Rizqi Maulana | Offensive Security Engineer

AVAILABLE FOR ENGAGEMENT · JAKARTA BARAT, ID

RIZQI
MAULANA

OFFENSIVE SECURITY ENGINEER

Penetration tester & vulnerability researcher dengan pengalaman hands-on VAPT untuk web, mobile, API, dan enterprise infrastructure. CRTP certified. 4+ tahun mengamankan sektor perbankan, fintech, dan enterprise di Indonesia.

VIEW EXPERIENCE → CONTACT ME

> hackcuih.com > blog > tools > linkedin

LIVE SHELL

rizqi@kali:~/vapt$

About

WHO I AM

Saya Rizqi Maulana — Offensive Security Engineer yang berfokus pada Vulnerability Assessment dan Penetration Testing (VAPT) untuk aplikasi web, mobile, API, dan infrastruktur enterprise. Berpengalaman langsung menguji sistem kritis di sektor perbankan, fintech, mining, retail, dan teknologi.

Terbiasa bekerja di bawah NDA ketat dengan institusi keuangan besar Indonesia, menggunakan metodologi OWASP Testing Guide dan PTES. Selain testing, saya juga mendukung deployment EDR CrowdStrike dan stress testing menggunakan Apache JMeter.

Years Active

10+

Banks Tested

13+

Certificates

Certifications & Achievements

CRTP

Altered Security

C3SA

Certified Cyber Security Analyst

CCEP

Cybersecurity Educator Pro

Qualys EDR

Endpoint Detection & Response

Imperva Partner

Imperva Overview

Seminar IT Security

Cyber Security For Personal

Kompetensi TKJ

Teknik Jaringan Komputer

PKL

PT. Garda Telekomunikasi

Technical Skills

Web Application Pentesting95%

API Security Testing93%

Mobile App Security (Android/iOS)88%

Network / Infrastructure87%

Vulnerability Assessment (VAPT)94%

Cloud Security Testing80%

Burp Suite Pro95%

Apache JMeter (Stress Testing)82%

Report Writing (Technical & Executive)92%

Education

Universitas Siber Asia

S1 Sistem Informasi · 2025 – Present

SMK YMIK

Teknik Komputer & Jaringan · 2015 – 2018

Work Experience

CAREER HISTORY

2022 – 2026

Securxcess

Senior IT Security Engineer (Offensive Security)

Led and executed VAPT engagements for web applications, mobile applications, APIs, and enterprise infrastructure across banking, financial services, mining, retail, and technology sectors.

Performed security testing on critical financial platforms including mobile banking applications, BNPL services, payment systems, SWIFT, RTGS, SKN, and digital financial ecosystems.

Conducted penetration testing for major financial institutions: Bank Commonwealth, Bank Woori Saudara, Bank Victoria International, Bank Sahabat Sampoerna, Bank Artha Graha Internasional, Bank INA Perdana, dan Bank Syariah Indonesia.

Delivered security assessments for BFI Finance, Adira Finance, Astra Digital (AstraPay), Awan Tunai, Mandiri Inhealth, dan Great Eastern Life Indonesia.

Performed comprehensive security testing using OWASP Testing Guide and PTES frameworks across web, mobile, API, wireless, cloud, and enterprise infrastructure.

Conducted server stress testing and performance testing using Apache JMeter to evaluate concurrency limits and performance bottlenecks under high-load conditions.

Supported Endpoint Detection and Response (EDR) deployment using CrowdStrike policy configuration.

Produced technical and executive penetration testing reports including proof-of-concept exploitation and remediation recommendations.

2018 – 2019

PT Multi Sukses Wahana Karya

IT Support

Installed and configured operating systems on desktop and server environments.

Performed network troubleshooting and connectivity diagnostics to resolve LAN/WAN issues.

Maintained and updated company websites including content management and basic technical support.

Created and optimized SEO content to improve website visibility and search engine ranking.

Community

BUG BOUNTY ACTIVITY

Aktif berpartisipasi dalam program bug bounty publik dan private — melaporkan celah keamanan secara bertanggung jawab kepada perusahaan di seluruh dunia melalui platform terpercaya.

YesWeHack

yeswehack.com

► Private & Public Programs

► Web & API Security Focus

► European Platform

AKTIF

HackerOne

hackerone.com

► World's Largest Platform

► Web, Mobile, Infra

► Global Enterprise Programs

AKTIF

RedStorm

redstorm.io

► Indonesia-focused Platform

► Local & Regional Programs

► Government & Enterprise

AKTIF

Hall of Fame & Apresiasi Vulnerability Disclosure

BSSN

Badan Siber Sandi Negara

GOV · APRESIASI

Kominfo

Kementerian Kominfo

GOV · APRESIASI

Transjakarta

Transportation / Gov

GOV · APRESIASI

Detik.com

Media / Portal Berita

APRESIASI

AIDO Health

Healthtech / Digital Health

PENTEST CERT

Fore Coffee

F&B / Retail Tech

APRESIASI

What I Do

SERVICES OFFERED

🌐

WEB APP PENTEST

Full OWASP Top 10 coverage, business logic testing, authentication bypass, dan custom exploit development untuk platform web.

Burp Suite ProSQLMapNucleiffuf

📱

MOBILE SECURITY

Android APK reverse engineering, iOS binary analysis, MITM on mobile traffic, certificate pinning bypass, dan local data storage review.

FridajadxObjectionMobSF

⚙

API SECURITY

REST & SOAP API testing, broken object level authorization, mass assignment, improper input validation, dan authentication flaws.

Burp SuitePostmanOWASP

🏢

NETWORK / INFRA

Internal/external network assessments, wireless infrastructure testing, firewall rule review, dan full infrastructure security evaluation.

NmapMetasploitWireshark

☁

CLOUD SECURITY

Cloud environment security assessment, IAM misconfiguration, exposed storage bucket, dan cloud-native attack path analysis.

ScoutSuiteProwlerAWS CLI

📊

STRESS TESTING

Server performance dan stress testing menggunakan Apache JMeter untuk evaluasi stabilitas sistem, concurrency limits, dan bottleneck.

Apache JMeterLoad Testing

Track Record

CLIENTS SERVED

Semua engagement dilakukan di bawah NDA. Ditampilkan dengan persetujuan umum.

Bank Commonwealth

Banking

Bank Woori Saudara

Banking

Bank Victoria Intl

Banking

Bank Sahabat Sampoerna

Banking

Bank Artha Graha

Banking

Bank INA Perdana

Banking

Bank Syariah Indonesia

Banking / Sharia

BFI Finance

Financial Services

Adira Finance

Financial Services

Astra Digital (AstraPay)

Fintech

Awan Tunai

Fintech / BNPL

Mandiri Inhealth

Healthcare

Great Eastern Life

Insurance

Sun Life Indonesia

Insurance

SWIFT / RTGS / SKN

Payment Systems

Various Mining & Retail

Multi-sector

OWASP A01 · Broken Access ControlOWASP A02 · Cryptographic FailuresOWASP A03 · SQL InjectionOWASP A04 · Insecure DesignOWASP A05 · Security MisconfigurationOWASP A07 · Auth FailuresOWASP A08 · Software Integrity FailuresPTES · Pentest Execution Standard OWASP A01 · Broken Access ControlOWASP A02 · Cryptographic FailuresOWASP A03 · SQL InjectionOWASP A04 · Insecure DesignOWASP A05 · Security MisconfigurationOWASP A07 · Auth FailuresOWASP A08 · Software Integrity FailuresPTES · Pentest Execution Standard

Arsenal

TOOL STACK

Burp Suite Pro

Web Testing

Nmap

Network Recon

Metasploit

Exploitation

SQLMap

SQLi Testing

Apache JMeter

Stress Testing

Frida

Mobile / Dynamic

jadx

Android Reverse

Objection

Mobile Runtime

CrowdStrike

EDR / Policy

VMware

Virtualization

Proxmox

Virtualization

VirtualBox

Virtualization

Kali Linux

OS / Platform

Windows Server

Infrastructure

Wireshark

Network Analysis

OWASP ZAP

Web Scanning

Get In Touch

HIRE ME FOR YOUR NEXT ENGAGEMENT

Tersedia untuk engagement jangka pendek maupun retainer. Berpengalaman dalam VAPT perbankan, fintech, dan enterprise.

Kontak Langsung

✉

rizqi2204@gmail.com

📞

WhatsApp / Phone

0895 6061 00901

📍

Lokasi

Jakarta Barat, DKI Jakarta

🌐

Website

hackcuih.com

Ketersediaan

Web / API PentestOPEN

Mobile SecurityOPEN

Network / InfraLIMITED

Retainer BulananPENUH