[YOUR NAME]
[City, State] | [Phone Number] | [Email Address]
LinkedIn: [Profile URL]

PROFESSIONAL SUMMARY
Security-focused QA analyst with 6+ years of experience conducting vulnerability assessments and penetration testing. Expert in identifying security flaws in web applications, APIs, and mobile apps. Proven track record of preventing data breaches through comprehensive security testing. Strong knowledge of OWASP Top 10, security standards, and compliance requirements.

TECHNICAL SKILLS
Security Tools: Burp Suite Professional, OWASP ZAP, Nmap, Metasploit, Wireshark, Acunetix, Nessus
Testing Types: Penetration Testing, Vulnerability Assessment, Security Testing, Compliance Testing, Code Review
Security Standards: OWASP Top 10, PCI DSS, GDPR, HIPAA, SOC 2, ISO 27001
Programming: Python (Advanced), JavaScript, SQL, Bash scripting
Technologies: Web Application Security, API Security, Mobile App Security, Network Security
Tools: JIRA, Kali Linux, SQLMap, Nikto, John the Ripper
Methodologies: OWASP Testing Guide, PTES (Penetration Testing Execution Standard)

PROFESSIONAL EXPERIENCE

Senior Security QA Analyst | [Current Company Name], [City, State] | [Month Year - Present]
- Lead security testing for enterprise SaaS platform handling sensitive customer data for 500+ organizations
- Conduct penetration testing identifying critical vulnerabilities including SQL injection, XSS, and authentication bypasses
- Perform security code reviews identifying insecure coding practices and recommending secure alternatives
- Identified 85+ security vulnerabilities including 12 critical issues preventing potential data breaches
- Test authentication and authorization mechanisms validating role-based access controls and session management
- Conduct API security testing identifying injection flaws, broken authentication, and excessive data exposure
- Perform security testing for compliance with PCI DSS, GDPR, and SOC 2 requirements
- Collaborate with development team to implement security fixes and validate remediation effectiveness

Security QA Analyst | [Previous Company Name], [City, State] | [Month Year - Month Year]
- Performed vulnerability assessments for web applications using Burp Suite and OWASP ZAP
- Tested for OWASP Top 10 vulnerabilities including injection attacks, broken authentication, and sensitive data exposure
- Conducted mobile application security testing identifying insecure data storage and weak cryptography
- Performed network security testing using Nmap and Nessus identifying exposed services and misconfigurations
- Tested SSL/TLS implementation validating certificate configuration and encryption strength
- Conducted security testing for password policies, account lockout mechanisms, and forgot password flows
- Created detailed security test reports with risk ratings, exploitation steps, and remediation recommendations
- Reduced security vulnerabilities by 75% through proactive security testing program

QA Security Tester | [Earlier Company Name], [City, State] | [Month Year - Month Year]
- Executed security test cases for financial services applications handling customer financial data
- Tested input validation and sanitization preventing SQL injection and XSS attacks
- Performed session management testing identifying session fixation and session hijacking vulnerabilities
- Tested file upload functionality for malicious file upload and directory traversal vulnerabilities
- Conducted security testing for third-party integrations and API endpoints
- Validated security logging and monitoring capabilities for incident detection
- Participated in security incident response and root cause analysis

EDUCATION
[Degree Name] in [Major]
[University Name], [City, State]
Graduated: [Month Year]

CERTIFICATIONS
Certified Ethical Hacker (CEH) - [Year]
Offensive Security Certified Professional (OSCP) - [Year]
ISTQB Certified Tester Foundation Level (CTFL) - [Year]
GIAC Web Application Penetration Tester (GWAPT) - [Year]

ADDITIONAL INFORMATION
- Active participant in bug bounty programs with recognized findings
- Contributor to OWASP projects and security research community
- Experience conducting security training for development teams