Khalim Cissé
Willingboro,NJ
Summary
Cybersecurity professional with 3+ years of experience in threat intelligence, penetration testing, and security operations. Proven ability to identify advanced threats and vulnerabilities (OWASP Top 10, SQLi, XSS, CSRF, SSRF), research adversary tactics, and translate technical findings into clear, actionable intelligence. Skilled in writing technical reports and collaborating with internal teams and external researchers. Enthusiastic and curious team player with experience using OSINT, SAST/DAST tools, and structured analytic techniques.
Overview
3
3
years of professional experience
1
1
Certification
Work History
Product Security Analyst
HackerOne
12.2023 - Current
- Triaged and reproduced vulnerability reports from global hackers; evaluated each issue based on customer-specific threat models using CVSS scoring metrics.
- Drafted full-disclosure reports with step-by-step reproduction, severity assessments, and mitigation guidance tailored to both technical and non-technical audiences.
- Collaborated with hackers and internal teams to identify missing report information, validate impact, and educate contributors on secure reporting standards.
- Facilitated seamless communication between researchers and clients through structured workflows, partnering with Customer Success to ensure smooth triage processes.
- Utilized SAST and DAST tools (Burp Suite, Frida) to verify vulnerabilities and assess application-layer weaknesses.
- Applied structured analytic techniques, including Analysis of Competing Hypotheses to reduce bias during ambiguous triage evaluations.
- Delivered technical briefings and security insights across teams, highlighting root causes and threat implications of confirmed vulnerabilities.
Bug Bounty Researcher
Independent / Volunteer
01.2022 - Current
- Identified subdomains, endpoints, and input vectors through bug bounty reconnaissance; tested for common vulnerabilities (SQLi, XSS, CSRF, SSRF, LFI, etc.) in accordance with OWASP Top 10.
- Discovered and reported security flaws to program owners with precise technical write-ups and PoC evidence.
- Conducted OSINT investigations using tools like Shodan and VirusTotal to enrich vulnerability context and identify attacker infrastructure.
- Produced clear, reproducible steps with severity analysis using CVSS, enhancing credibility and triage success on platforms such as HackerOne.
- Continuously refined testing workflow and toolkit (Burp Suite, Python scripts, recon tools) to adapt to emerging threats and hardened applications.
Associate Cybersecurity Penetration Tester
CliftonLarsonAllen (CLA)
06.2022 - 07.2023
- Led external penetration tests using five-phase methodology; identified vulnerabilities using Nmap, Nessus, Metasploit, and followed up with full technical reports and remediation strategies.
- Executed internal AD-based tests leveraging Responder (LLMNR poisoning), BloodHound (privilege mapping), Kerberoasting, and ADCS attacks to identify lateral movement and escalation opportunities.
- Designed targeted phishing campaigns using Gophish, measuring end-user susceptibility and gathering credentials to demonstrate exploitability.
- Conducted quarterly vulnerability scans with Nessus, reviewed results using CVSS/CVE/NVD/ExploitDB, and communicated severity and remediation with clients.
- Leveraged MITRE ATT&CK to contextualize offensive findings within real-world adversary tactics for client advisory reports.
- Initiated OSINT-based recon campaigns (Shodan, VirusTotal, Maltego) to discover external exposure and threat intelligence during assessments.
- Maintained consultative communication with clients and cross-functional teams to ensure actionable insights were understood and implemented.
Education
Master of Science - Cybersecurity & Information Assurance
Western Governors University
04.2026
Bachelor of Science - Cybersecurity and Networks
University of New Haven
West Haven, CT05.2021
Skills
- Python
- Bash Scripting
- SQL
- Kali Linux
- Maltego
- Shodan
- Windows AD
- Active Directory
- Volatility
- Wireshark
- Snort
- Cyber Forensics
- Virtual Machines
- OWASP Top 10
- Nessus
- Burp Suite
Certification
- ISC2: Certified in Cybersecurity
- COMPTIA: PENTEST+
Timeline
Product Security Analyst
HackerOne
12.2023 - Current
Associate Cybersecurity Penetration Tester
CliftonLarsonAllen (CLA)
06.2022 - 07.2023
Bug Bounty Researcher
Independent / Volunteer
01.2022 - Current
Master of Science - Cybersecurity & Information Assurance
Western Governors University
Bachelor of Science - Cybersecurity and Networks
University of New Haven
Similar Profiles
Alyona VysotskaAlyona Vysotska
Senior Product Manager at HackerOneSenior Product Manager at HackerOne
Khalim CisseKhalim Cisse
Product Security Analyst at HackerOneProduct Security Analyst at HackerOne
ORI LEVIORI LEVI
Bug Hunter at HackerOneBug Hunter at HackerOne
Brianna WilliamsBrianna Williams
Registered Nurse, Neurological PCU at Virtua Our Lady of LourdesRegistered Nurse, Neurological PCU at Virtua Our Lady of Lourdes
Jenessy CorderoJenessy Cordero
Volunteer at Riverview Post Acute Care CenterVolunteer at Riverview Post Acute Care Center