PROFESSIONAL SUMMARY:

• Penetration tester with experience in the creation and deployment of solutions protecting applications, networks, systems and information assets for diverse companies and organizations.
• Good Experience in Windows/Linux, MacOS, UNIX operating system configuration, utilities and programming. Experience in Shell Scripting.
• Good knowledge in Vulnerability Assessment and Penetration Testing on Mobile based application, WEB based Applications and Infrastructure penetration testing.
• Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, cryptographic attacks, authentication flaws.
• Experience in Threat Modelling during Requirement gathering and Design phases.
• Actively search for potential security issues and security gaps that are beyond the ability of detection by any security scanner tool. Initiate and develop new mechanisms to addresses unidentified security holes & challenges.
• Extensive experience working with Qualys Guard to conduct Network Security assessments.
• Coordinate with dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.
• Skilled in various web application security testing tools like Metasploit, Burp - Suite, HP Fortify, SQL map, OWASP ZAP Proxy, Checkmarx, Nmap, IBM AppScan, Acunetix Automatic Scanner, Kali Linux and Nikto.
• Experience as an Information Security Analyst, involved in OWASP Top 10 based Vulnerability Assessment of various internet facing point of sale web applications and Web services.
• Skilled in identifying the business requirements for information security as well as regulations of information security
• Experience on vulnerability assessment and penetration testing using various tools like Burp Suite, DirBuster,
• OWASP ZAP Proxy, NMap, Nessus, Kali Linux, Metasploit, HP Web inspect and IBM Appscan.
• Developed, implemented and enforced security policies through experience, in-depth knowledge of security software, and asking the customer the right questions
• An enthusiastic team player who embodies a strong work ethic and a leader who utilizes complex problem-solving skills for incident analysis.
• As a Penetration Consultant involved in enhancing the security stature of the project by initiatives like Threat Modelling, Security awareness sessions, Dormant & Never Logged IDs clean-up.
• Technical business expert employing tremendous Information Security Audit, Strategy and Risk Management Techniques.
• Experience in vulnerability assessment and penetration testing using various tools like Burp Suite, DirBuster, OWASP ZAP proxy, NMap, Nessus, Hp Fortify, IBM AppScan, Kali Linux, Metasploit.
• Capable of identifying flaws like Security Misconfiguration, Insecure direct object, Sensitive data exposure, Functional level access control, Invalidated redirects.
• Experienced in Dynamic Application Security Testing (DAST) & Static Application Security Testing (SAST)
• Conduct source code review of application using Fortify.
• Analyzing the results of penetration testing, designing reviews, source code reviews and other security tests.
• Experience in implementing security in every phase of SDLC.
• Good knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, Implementation, and support.

TECHNICAL SKILLS:

Languages: C, C++, Python, SQL

Tools: Nexpose, Nessus, Nmap, Burp Suite, ZAP, Splunk, Metasploit, Kali Linux, Appscan Standard, AppScan Enterprise, AppScan Source for Analysis and open source tools.

Network Tools: Nmap, Wireshark, Nessus, Metasploit

Operating Systems: Windows, Unix and Linux, MacOS

QA Tools: Quality Center, Jira, HP ALM

Methodologies: Agile, SDLC

WORK EXPERIENCE:

Penetration tester

Confidential, Malvern, PA

Responsibilities:

• Perform risk assessments to ensure corporate compliance
• Provide oral briefings to leadership and technical staff, as necessary.
• Provide the report and explain the issues to the development team.
• Evaluating the business requirements, application functionality with project teams to do assessments.
• Experience with Burp Suite, SQL Map, NMap, and Nessus.
• Conducted application penetration testing over various business applications.
• Responsible for assessing the controls to identify gaps and to design and analyze segregation of duties, least privilege for that application.
• Performed functional testing of security solutions like RSA 2-factor Authentication, Novell Single Sign-on, Data Loss Prevention (DLP), etc.
• Enforced Password Cracking tests over the administrator and user accounts to evaluate the strength of passwords used.
• Advised on secure data deletion and equipment sanitization, decommissioning and reuse guidelines for high security environments.
• Using various Firefox add-ons like Flag fox, Live HTTP Header, Tamper data to perform the pen test
• Proactively conducted research, analyze, and report on trends in certain activities, vulnerabilities, reported attack methods and known exploits that could impact network and information assets.
• Conducted attack analysis on the IDS reports to detect the attacks and reported the analysis.
• Conducted security assessment of PKI Enabled Applications.
• Performed penetration testing over the enterprise systems to audit the standards to comply with ISO Standards.
• Conducted Pre-IAM Assessments and created detailed reports displaying prioritized findings, demonstration of exploits, and explanation of compromise impacts, and recommendations for mitigation.
• Executed live packet data capture using Wireshark to examine security flaws in the network devices.
• Given presentations to client over their security issues and potential solutions for those problems.
• Provide remediation steps to the team and follow up.
• Re testing the applications for found vulnerabilities and post production support.
• Retest the fixed issues and ensure the closure
• Performed Vulnerability Assessments and Data Classification
• Capable of identifying flaws like Security Misconfiguration, Insecure direct object, Sensitive data exposure, Functional level access control, Invalidated redirects.

Security Analyst/ Penetration Tester

Confidential, Pittsburgh, PA

Responsibilities:

• Conducted Vulnerability Assessment on various applications.
• Acquainted with various approaches to Grey & Black box security testing.
• Conducting Web Application Vulnerability Assessment & Threat Modelling, Gap Analysis, secure code review on the applications.
• Understanding and implementation of security into SDLC via application risk assessment, requirements Gathering, design review, application vulnerability assessment.
• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.
• Validate Input validations, session managements, client protocol controls, cryptography, Logging, Information leakage.
• Conduct penetration tests on systems and applications using automated and manual techniques with tools such as Core Impact, Hp Fortify, Metasploit, Burp suite, Web Inspect, Kali Linux, CheckMartSparker and many other open source tools as needed.
• Work with support teams to address findings as a result of the tests.
• Conducted analysis using Kali Linux environment and effectively neutralized DOS, DDOS, CSRF, XSS and SQL Injection Attacks.
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Dirbuster, Qualysguard, Nessus, Sqlmap for web application penetration tests and infrastructure testing.
• Ensure the issues identified are reported as per the reporting standards.
• Performed static code reviews with the help of automation tools.
• Perform validation on design of features like authentication, authorization, accountability. Provide the report and explain the issues to the development team.
• Implemented IBM AppScan standard, source editions, HP WebInspect and QualysGuard web application scanners. In addition, the security tools Metasploit and BurpSuite were utilized for manual penetration testing.
• Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
• Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing System fully compromised 50+ target hosts in lab environments (Offensive Security and HackTheBox), gaining root/system-level shell access to each, and achieving rank of "Hacker" on HackTheBox.
• Developed and implemented online security procedures.
• Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.
• Assisting in review of business solution architectures from security point of view which helps avoiding security related issues/threats at the early stage of project.
• Performed security research, analysis and design for all client computing systems and the network infrastructure.

Application security engineer

Confidential

Responsibilities:

• Performing onsite & remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment.
• Capturing and analyzing network traffic at all layers of the OSI model.
• Monitor the Security of Critical System (e.g. e-mail servers, database servers, Web Servers, Application Servers, etc.).
• Conducted application penetration testing of 50+ business applications
• Conducted Vulnerability Assessment of Web Applications
• Performed functional testing of security solutions like RSA two factor authentication, Novel single sign on, DLP and SIEM
• Change Management to highly sensitive Computer Security Controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
• Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System
• Vulnerabilities and develop remediation plans and Security Procedures.
• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.
• The experience has enabled me to find and address security issues effectively, implement new technologies
• Worked on various business development activities like drafting response to RFP's and preparing SOW's documents
• Acquainted with various approaches to Grey & Black box security testing
• Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, cryptographic attacks, authentication flaws etc
• Conducted security assessment of PKI Enabled Applications
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Havij, Dirbuster, Qualysguard, Nessus,
• SQLMap for web application penetration tests and infrastructure testing. and efficiently resolve security problems. With having strong Network Communications, Systems & Application
• Security(software) background looking forward for implementing, creating, managing and maintaining information security frameworks for large scale challenging environments.