Security Engineer (penetration Tester/vulnerability Tester) Resume
5.00/5 (Submit Your Rating)
Chicago, IL
PROFESSIONAL SUMMARY:
- Around 3 years of Professional IT experience in Application Security, Penetration Testing and Vulnerability Assessment using OWASP Publications, NIST 800 Special Publications and SANS/CWE 25.
- Hands - on experience in reviewing and defining requirements for information security solutions and mitigation techniques.
- Involved in vulnerability assessment, Patch management and penetration testing using various tools like Metasploit, Burp Suite, DirBuster, OWASP ZAP proxy, NMAP, Nessus, SQL Map, IBM AppScan enterprise, Wireshark.
- Skilled in performing both manual and automated security testing for web, mobile applications based on OWASP and CWE/SANS publications.
- Working Knowledge in Windows and Linux (Kali Linux) operating system configuration, utilities and programming.
- Experience in Security, Risk and Compliance Management and RISK Management methodologies.
- Strong Experience in Security Health Check, Patch and Vulnerability management for Web applications.
- Can conduct both internal and external tests based on the client’s specifications.
- Experienced in performing analysis of the results from penetration test to identify the risks that need to be taken care of immediately.
- Well versed with performing source code review to find the flaws overlooked in the initial phases of development.
- Generated and presented reports on Security Vulnerabilities to both internal and external customers.
- Good team player with excellent analytical, inter-personal, communication and written skills, problem-solving and trouble-shooting capabilities. Highly motivated and can adapt to work in any new environment.
TECHNICAL SKILLS:
Web Application Security Tools: Web inspect, Metasploit, IBM Appscan, Burp pro, DirBuster, Rapid 7, Acunetix.
SAST Tools: Checkmarx, HP Fortify, IBM app scan.
Network Tools: Nessus, Qualys Guard, TcpDump, Wireshark.
Languages: C, C++, C#, Java, Python, SQL.
Web technologies: HTML, HTML5, CSS, Java Script, PHP.
Servers and databases: Apache, MSSQL, MySQL, MongoDB, Oracle.
Operating system: Kali Linux, Windows, Ubuntu.
PROFESSIONAL EXPERIENCE:
Confidential, Chicago, IL
Security Engineer (Penetration Tester/Vulnerability Tester)
Responsibilities:
- Working in collaboration of both networking and security teams.
- Scheduled a Penetration Testing Plan throughout the organization and completed all the tasks in the given time frame.
- Performed pen tests over different business applications and network devices of the organization.
- Conduct penetration tests on systems and applications using automated and manual techniques with tools such as Burp Suite, Hp Fortify, N-map, Nessus and many other open source tools as needed. Work with support teams to address findings as a result of the tests.
- Performed vulnerability scanning using Nessus and maintained clear documentation for every report that is generated.
- Performed vulnerability analysis over wired and wireless networks.
- Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and prioritizing them based on the criticality.
- Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing system.
- Performed static code reviews with the help of automation tools.
- Performed a threat analysis on the new requirements and features.
- Burp Suite, Hp Fortify, N-map, Nessus, OWASP ZAP Proxy, Acunetix tools were used as part of the penetration testing, on daily basis to complete the assessments.
- Establishing and improving the processes for privileged user access request.
- Proactively conducted research, analyze, and report on trends in certain activities, vulnerabilities, reported attack methods and known exploits that could impact network and information assets.
- Performed penetration testing over the enterprise systems to audit the standards to comply with PCI DSS regulations.
- Conducted Risk Assessments and created detailed reports displaying prioritized findings, demonstration of exploits, and explanation of compromise impacts, and recommendations for mitigation.
- Executed live packet data capture using Wireshark to examine security flaws in the network devices.
- Given presentations to client over their security issues and potential solutions for those problems.
- Used CVSS Scores to create reports demonstrating the severity of the existing vulnerabilities and was helpful to prioritize the course of implementation depending on the severity of the vulnerabilities.
- Documented a Closure Document detailing my findings and recommendations for security improvement and patch management.
Confidential
Associate Application Security
Responsibilities:
- Conducted Threat Modeling Index to prioritize and categorize applications based on different security perimeters like complexity, sensitivity and business priority to comply with PCI DSS regulations.
- Worked with the development team to understand the application workflow and formulated test plans.
- Define test policy for automated scanners and manual test scripts for applications across platforms.
- Conducted application security vulnerability assessment and penetration testing using automated tools like Burp suite, IBM Appscan.
- Conducted secure code reviews using automated tools and manual techniques.
- OWASP Top 10 Issues identifications like SQLi, CSRF, XSS and invalidated redirects etc.
- Prepared remediation reports for security issues identified in assessments. conducted sessions for development team on secure coding & remediation solutions for critical and high severity issues.
- Performed network assessments using tools like Qualys Guard, Nmap, Nessus.
- Prepared Monthly and Quarterly Issue trend analysis report and suggested measures for improvement.
- Created and managed an Application Security Metrics Dashboard.
- Worked on risk management activities such as identifying risks and assessing their probability/impact.
- Worked on Internal Incident Management systems to identify and investigate the incidents.
- Worked on incident closure activities.