Cybersecurity Analyst & Penetration Tester
BRADU NICHITA
OWASP Top 10  ·  Web AppSec  ·  Penetration Testing
Berlin, Germany

Conducting authorised web application penetration tests and delivering professional client security reports. Real engagements. Verified results. No fluff.

View Engagements → Get in Touch LinkedIn
Scroll to explore
3Featured Engagements
4Conference Papers
9+Vulnerabilities Found
ASSL Labs Grade on Qualys
About

WHO I AM

I'm a Cybersecurity Analyst and Penetration Tester based in Berlin, currently conducting authorised security assessments on live web applications and delivering professional vulnerability reports to clients at B&B Innovation.

My work follows OWASP Top 10 methodology end-to-end — from passive reconnaissance and attack surface mapping through to SSL/TLS auditing, HTTP header analysis, and verified remediation. Every engagement ends with CVSS scores, business impact analysis, and a prioritised P0–P2 fix roadmap.

I'm pursuing a B.Sc. in Cyber Security at IU International University of Applied Sciences Berlin (2026), and sitting CompTIA Security+ in June 2026. I've presented security research at 4 international conferences across Europe.

  profile.json
LocationBerlin, DE
RoleSec Analyst / Pentester
EmployerB&B Innovation
DegreeB.Sc. Cyber Security '26
Next CertCompTIA Sec+ Jun '26
Phone+49 152 07701335
LanguagesEN · RO · RU · DE(A1)
MethodologyOWASP Top 10
Security Engagements

CLIENT WORK

Web Application Pentest — B2B SaaS Client
Authorised · External Assessment · Confidential
Feb 2026
Full OWASP-aligned external penetration test on a live production web application. Covered passive reconnaissance (whois, nslookup, DNS enumeration), service fingerprinting, SSL/TLS configuration audit, HTTP security header analysis, DNSSEC verification, and attack surface mapping. Identified 4 vulnerabilities across severity levels. Delivered formal security report with CVSS scores, business impact analysis, and a P0/P1/P2 remediation roadmap.
CRITICAL — Missing HTTP Headers (CVSS 7.5) MEDIUM — IPv6 SSL Mismatch MEDIUM — DNSSEC Not Enabled LOW — Server Version Disclosure
Initial
6/10 Post-Fix
9/10
Server Security Audit — Infrastructure Client
Authorised · Independent · Server Hardening Assessment · Confidential
Feb 2026
Comprehensive OWASP-aligned server audit covering four critical domains: SSL/TLS validation using testssl.sh and Qualys SSLLabs, SSH hardening configuration review, HTTP security headers analysis, and Nmap-based attack surface mapping. Delivered a structured findings report with prioritised recommendations. Client security posture measurably improved following remediation.
SSL/TLS Audit SSH Hardening HTTP Headers Attack Surface Mapping
Web Security Audit — E-Commerce Client
Non-Intrusive OWASP-Aligned Analysis · Confidential
Jan 2026
Non-intrusive OWASP-aligned web security review of a live production site. Focused on transport security, HTTP security headers, cookies & sessions, and client-side JavaScript exposure. Identified missing CSP, server version disclosure, and redundant headers. All findings remediated by the developer post-report.
Missing CSP Server Version Disclosure Redundant Headers ✓ All Issues Remediated
Professional Experience

EXPERIENCE

NOV 2025
→ PRESENT
Cybersecurity Analyst & Penetration Tester
B&B Innovation · Berlin
  • Execute end-to-end authorised penetration tests on live client web applications following OWASP Top 10 methodology — scoping, passive recon, service fingerprinting, exploitation, and fix verification
  • Assess OWASP Top 10 categories: HTTP headers (CSP, HSTS, X-Frame-Options), SSL/TLS, DNSSEC, cookie security, and brute-force defenses
  • Deliver professional client reports with CVSS scores, Critical/High/Medium/Low ratings, evidence, and P0–P2 remediation roadmaps across 3+ engagements
  • Improved client security posture from 6/10 to a projected 9/10 with a single targeted nginx configuration change
Skills & Tools

TECHNICAL SKILLS

Pentesting
OWASP Top 10Penetration TestingVulnerability AssessmentCVSS ScoringAttack Surface MappingFix VerificationClient Reporting
Tools
Kali LinuxnmapBurp SuiteQualys SSL Labstestssl.shWiresharkdigwhoisnslookupcurl
Web Security
HTTP Security HeadersSSL/TLS HardeningDNSSECCSPHSTSCookie Securitynginx ConfigSSH Hardening
Languages
English C1Romanian (Native)Russian (Fluent)German A1
Research & Publications

PUBLISHED RESEARCH

01
Securing the Future
Published Conference Paper · July 2025
DOI: 10.53486/csc2025.14 ↗
02
Cyber Security and Risk Management in the Digital Age
International Teleconference of Young Researchers (14th Ed.) · Chișinău, Moldova · March 2025 · Co-author: Prof. S. A. Ohrimenco
03
Building Digital Trust in Document-Centric Systems
ICAICTSEE 2024 · UNWE Sofia, Bulgaria · December 2–3, 2024
04
Cyber Security Threats — Modern IT in National Police Activities
Research Talk (Online) · November 2022
Contact

LET'S WORK
TOGETHER

Available for security assessments, penetration testing engagements, and full-time cybersecurity roles in Berlin and remote. Professional reports. Actionable remediation. Fast response.

Emailbradusecure@gmail.com LinkedInNichita Bradu Phone+49 152 07701335
whois bradu-nichita
Name:     Bradu Nichita Role:     Cybersecurity Analyst Location: Berlin, DE Status:   Open to opportunities  
nmap --skills bradu
443/tcp open  OWASP Pentesting 80/tcp  open  Client Reporting 22/tcp  open  Security Research  
cat availability.txt
Available. Reply time: fast.