About Experience Projects Skills Blog Credentials Contact

EDGAR
HUÉMAC

Penetration Tester & Cybersecurity Engineer

View Work ↓ Get in touch

6+Years in
cybersecurity

120+Engagements
conducted

80+Credentials
earned

[ About me ]

Hello!

I'm a Computational Systems Engineer with deep expertise in cybersecurity, specially offensive security. I conduct full-scope pentests, red team engagements and vulnerability research across web, network, Active Directory, and cloud environments.

I follow industry methodologies including PTES, OSSTMM, OWASP, ISSAF, and NIST 800-115, and I have a strong background in security governance, compliance, and AppSec auditing (SAST, DAST, SCA). I try to stay up to date doing CTFs and trainings.

Beyond computers, I like reading, cycling, and tea culture. I play the piano sometimes. Started hiking in 2026. I'm fluent in english (TOEFL C1 ↗) and french (DELF B2 ↗), and beginner in japanese.

[ Work history ]

Experience

Offensive security engagements and cybersecurity engineering across multiple organizations.

APR 2023 - PRESENT

Softtek, México (for a Fortune 500 Airline)

Sr. Penetration Tester

End-to-end pentests (PTES/NIST) and SAST, DAST & SCA assessments for PCI, SOC2, HIPAA and GDPR compliance across infra, web, APIs, cloud, and desktop; manual exploitation and custom vuln discovery on critical business logic, with risk rating (CVSS) and technical remediation. Deliver secure design reviews & stakeholder training aligned to OWASP/SANS. Assess and implement security controls for AI-integrated systems.

Red TeamActive DirectoryCloudMalware Dev

MAR 2025 – OCT 2025

NTT Data, Spain

Cybersecurity External Consultor

Conducting full cybersecurity audits and penetration testing for web, API, and mobile applications, and elaborating technical reports on the identified vulnerabilities, and their mitigation techniques.

Red TeamActive DirectoryCloudMalware Dev

APR 2022 – APR 2023

Ministry of State Finance, Michoacán

Red Team Lead & Security Analyst

Led offensive security ops (pentest, vuln assessments, red teaming), coordinating a team and executing web/app/network engagements; performed recon, exploitation, and post-exploitation, producing technical reports and remediation guidance. Defined testing methodologies/playbooks, collaborated with IT/SecOps for target prioritization, and trained team on tools/TTPs.

Red TeamActive DirectoryCloudMalware Dev

JUL 2022 – MAR 2023

Estudio GEMA, Argentina

Full Stack Developer

Maintained and refactored production web apps (FE/BE), implemented features/bug fixes, and integrated services/APIs; collaborated via Agile workflows, handling incident triage, deployments, and stakeholder-driven requirements.

Red TeamActive DirectoryCloudMalware Dev

SEP 2021 - JAN 2022

ICORP, México

Systems Architect & Software Developer

Built modular frontend apps in React (SCRUM), defined requirements, and designed microservices-based deployments (Elixir/React) on Azure; implemented CI/CD and unit testing.

Red TeamActive DirectoryCloudMalware Dev

JUNE 2021 — MAY 2022

Superior Audit State Office, Michoacán

Systems Architect / DevOps Engineer

Managed Linux/Windows (AD), designed network & system architectures, and implemented CI/CD for web apps & infrastructure; drove monitoring, performance, and security improvements.

AppSecDAST/SASTThreat Modeling

AUG 2016 — DEC 2020

ITM Morelia - Education

CS Engineering Student

Student of Engineering in Computer Systems and specialty in Information Security at the Technological Institute of Mexico, Morelia campus.

VA/PTComplianceSocial Engineering

[ Expertise ]

Skills & Tools

Offensive security methodologies, tooling, and engineering built across real-world engagements.

Offensive Security

Penetration Testing

PTESOSSTMMOWASP TGISSAFNIST 800-115Linux · AD · Web · Network · Cloud

Red Teaming

MITRE ATT&CKCyber Kill ChainTTP EmulationEDR/AV EvasionC2 Ops

AppSec & Code Review

SASTDASTIASTDevSecOpsSDLCOWASP Top 10Web/API/Mobile

Malware & Custom Tooling

C / C#PythonNIMShellcodePayload ObfuscationImplant Dev

Tooling

Recon, Scanning and OSINT

NmapMasscanRustScanNessusZAPNiktoWPScanMaltegoShodanAmassTheHarvesterspiderfootffufFeroxbuster

Exploitation and Post-Exploitation

MetasploitBurpSuiteSQLmapDalfoxXSStrikeCommixpwncatPwntoolsPEASS-ngSearchSploitCore Impact

Red Team · C2 · AD

Cobalt StrikeHavocSliverMythicMimikatzBloodHoundCrackMapExecImpacketevil-winrmCertipyKerbrute

Credentials · Network

HashcatJtRHydraCeWLWiresharktcpdumpAircrack-ngWifiteKismetScapy

Forensics · Social Eng.

AutopsyVolatilityBinwalkForemostGoPhishEvilginxHiddenEyeSocialFish

OS & Platforms

Kali LinuxParrotOSBlackArchDockerProxmoxVMwareActive Directory

Development & Scripting

Languages

Python ★★★JS ★★★NIM ★★★Bash ★★PowerShell ★★C/C++ ★★C# ★★PHP ★★Java ★★Lua ★

Web & Frameworks

Node.jsFastAPIDjangoFlaskReactVueLaravelBootstrapJQuery

Infrastructure & DB

DockerTerraformGitHub ActionsPostgreSQLMySQLSQLiteGitLab CI

[ My Work ]

Projects

Security tooling and personal projects I'm proud of.
Note: Since building this website, I'm just uploading to Github many old projects.

NimRecon

Nim-specific binary analyzer & artifact extractor. Its purpose is to help triage and detect Nim-based malware.

AWSAzureGCP

View on GitHub →

PCI Leak Scanner

Tool to detect PCI DSS data leakage in log files, source code, and plain text. Identifies card numbers, credentials, and more using a hot-pluggable JSON rule engine.

C#NIMEDR EvasionRed Team

View on GitHub →

CVSS Stats Tool

Tool for analyzing CVSS (Common Vulnerability Scoring System) vectors. Its porpuse is to quickly generate statistics and insights from a list of CVSS 3.1 vectors.

PythonBloodHoundImpacket

View on GitHub →

NetWatch-

A lightweight, non-invasive network presence monitoring tool. Built with curiosity, Flask, and way too many Nmap scans.

AWSAzureGCP

View on GitHub →

[ Writing ]

Blog

Thoughts on malware development, offensive security, and the industry, published on Medium.

See all posts on Medium →

[ Accomplishments ]

Credentials

Trainings, certifications and courses completed across offensive security, cloud, governance, and engineering. Playing Pokemon as a kind got me an addition to collecting digital badges; you can see mine on Credly ↗.

[ Let's connect ]

Get in touch

Whether you want to collaborate,
or just want to say hi, my inbox is open.

huemac.contact@gmail.com