha?
You can contact Ayesha and 90k+ other talented remote workers on Himalayas.
Message AyeshaGet matched with your dream remote job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
