Jimmi Simon

Intern

Slytherin edutech

• Worked on improving application and network security through hands-on penetration testing and security automation
• Executed penetration tests on web apps and internal networks, identifying multiple critical vulnerabilities.
• Conducted web and network penetration tests to identify critical vulnerabilities.
• Developed Python scripts that cut vulnerability scanning time by 30%.
• Investigated events using EDR, IDS/IPS, and threat intel platforms.
• Monitored, analyzed, and responded to security alerts using tools like Splunk, Suricata, and Wazuh.
• Performed secure code reviews and advised on remediation strategies.

Tools: Burp Suite, Nmap, Nessus, Splunk, Wireshark, Python

Capture the flag player

HackTheBox and tryhackme

• Ranked in the Top 50 HackTheBox players in Canada, competing against thousands of security professionals and students.
• Built custom scripts for faster exploitation and automation during competitions.
• Developed advanced skills in privilege escalation, reverse engineering, and OSINT.
• Used tools like Hydra, curl, and Burp Suite for real-time exploitation in lab environments

Tools: Python, curl, Burp Suite, Hydra, sqlmap, priv escalation tools, OSINT tools

Bug Bounty Hunter

HackerOne and Bugcrowd

• Identified and responsibly disclosed multiple security vulnerabilities including IDOR, XSS, subdomain takeover and misconfigurations in real-world web applications
• Reported bugs to private and public programs, receiving acknowledgment from program owners for valid submissions
• Performed reconnaissance, endpoint enumeration, and payload crafting for bypassing WAF and logic-based vulnerabilities
• Improved understanding of real-world attack surfaces, including OAuth flaws, session handling, and insecure storage
• Built personal scripts in Python and Bash to automate scanning, subdomain discovery, and token fuzzing

Tools: Burp Suite, Nmap, FFUF, Amass, Sublister, Dirbuster, OWASP ZAP, custom Python scripts

AWS IAM Security with MFA Enforcement and Real-Time Monitoring

Designed and implemented AWS IAM Role-Based Access Control (RBAC) using user groups and custom policies. Enforced Multi-Factor Authentication (MFA) for all sensitive roles using IAM condition policies. Enabled AWS CloudTrail to log account-wide activities, including login attempts, policy changes, and access to services. Integrated CloudTrail with CloudWatch Logs and created metric filters to detect root logins and MFA deactivations. Configured CloudWatch Alarms and SNS to trigger real-time email alerts on security events. Verified the monitoring system through hands-on simulation and testing, ensuring end-to-end detection and alerting

Tools: AWS IAM, AWS CloudTrail, AWS CloudWatch, AWS SNS, AWS S3

Wazuh Extended detection and response (XDR) implementation

Designed and implemented an open-source XDR solution using Wazuh to simulate enterprise-grade threat detection. Integrated real-time alerting, log analysis, and file integrity monitoring across Linux and Windows endpoints. Reduced incident response time by 20% using real-time event correlation and custom rules. Configured IDS/IPS integration, vulnerability scanning, and centralized alert dashboards.Used Wazuh Manager, Agents, and Elastic Stack for complete SIEM-like monitoring.

Tools: Wazuh, Windows/Linux

Secure Password Manager on AWS

Built a secure, cloud-native password management system hosted on AWS. Architected the infrastructure using isolated private subnets and integrated WAF for application-layer defense.Implemented network segmentation and firewall policies to prevent lateral movement.Used S3 for secure log storage and CloudWatch for continuous monitoring.Ensured encryption at rest and in transit

Tools: AWS EC2, VPC, S3, WAF, IAM, CloudWatch

CTF and Bug bounty Automation Toolkit

Created a set of custom Python tools to automate reconnaissance and exploitation tasks during CTF and bug hunting. Automated port scanning, subdomain enumeration, and payload crafting.Automated subdomain discovery, directory brute-forcing, and token fuzzing.Ensured accuracy of the custom made tool often

Tools: Python, Bash, Nmap, curl

Blood Donation app

Developed a blood donation Android application during the COVID-19 pandemic to connect individuals in urgent need of blood with available donors

Tools: Flutter