say User

SU

Open to opportunities

say User

@sayuser

Junior penetration tester focused on web and API security through hands-on exploitation.

What I'm looking for

I’m seeking remote opportunities with mentorship to grow as a security professional, while contributing to web application protection. I want to deliver practical web/API findings and expand my security automation with Python.

I’m a Junior Penetration Tester with hands-on web application security expertise and a full-stack development background. I’ve completed 40+ advanced PortSwigger labs, building practical mastery of the OWASP Top 10 and turning my findings into clear, detailed writeups.

I develop and publish custom security tools on GitHub, including an API Misconfiguration Scanner and utilities for common security reconnaissance. I also write Python automation scripts to streamline repetitive testing tasks, improving both efficiency and accuracy during security assessments.

My workflow blends active exploitation practice with disciplined documentation. I run practical penetration testing on web applications and APIs, identify and document vulnerabilities, and deepen exploitation technique understanding through CTF challenges and lab scenarios.

Before specializing in security, I built responsive web and desktop applications as a Full-Stack Web Developer using Python, Django, MySQL, JavaScript, and ElectronJS. That developer perspective strengthens how I approach root-cause analysis, secure coding practices, and how vulnerabilities emerge in real systems.

Experience

Work history, roles, and key accomplishments

SE

Current

Junior Penetration Tester

Current

Self-Directed

Jan 2025 - Present (1 year 5 months)

Completed 40+ advanced PortSwigger Burp Suite labs covering OWASP Top 10 vulnerabilities, with detailed writeups published on GitHub. Developed custom API misconfiguration scanning tools and Python automation scripts to streamline web and API penetration testing.

Penetration Testing OWASP Top 10 API Testing Burp suite Nmap Metasploit Python Security Automation Wireshark

SE

Full-Stack Web Developer

Self-Directed

Jan 2023 - Jan 2025 (2 years)

Built responsive web and desktop applications using Python, Django, MySQL, JavaScript, and ElectronJS. Applied secure coding practices and developed functional platforms used for security testing and penetration testing training.

Python Django JavaScript MySQL REST APIs Secure Coding Web Application Architecture desktop application development

Education

Degrees, certifications, and relevant coursework

say hasn't added their education

Don't worry, there are 90k+ talented remote workers on Himalayas

Browse remote talent

Tech stack

Software and tools used professionally

GitHub

MySQL

Gmail

Django

JavaScript

PHP

Wireshark

Burp Suite

Nmap

Metasploit

Bash

Remote

Availability

Open to opportunities

Location

Iran

Authorized to work in

Portfolio

github.com/sayhellotohacker

Social media

Job categories

Penetration Tester Full Stack Web Developer API Specialist Security Automation Engineer Penetration Testing Freelance Penetration Tester Penetration Testing Jobs Junior Penetration Tester Security Tester

Interested in hiring say?

You can contact say and 90k+ other talented remote workers on Himalayas.

People also viewed

View all talent

Find your dream job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!