Skip to main content
AA
Open to opportunities

Ayesha Ali

@ayeshaali3

OSCP+ penetration tester delivering risk-prioritized findings and developer-ready fixes.

Pakistan
Message

What I'm looking for

I’m looking for a team where I can lead full-cycle offensive security work—web, APIs, and AD—deliver evidence-backed, CVSS-scored findings, and provide developer-ready remediation guidance while continuing bug bounty and threat-focused testing.

I’m an Offensive Security Certified Professional Plus (OSCP+) with 3+ years of hands-on experience in web application, API, Active Directory, cloud, and infrastructure penetration testing. I focus on finding real attack paths—not just isolated bugs—and translating them into actionable, risk-prioritized remediation.

In my current role as a Penetration Tester, I lead full-cycle engagements for enterprise clients, uncovering sophisticated attack chains across web apps, REST APIs, mobile platforms, and infrastructure. I also run Active Directory security assessments, simulating threat actor tactics like lateral movement and privilege escalation, with attack path mapping to highlight critical weaknesses.

My testing approach is structured and evidence-driven: I validate issues like SQLi, XSS, CSRF, IDOR, SSRF, broken authentication, and session management flaws using tools such as Burp Suite Pro, OWASP ZAP, and SQLMap. I provide CVSS-scored reports with clear reproduction steps and developer-ready guidance tailored for both technical and non-technical stakeholders.

I complement corporate testing with an active bug bounty track record on YesWeHack and Standoff365, specializing in auth bypasses, business logic vulnerabilities, and API misconfigurations that scanners often miss. I’ve also built strong results in international CTFs and received Hall of Fame recognition from companies including Google, Pinterest, and OPPO.

Experience

Work history, roles, and key accomplishments

SE
Current

Penetration Tester

SecurityWall

Jul 2025 - Present (1 year)

Lead full-cycle penetration testing engagements across web applications, REST APIs, mobile platforms, and infrastructure, identifying critical vulnerabilities and attack chains. Conduct Active Directory assessments and web exploitation for issues such as SQLi, XSS, CSRF, IDOR/BOLA, and SSRF, delivering CVSS-scored findings with remediation guidance.

YesWeHack logoYE
Current

Bug Bounty Hunter

YesWeHack

Jun 2025 - Present (1 year 1 month)

Identify and responsibly disclose OWASP Top 10 vulnerabilities, including Broken Access Control, IDOR, SSRF, Broken Authentication, and Injection issues. Perform API security testing on REST endpoints and report findings with severity and business impact analysis.

Standoff365 logoST

Bug Bounty Hunter

Standoff365

Jun 2024 - May 2026 (1 year 11 months)

Specialize in authentication bypasses, business logic vulnerabilities, and API misconfigurations that automated scanners often miss. Follow a structured penetration testing workflow (scoping, recon, enumeration, exploitation, and responsible disclosure) across program targets.

Education

Degrees, certifications, and relevant coursework

VP

Virtual University of Pakistan

Bachelor of Science, Computer Science

2024 - 2028

Pursuing a Bachelor of Science in Computer Science at Virtual University of Pakistan from October 2024 to October 2028.

Get matched with your dream remote job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan