Summary
Overview
Work History
Education
Skills
Certification
Timeline
background-images

Christian Gonzalez

Houston,Texas

Summary

  • Offensive security professional with 5+ years of penetration testing experience and 14 years in IT. Specializing in web applications, cloud security, and network security assessments. Adept at identifying, exploiting, and remediating vulnerabilities across enterprise infrastructures. Holds multiple industry-recognized certifications and currently pursuing Burp Suite Certified Practitioner.
  • Expertise in web application, API, cloud (AWS, Azure - junior level), and internal network penetration testing.
  • Extensive experience in cybersecurity consulting, including pre- and post-engagement reporting and remediation strategies.
  • Proficient in red teaming tactics, Active Directory exploitation, phishing campaigns, and assumed breach scenarios.
  • Skilled in penetration testing tools: Burp Suite, Nmap, Metasploit, Wireshark, Nessus, Nexpose, OWASP ZAP, Postman, CrackMapExec, BloodHound, Impacket.
  • Holds OSCP, CRTO, CompTIA Security+, Network+, and CEH.

Overview

9
9
years of professional experience
1
1
Certification

Work History

Penetration Tester Lead

InfoSystems
01.2024 - Current
  • Conduct compliance and auditing assessments, ensuring adherence to industry security standards
  • Lead cloud security assessments for AWS and Azure environments, focusing on basic misconfigurations and privilege escalation
  • Conduct web application security assessments, identifying and mitigating OWASP Top 10 vulnerabilities
  • Architect and build Red Team infrastructure, including command and control (C2) environments, automation, and evasion techniques
  • Provide executive-level reporting, presenting security risks and recommendations to leadership teams

Penetration Tester

AT&T
12.2023 - 12.2024
  • Company Overview: Consultant
  • Conducted internal and external network penetration testing for enterprise clients
  • Performed web application and API security assessments, identifying OWASP Top 10 vulnerabilities
  • Executed cloud security assessments for AWS and Azure environments, identifying misconfigurations and privilege escalation paths at a junior level
  • Conducted Active Directory security testing, including Kerberoasting, NTLM relay, and lateral movement techniques
  • Created comprehensive penetration test reports and guided clients through remediation steps
  • Consultant

Penetration Tester

U.S. Bank
11.2019 - 12.2023
  • Conducted internal, web application, API, and mobile application penetration tests
  • Performed cloud security assessments, identifying IAM misconfigurations, privilege escalation paths, and data exposure risks at a junior level
  • Tested containerized environments (Docker, Kubernetes) for security weaknesses
  • Developed custom scripts in Python and PowerShell to automate reconnaissance and exploit development
  • Led assumed breach engagements, leveraging BloodHound, CrackMapExec, and Impacket to assess AD security posture
  • Delivered detailed vulnerability reports with risk analysis and remediation guidance

Sr. Security Engineer

IBM
02.2019 - 11.2019
  • Company Overview: FedRAMP
  • Conducted FedRAMP compliance testing for cloud environments
  • Managed vulnerability scanning (Tenable Nessus, Nexpose) and patch validation
  • Provided 24/7 incident response support, investigating security breaches and escalating threats
  • Wrote processes and procedures for vulnerability remediation
  • Assisted in forensic analysis and threat hunting using SIEM solutions
  • FedRAMP

Penetration Tester

Specialized Security Services (S3)
09.2018 - 02.2019
  • Conducted internal and external penetration testing, identifying security vulnerabilities across enterprise environments
  • Performed PCI ASV vulnerability scanning, firewall assessments, and security audits
  • Conducted physical security assessments and reported on security risks
  • Led engagements for PCI/NIST compliance testing
  • Executed social engineering campaigns, phishing attacks, and wireless security assessments

Sr. Vulnerability Analyst

Verizon
02.2016 - 09.2018
  • Identified and classified vulnerabilities in enterprise networks using Tenable Nessus, Qualys, and Nexpose
  • Conducted risk analysis and supported incident response investigations
  • Collaborated with red teams to assess and remediate AD vulnerabilities
  • Automated vulnerability scans and remediation tracking

Education

Bachelor of Science - Information Technology

Western Governors University

Associate of Applied Science - Computer Maintenance Technology

South Texas College

Skills

  • Penetration Testing
  • Red Teaming
  • Tools & Frameworks
  • Operating Systems
  • Cloud Security
  • Programming & Scripting
  • Security Standards

Certification

  • Offensive Security Certified Professional (OSCP)
  • Certified Red Team Operator (CRTO)
  • CompTIA Security+
  • CompTIA Network+
  • Certified Ethical Hacker (CEH)
  • Pursuing: Burp Suite Certified Practitioner

Timeline

Penetration Tester Lead

InfoSystems
01.2024 - Current

Penetration Tester

AT&T
12.2023 - 12.2024

Penetration Tester

U.S. Bank
11.2019 - 12.2023

Sr. Security Engineer

IBM
02.2019 - 11.2019

Penetration Tester

Specialized Security Services (S3)
09.2018 - 02.2019

Sr. Vulnerability Analyst

Verizon
02.2016 - 09.2018

Associate of Applied Science - Computer Maintenance Technology

South Texas College

Bachelor of Science - Information Technology

Western Governors University
Christian Gonzalez