TECHNICAL SKILLS:

Dynamic and Static Analysis Security Testing: IBM AppScan Enterprise (ASE), Standard & Source editions, Checkmarx, HP WebInspect, Whitehat Sentinel, QualysGuard, BurpSuite Pro, Veracode, Acunetix, HP Fortify SCA, SQLMAP

Security Penetration/ Testing Tools: AppDetect, AppRador, Splunk Enterprise Security, Oracle Identity Manager, Oracle Access Manager, Hijack, Varonis, BeyondTrust PowerBroker Password Safe, Metasploit Pro, ZED attack proxy, SQLMAP, Wireshark, WebScarab, Paros, Nmap, BMC BladeLogic, Nessus, Rapid7 Nexpose, Tripwire, Symantec Vontu, DBProtect, ArcSight SIEM, e - DMZ Password Auto Repository (PAR), Varonis, Amazon Web Services (AWS) Cloud security.

Operating Systems: Oracle Solaris UNIX, RedHat LINUX 4/5, Windows Server2003/2008.

Cloud Security: AWS Web Application Firewalls (WAF), Security Groups for Route 53 and Virtual Private Cloud (VPC), IAM Roles with EC2

Networking: Symantc DLP, Checkpoint, LAN, WAN, Palo Alto, Cisco, IDS/IPS, Anti-virus

Java & J2EE Technology: Spring Framework, EJBs, Struts2, Servlets, JavaServerPages (JSPs), JMS, Java Mail API, JNDI, LDAP, JDBC, JTS, RMI, AWT, Swing, Socket Programming, IONA Orbix CORBA.

Application Servers: Weblogic Server, iPlanet, Netscape Application Server and Microsoft IIS.

Languages: Java, Python, C/C++, C#.NET, Perl, UML.

Scripting: AngularJS, XML, XSLT, XPath, XQuery, HTML/JavaScript/JQuery, AJAX. Power shell.

Middleware: TIBCO EMS, IBM WebSphere MQ, JMS

Databases: Oracle, MS SQL Server, Sybase.

Web Services: RESTFul/SOAP, SOA, UDDI, WSDL.

Web Servers: Apache Tomcat, Netscape Enterprise Server3.5, Jboss and JRun.

PROFESSIONAL EXPERIENCE:

Confidential, Irving,TX

Sr. Security Engineer

• Performed real-time proactive security monitoring and reporting on various Security enforcement systems, (SIEM ), Anti-virus, Internet content filtering/reporting, malware code prevention, Firewalls, IDS and IPS, Web Security, Anti-spam.
• Conducted Vulnerability Assessment (DAST and SAST) of Web and Mobile (iOS and Android Applications, including third party applications. The tools IBM AppScan, ZAProxy, BurpSuite Pro, Checkmarx, HP Fortify have been utilized for scanning the application.
• Used FireEye to track Cyber attacks and getting reports of threat map.
• Security Management Act (FISMA) and Federal Risk and Authorization Management Program (FedRAMP) related engagements for commercial clients.
• Experience with ISO 27001/27002 Certification for ISMS, GRC solutions like Sarbanes Oxley (SOX) Compliance, HIPPA, PCI.
• Implemented Active Directory Federation Services (ADFS- SSO) in Windows-Linux client server PKI environment.
• Conducted security assessment of Cryptography applications including the apps that use Hardware Security Model (HSM).
• Administered Maintained, and Deployed Imperva web application firewall, Checkpoint IPS & VPN systems, and McAfee network based Data Loss Prevention (DLP) devices.
• Monitored network activity using LogRythm, Snort, and Epo.
• Managed security assessments to ensure compliance to firm’s security standards (i.e., OWASP Top 10, SANS25). Specifically, security testing has been performed to identify XML External Entity (XXE), Cross-Site Scripting, ClickJacking, and SQL Injection related attacks within the code.
• Reviewed source code (Java/J2EE/Spring/FTL/JavaScript) and developed security filters within IBM AppScan for critical applications.
• Configured SafeNet ProtectDB to enable column level encryption for securing confidential customer data.
• Designed security architecture for web and mobile apps. Reviewed Solution overview Documents (SODs) to identify security anomalies in the system architecture and design, and provided recommendations to address data security and privacy concerns.
• Developed threat modeling framework (STRIDE, DREAD) for critical applications to identify potential threats during the design phase of applications.
• Automation of security scanning process (DevSecOps) into the build environment with CI/CD pipeline using Jenkins, Maven, Gradle, GitHub tools.
• Implemented file system security by applying hashing techniques for protecting data stored in files on the file servers.
• Participated in the implementation of Single Sign-on (SSO) and MFA using SAML and OAuth2.0 frameworks.
• Administered cryptography, certificate management and implemented dual keys to address segregation of duties issue between DBAs and security admins.
• Participated in the development of IT risk assessments for enterprise applications. The NIST framework has been utilized for IT risk assessments.
• Rolled out IBM AppScan products such as AppScan Enterprise (ASE), Standard, Source, Developer plug-ins to various development teams across the business lines.
• Worked extensively with software development teams to review the source code, triage the security vulnerabilities generated by IBM AppScan, BurpSuite, Whitehat Sentinel, HP WebInspect, HP Fortify, Checkmarx and eliminated false positives.
• Generated executive summary reports showing the security assessments results, recommendations (CWE, CVE) and risk mitigation plans and presented them to the respective business sponsors and senior management.
• Conducted monthly developer workshops to educate and train developers on secureSDLC, scan source code using IBM AppScan Source, triage and resolve the security vulnerabilities.
• Participated in the implementation of AWS Cloud security for applications being deployed in the Cloud. Developed WACLS and configured to rules and conditions to detect security vulnerabilities in the Cloud Front.
• Implemented Security Group Policies for Elastic Compute Cloud (EC2) instances within AWS. Developed AWS Service Roles to protect Identity Provider access.
• Participated in the implementation of developing security policies and security groups for AWS Cloud infrastructure including, EC2, Security Groups, Route 53 and Virtual Private Cloud (VPC).
• Worked with DevSecOps teams to automate security scanning into the build process.
• Reviewed Android and iOS mobile source code manually and recommended code fixes.
• Participated in the Proof of Concept (POC) in implementing Arxan application protection software for Mobile apps.
• Performed the penetration testing of mobile (Android and iOS) applications, specifically, APK reverse engineering, traffic analysis and manipulation, dynamic runtime analysis.
• Developed secureSDLC policies and standards for Web and Mobile apps.

Confidential, Bethesda, MD

Sr. Security Engineer

• Incident and Event Management System (SIEM) using HP ArcSight, Splunk Enterprise Security
• Hands-on with Penetration Testing, Source Code Review, DAST, SAST, IAST and manual ethical hacking.
• Expertise in using the DAST tools (IBM AppScan and BurpSuite Pro) while the application is running to penetrate the application in various ways to identify potential vulnerabilities outside the code and in third party interfaces.
• Working knowledge of OWASP Top 10 and SANS Top 25 software guidelines, Federal Financial Institutions Examination Council's (FFIEC) regulations, including Payment Card Industry (PCI-DSS), HIPAA and Sarbanes-Oxley Section404 (SOX).
• Developed Security requirements for Data Loss Prevention (DLP) specifically for Data at Endpoint, Data In-transit, and Data at rest.
• Administered cryptography, certificate management and implemented dual keys to address segregation of duties issue between DBAs and security admins.
• Analyzed security incidents using Splunk Enterprise Security originated from various network/application monitoring devices (e.g., Symantec DLP) and coordinated with engineering teams for tracking and problem escalation, including remediation.
• Automated security scanning process ( DevSecOps) as part of Continuous Integration and Continuous Delivery ( CI/CD) of security reports into the build cycle
• Implemented and managed SIEM - IBM Qradar suite of products, QRadar SIEM, Qradar Vulnerability Manager (QVM), Qradar Risk Manager (QRM), Qradar Incident Forensic (QIF), Splunk.
• Configuring and creating Vulnerability Reports in Nexpose, SIEM -Log monitoring and user behavior Investigations in LogRythm.
• Participated in the implementation of AWS Cloud security for applications being deployed in the Cloud. Developed WACLS for AWS Web Application Firewalls (WAF) and configured the rules and conditions to detect security vulnerabilities in the Cloud Front.
• Participated in the implementation of AWS Cloud security for applications being deployed in the Cloud. Developed WACLS and configured rules and conditions to detect security vulnerabilities in the Cloud Front.
• Configured AWS Simple Storage Service (S3) to securely store the organization’s critical file systems. Implemented Access Control Lists (ACLs) and Bucket Policies for controlling access to the data.
• Decided on what to remediate and what to risk accept based on security requirements.
• Performed pentesting of both internal and external networks as per PCI-DSS standards. The pen testing scope included O/S (Windows and Linux) and external facing web apps and database servers that store credit card information.
• Reviewed security vulnerability reports for applications and databases, analyzed and worked extensively with the development teams for the implementation of mitigating controls.
• Implemented IBM AppScan standard, source editions, HP WebInspect, Whitehat Sentinel, Nessus, and QualysGuard web application scanners. In addition, the security tools Metasploit and BurpSuite were utilized for manual penetration testing.India | June 2011 - July 2013
• Performed security assessments for the client-facing apps. The associated IT infrastructure such as database management systems, middleware systems, web services (SOA) were also included in the security assessments.
• Involved in the implementation of RSA Single Sign On (SSO) for the applications deployed in the Cloud and on-premise.
• Implemented Secure Software Development Life Cycle (S-SDLC) processes; developed secure coding practices for web, mobile applications, including database and middleware systems.
• Experience in Threat Modeling during Requirement gathering and Design phases.
• Security Risk Management with TCP-based networking.
• Experience with TCP/IP, Firewalls, LAN/WAN.

Confidential, Chicago, IL

Security Analyst

• Utilized Security Information and Event Management (SIEM ), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Utilize tools like WebLogic, LogRythm, and TripWire to assess and validate controls per requirements and Government direction
• Discussed false positives and prepared a plan of action and milestones for mitigation Prepared incident reports for reported and unreported attacks APT hunting for Ransomware.
• Performed Root Cause Analysis for the incidents reported at Security Operations Center. Performed Security event monitoring of heterogeneous networks such as Firewalls, IDS/IPS, Cisco ASA, DLP devices using Splunk.
• Performed security compliance audits and identified control gaps for Firewalls, Routers, DLP, IDS/IPS, Winodws/Linux, and DB servers.
• Performed penetration testing for external facing web applications. Security areas covering DMZ architecture, threat modeling, secure coding practices (i.e., OWASP standards) and vulnerability analysis were assessed.
• Provided solution to many problems on a call with the best of my knowledge on the applications using event logs on the system/server and telemetry logs on the server, later started using Splunk for security analysis.
• Wrote scripts on servers using Python on Windows Servers, Active Directory to update servers with the latest patches and changes systems configurations at large.
• Used Remedy Information Technology Service Management (ITSM) tool for managing the incidents based on the priorities and solved issues which are in the security domain.
• Experience in performing authenticated and unauthenticated testing.
• Generated Vulnerability reports to monitor the health of the applications and reported High, Medium and low vulnerabilities in this system.
• AnalyzedattackpatternsBuildworkflowstoautomaticallyanalyzethesamples
• Determined what functionality attackers may have introduced and scan for malicious artifacts based on sandbox results Investigate endpoint attacks and replay attacks on systems.
• Analyze JavaScript, PDFs, Office documents, and packet captures for signs of malicious activity SIEM implementation and analysis by writing rules and reference sets.
• SIEM to determine attack vectors and source of incident Troubleshoot network application inbound/outbound connectivity utilizing Cisco WSA proxies and Wireshark.
• Involved on Bridges in solving High/Severe incidents reported in the application or in the environment.
• IronPort URL filtering for known bad URL content IronportMail.
• Analysis and blocking for known bad emails Analysis of pcap files using FireEye and Wireshark System audit and analysis using DOD checklist for PA series Threat and virus scanning using Malwarebytes from centralized console.
• Enforcement of policies and procedures for users, admins, and management Reverse engineering of malware using tools like malware, process hacker and so on Incident response tabletop exercise by documenting and alerting necessary personnel.

Confidential

Java/J2EE Developer

• Designed and created DAO using data modeling in the integration layer.
• Exposed all the enterprise services to the clients using SOAP and REST based web services, and tested using SOAPUI.
• Modified WSDL documents for the internal clients and deployed on WSRR.
• Implemented request and response objects using SOAP web services and JAXB for converting WSDL to java classes.
• Configured all dependencies with spring framework and various stateful and stateless beans in the application.
• Used various spring features to deploy custom properties and static context in the application.
• Exposed Stateless session beans as restful web services using Jersey JAX-RS.
• Created virtual host and configured based on the IP configuration for all enterprise services.
• Used JSON marshaller for marshaling and unmarshalling the JSON Objects and Dom manipulations with various SAX and Dom parsers
• Worked and configured with MKS and RTC versioning tools for keep track of source code.
• Used Jenkins for continuous integration with maven built in to generate the EAR files and sanity4j code quality testing reports.
• Hands-on a service-oriented approach (SOA) using WebLogic for integration.
• Worked on HP portfolio Management software to create the PPM packages and deploy the various environments.
• Updated the WSDL in WSRR for the governance and storing, accessing and managing information.
• Setup meeting to configure and understand the Data power for security, for accessing the application.
• Used Log4j for logging for debugging, warnings, errors etc.
• Created log back file based on time based triggering policy and application based triggering policy.
• Used HPQC for defect tracking and working on the defects and created Triage process (Microsoft Visio) to track the defects in the application.
• Migrated MKS Source control to RTC and created JENKINS builds for all enterprise services.
• Worked closely with the infrastructure team to create the performance environment for enterprise services.