We provide IT Staff Augmentation Services!

Security Engineer (penetration Tester/vulnerability Tester) Resume

5.00/5 (Submit Your Rating)

Chicago, IL

PROFESSIONAL SUMMARY:

  • Around 3 years of Professional IT experience in Application Security, Penetration Testing and Vulnerability Assessment using OWASP Publications, NIST 800 Special Publications and SANS/CWE 25.
  • Hands - on experience in reviewing and defining requirements for information security solutions and mitigation techniques.
  • Involved in vulnerability assessment, Patch management and penetration testing using various tools like Metasploit, Burp Suite, DirBuster, OWASP ZAP proxy, NMAP, Nessus, SQL Map, IBM AppScan enterprise, Wireshark.
  • Skilled in performing both manual and automated security testing for web, mobile applications based on OWASP and CWE/SANS publications.
  • Working Knowledge in Windows and Linux (Kali Linux) operating system configuration, utilities and programming.
  • Experience in Security, Risk and Compliance Management and RISK Management methodologies.
  • Strong Experience in Security Health Check, Patch and Vulnerability management for Web applications.
  • Can conduct both internal and external tests based on the client’s specifications.
  • Experienced in performing analysis of the results from penetration test to identify the risks that need to be taken care of immediately.
  • Well versed with performing source code review to find the flaws overlooked in the initial phases of development.
  • Generated and presented reports on Security Vulnerabilities to both internal and external customers.
  • Good team player with excellent analytical, inter-personal, communication and written skills, problem-solving and trouble-shooting capabilities. Highly motivated and can adapt to work in any new environment.

TECHNICAL SKILLS:

Web Application Security Tools: Web inspect, Metasploit, IBM Appscan, Burp pro, DirBuster, Rapid 7, Acunetix.

SAST Tools: Checkmarx, HP Fortify, IBM app scan.

Network Tools: Nessus, Qualys Guard, TcpDump, Wireshark.

Languages: C, C++, C#, Java, Python, SQL.

Web technologies: HTML, HTML5, CSS, Java Script, PHP.

Servers and databases: Apache, MSSQL, MySQL, MongoDB, Oracle.

Operating system: Kali Linux, Windows, Ubuntu.

PROFESSIONAL EXPERIENCE:

Confidential, Chicago, IL

Security Engineer (Penetration Tester/Vulnerability Tester)

Responsibilities:

  • Working in collaboration of both networking and security teams.
  • Scheduled a Penetration Testing Plan throughout the organization and completed all the tasks in the given time frame.
  • Performed pen tests over different business applications and network devices of the organization.
  • Conduct penetration tests on systems and applications using automated and manual techniques with tools such as Burp Suite, Hp Fortify, N-map, Nessus and many other open source tools as needed. Work with support teams to address findings as a result of the tests.
  • Performed vulnerability scanning using Nessus and maintained clear documentation for every report that is generated.
  • Performed vulnerability analysis over wired and wireless networks.
  • Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and prioritizing them based on the criticality.
  • Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing system.
  • Performed static code reviews with the help of automation tools.
  • Performed a threat analysis on the new requirements and features.
  • Burp Suite, Hp Fortify, N-map, Nessus, OWASP ZAP Proxy, Acunetix tools were used as part of the penetration testing, on daily basis to complete the assessments.
  • Establishing and improving the processes for privileged user access request.
  • Proactively conducted research, analyze, and report on trends in certain activities, vulnerabilities, reported attack methods and known exploits that could impact network and information assets.
  • Performed penetration testing over the enterprise systems to audit the standards to comply with PCI DSS regulations.
  • Conducted Risk Assessments and created detailed reports displaying prioritized findings, demonstration of exploits, and explanation of compromise impacts, and recommendations for mitigation.
  • Executed live packet data capture using Wireshark to examine security flaws in the network devices.
  • Given presentations to client over their security issues and potential solutions for those problems.
  • Used CVSS Scores to create reports demonstrating the severity of the existing vulnerabilities and was helpful to prioritize the course of implementation depending on the severity of the vulnerabilities.
  • Documented a Closure Document detailing my findings and recommendations for security improvement and patch management.

Confidential

Associate Application Security

Responsibilities:

  • Conducted Threat Modeling Index to prioritize and categorize applications based on different security perimeters like complexity, sensitivity and business priority to comply with PCI DSS regulations.
  • Worked with the development team to understand the application workflow and formulated test plans.
  • Define test policy for automated scanners and manual test scripts for applications across platforms.
  • Conducted application security vulnerability assessment and penetration testing using automated tools like Burp suite, IBM Appscan.
  • Conducted secure code reviews using automated tools and manual techniques.
  • OWASP Top 10 Issues identifications like SQLi, CSRF, XSS and invalidated redirects etc.
  • Prepared remediation reports for security issues identified in assessments. conducted sessions for development team on secure coding & remediation solutions for critical and high severity issues.
  • Performed network assessments using tools like Qualys Guard, Nmap, Nessus.
  • Prepared Monthly and Quarterly Issue trend analysis report and suggested measures for improvement.
  • Created and managed an Application Security Metrics Dashboard.
  • Worked on risk management activities such as identifying risks and assessing their probability/impact.
  • Worked on Internal Incident Management systems to identify and investigate the incidents.
  • Worked on incident closure activities.

We'd love your feedback!