Available for remote / relocation

SHERWIN
ENAYATI

Penetration Tester  ·  Web & Network Security
4+ Years Experience
3 Companies
6 Certifications
Get in Touch GitHub
Scroll to explore
01

About

Cyber Security Engineer and Penetration Tester with over four years of hands-on experience conducting internal and external security assessments across web applications, enterprise networks, and Active Directory environments.

Strong background in exploitation, privilege escalation, phishing simulations, and delivering clear, actionable remediation reports for both technical and non-technical stakeholders.

Active participant in bug bounty and responsible disclosure programs. Continuously expanding expertise through independent research and engagement with global security research communities.

Specialisations
Web App Pentesting Network Security Active Directory Privilege Escalation Phishing Simulations Vulnerability Research Bug Bounty OWASP Top 10
Languages
Persian — Native English — Professional Japanese — Basic Spanish — Basic
Education
B.S. Computer Engineering (In Progress)
02

Experience

Jan 2024 — Present
Keepa
Shiraz, Iran
Security Engineer
  • Conduct internal and external penetration tests on web applications, APIs, and network segments.
  • Identify critical, high, and medium-risk vulnerabilities in sensitive organisational systems including government-related and enterprise infrastructure, with detailed remediation guidance.
  • Assess Active Directory environments for misconfigurations, credential exposure, and privilege escalation paths.
  • Produce executive and technical reports including risk ratings, attack scenarios, and mitigation steps.
Sep 2022 — Dec 2023
Spara Security Group
Tehran, Iran
Penetration Tester
  • Performed penetration tests on mission-critical government and enterprise systems covering web, network, and internal infrastructure.
  • Discovered and validated high-impact security flaws and coordinated remediation with client technical teams.
  • Re-tested fixed vulnerabilities and improved overall remediation quality and closure consistency.
Nov 2021 — Aug 2022
Faraz Pajohan
Tehran, Iran
Junior Penetration Tester (Intern)
  • Conducted supervised web and network penetration testing using Burp Suite, Nmap, Metasploit, Wireshark, and SQLMap.
  • Assisted in vulnerability validation, proof-of-concept development, and technical reporting.
  • Gained hands-on experience with real-world attack scenarios and remediation verification.
Mar 2019 — Apr 2020
Aren
Iran
Full-Stack Developer (Intern)
  • Developed and maintained full-stack web applications using Node.js, Angular, and Microsoft SQL Server.
  • Designed RESTful APIs and implemented backend logic, authentication, and data validation.
  • Collaborated with frontend and backend teams to deliver stable, maintainable software solutions.
03

Skills & Tools

Offensive Security
Web App Pentesting Network Pentesting Active Directory Vulnerability Assessment Exploitation Privilege Escalation Phishing Simulations
Tools
Burp Suite Nmap Metasploit Nessus Wireshark SQLMap BloodHound CrackMapExec Impacket
Technologies
Linux Windows Active Directory TCP/IP DNS HTTP/HTTPS REST APIs Python
Standards & Reporting
OWASP Top 10 Secure Config Review Remediation Validation Executive Reporting Risk Rating Attack Scenarios
04

Certifications

LPIC-303
Linux Enterprise Professional Security
Anisa · 2022
LPIC-2
Linux Enterprise Professional
Anisa · 2021
LPIC-1
Linux Enterprise Professional
Anisa · 2021
Web Hacking Expert
Advanced Web Exploitation
Ravin · 2023
OWASP Top 10
Web Application Vulnerabilities
Ravin · 2022

Let's work
together.

Open to Penetration Tester and Offensive Security roles — remote or relocation considered. Reach out via any of the channels below.

Email
sherwin.enayati@gmail.com
LinkedIn
linkedin.com/in/sherwin-enayati
GitHub
github.com/itssherwin