- 6 years IT experience in all phases of software development life cycle (SDLC) of project & product that includes system analysis, design, development, integration, testing, deployment, troubleshooting and maintenance.
- Highly motivated, detail oriented, ability to work independently and as a part of the team.
- Expertise in design and developing security tools and fixing web application vulnerabilities
Programming Languages: Java 1.8, Moscow ML(functional programming), C, C++, Prolog, Scheme
Security Tools: OWASP, Burp suit, ZAP, sqlmap, Wireshark, Metsploite, AppScan, SSLScan, Fortify, Firebug, openssl
Development/project Management tools: Intellij Idea, Eclipse, IBM RAD, Ralley, JIRA, Crucible
Frameworks: Struts 1.x, Struts 2.1, Spring MVC, Spring batch, Hibernate 2.x, 3.x, JSP Servlets, EJB, SOAP, JAX - WS and JAX-RS, Restful Web Services, vert.x, Design Patterns
Source Control Management: SVN, Clear Case, CVS, Acurev, GIT
Build and CI Tools: Apache Maven, Bamboo, Hudson, Jenkins
Test Automation: JUnit, SoapUI, JMeter
Database: MySQL, Oracle, DB2
- Worked on designing quoting engine for travel health insurance Plans.
- Integrated soap and rest api’s form major insurance carrier like Tokio marine hcc, Trawick and IMG.
- Used Vue.js and Bootstrap to create the user interface and Java 1.8 for the backend development.
- Used Gradle for the dependency management and Gitlab as source code version control system.
Confidential, San Francisco, CA
Software Engineer Java
- Worked on soap and restful service design.
- Standardized the CI/CD setup for Apigee for automated deployment using gradle scripts.
- Created REST API documentation using Swagger.
- Automated API testing using cucumber BDD pattern and junits.
- Created poc for nginx reverse proxy caching to make conditional get request to the proxified server.
Confidential, Foster City, CA
Application Security Consultant
- Developed security gatekeeper product, which act as single entry point for all cyber source internal and external application and resolve all cross cutting security concern of application like authentication, and authorization and secure filtering using vert.x and java 1.8 leveraging stream API and lambda functional interfaces.
- PII and PAI data encryption and decryption for rest data.
- Developed security filters as Restful web services which addresses OWASP top 10 and SANS top 25 concern.
- Perform Personal Identity Information (PII) and Personal Account Information (PAI) data analysis of 60 internal and 10 external facing application which include around 155 database tables with average 4 column per table
- Developed libraries for software based local and Remote encryption and decryption with SAfeNet HSM key caching functionality.
- Enhance all internal and external facing application to support encryption, decryption and hashing around PII and PAI data.
- Developed Spring Batch based Backfill utilities which backfill around 25.6 billion records of 115 database tables without affecting live transaction or any P1 issue.
- Fixed OWASP top 10 security vulnerabilities for around twenty internal and externally exposed application.
- Analysis and fixes of AppScan, Fortify and White Hat report findings.
- Implement custom log4j to identify all credit cards and PII, PAI and password data and mask at low logging level.
- Developed interface for redis based cache support for distributed environment.
- Designed token-based solution for cross-site request forgery CSRF attacks.
- Developed Solution for software based data center director for requests.
- Perform pen testing to verify the SAST scan results.
Confidential, Austin, TX
- Worked on various process and pages to determine Benefits Eligibility.
- Worked as web Sphere portal developer (JSR 286 specifications).
- Worked on Spring MVC Portlet.
- Worked on Jaas extension library to plug Authentication module.
- Worked on spring security framework and provided role base component and menu access system by creating roles and permissions for a core user.
- Created contact log portal for logging customer details and ER Diagrams and data model.
- Have used DWR (Direct Web Routing) framework to implement AJAX.
- Used GIT version control tool, Hudson build tool to generate war/ear files.
- Used Jenkins tool to check test cases success percentages and recent builds.
- Wrote many send and receive batch processes using bean I/O and flat pack.
- Developed the application using Test Driven Development.
- Used Altova uml modeling tool to create class diagrams and sequence diagrams.
- Used Jmeter for performance testing to simulate different loads and concurrent access of application.
- Worked on Eligibility Determination and Benefits Calculations Module.
- Worked on Recovery Accounts for Medical Programs.
- Worked on Financial and Non-Financial Intake Data collection.
- Worked on various modules for benefit programs.
Confidential, Santa fe, NM
- Created Functional requirements using Storyboards and snagit.
- Used a custom framework called fast4J (similar to struts) layered architecture with EJB, BO and DAO layers.
- Used cargo and collections to carry data between different layers.
- Servlets and JDBC were used in retrieving data.
- Developed and Deployed modules on IBM WebSphere Application Server
- Developed more than 20 java server pages and used java script for client side validations.
- Used Ant scripts to build and deploy the application.
- Extensively used RAD as an IDE for building, developing and integrating the application.
- Provided SQL scripts and PL/SQL stored procedures for querying the oracle database.
- Provided Maven build tool for building and deploying the application.
- Provided Log4j support for the application for debugging the system.
- Worked on Functional specification designs.
- Used Spring framework in conjunction with Hibernate for porlets development.
- Used Ajax and Jason to communicate between UI and controller layer.
- Used IBM AppScan Baseline Application Vulnerability Assessment tool for security vulnerabilities before production deployment.
- Used Hudson as a build tool to generate war and ear files.
- Used Ldap connections and configuration to access Cisco internal user information.
- Reviewed High-level Design (HLD), Functional requirements.
- Used IBM RAD as development environment and deployed application on Web Sphere Application server.
- Extensively used Core Java such as Exceptions, and Collections in Application.
- Used CVS version control tool to manage source repository.
- Developed highly scalable, transactional and reusable components using J2EE technologies.
- Prepared Program specifications and Test cases based on Detailed Design documents.
- Used Java EE Connector Architecture for connecting application servers and enterprise information systems (EIS) as part of EAI solutions.