← All Experience
JARRED CARTER
SECURITY ENGINEER • FITNESS INSTRUCTOR • MODEL
--:-- [NY] --

Penetration Testing Engineer

Adversarial security testing and vulnerability management for a regional bank's enterprise infrastructure: identifying, prioritizing, and translating critical findings into actionable remediation strategies for both technical teams and executive leadership.

[SCROLL TO EXPLORE]

Penetration Testing Vulnerability Assessment Incident Response Enterprise Security
Visit Site
City National Bank Logo
Playbook

The Problem

Enterprise infrastructure is only as secure as its weakest component. City National Bank needed adversarial eyes on its systems. Not just automated scans, but human-led penetration testing that could uncover the kinds of vulnerabilities that slip past conventional monitoring. The challenge wasn't just finding issues, it was translating deeply technical findings into risk-based language that both security teams and executive stakeholders could act on, while keeping vulnerability management continuous rather than episodic.

The challenge is that engineering and operations teams weren't consistently using the security tooling, and the vulnerability process management lacked the structure needed to catch and remediate issues before they reached production, thus putting the integrity of law served to 40,000+ users at risk.

What's Included

  • Adversarial testing and vulnerability assessments across enterprise infrastructure
  • Risk-based remediation recommendations translated for both technical and executive audiences
  • Vulnerability scanning, detection, and monitoring system operations
  • Cross-functional prioritization of vulnerabilities by risk, exploitability, and asset criticality
  • Incident response and threat analysis including malware payload analysis and email investigation
  • MITRE ATT&CK-aligned TTP identification using Wireshark and supporting security tooling

Impact

Served as the technical bridge between security and business units at a regional bank, where the cost of a missed vulnerability isn't abstract; rather, it's regulatory, financial, and reputational. By combining hands-on adversarial testing with clear stakeholder communication, findings moved faster from discovery to remediation, and the SOC, infrastructure, and IT ops teams had a shared prioritization framework they could actually work from.

Security documentation

Technical Stack

  • Metasploit: exploitation framework for adversarial testing
  • Nmap: network scanning and reconnaissance
  • Nessus: vulnerability scanning
  • Wireshark: network traffic analysis and anomaly detection
  • MITRE ATT&CK: TTP mapping and threat analysis framework
  • Burp Suite: web application security testing

[NEXT]

Information Systems Specialist I