SUMMARY

• Penetration testing, protection and mitigation against SQL injection, CRSF (Cross - site request forgery) and XSS (Cross-site scripting) attacks, source code review, complete server and host auditing, MITM (Man in the Middle) attacks, ARP spoo ng and redirection, packetcapture and review, and network protocol analysis.
• Perform onsite and remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment
• Perform ethical cracks ("hacks") to assess the vulnerabilities of test, Internet, and/or Intranet connected systems, networks, and applications including Windows, Linux, AIX, Solaris, HP-UX, OpenVMS, and Cisco IOS/CatOS
• Worked as QA/Penetration Tester, Report Developer, Webmaster, Systems Analyst, and teaching assistant for Math and Programming Languages.
• Well versed with Certified Ethical Hacking (CEH) Concepts Version 9 and CISSP concepts.
• Excellent understanding of the Software Development Life Cycle (SDLC), and Agile (Scrum) methodologies.
• Strong documentation and communication skills.

TECHNICAL SKILLS

• Nessus
• Nexpose
• AWS Config
• CloudTrail
• Guard Duty
• Cloudwatch
• AWS Inspector
• Cain and Abel
• Nmap
• Backtrack 5R3
• Samurai
• Kali Linux
• John the Ripper
• SNORT
• Wireshark
• Shodan
• Qualys
• OpenVas
• TcpDump
• Armitage
• Ettercap
• Acunetix Web Vulnerability Scanner
• Microsoft Baseline Security Analyzer
• TruCrypt
• Bitlocker
• Havij
• SQLMap
• Zenmap
• BurpSuite pfSense
• Iptables
• Dark Comet RAT
• HashSuite 32 & 64
• Brutus
• Aireplay-ng
• Aircrack-ng
• Ntop. Airsnort
• Metasploit Framework
• Sandcat Web Application Security Scanner
• Retina
• Saint
• Exploiter
• Bobcat
• Black Widow clHashcat-plus-0.14 pwdump7 rainbowcrack-1.5-win64
• Tor Browser
• HTTrack
• Firecat Mozilla Firefox Extension
• Email Spider
• Maltego
• Alexa
• Shazou
• Yersinia
• Xplico
• Hydra
• GFI LANGuard
• IBM Rational Appscan
• OWASP top 10
• OWASP Mantra Security Framework
• ZAP
• Paros
• WebSecurity Dojo 2.0.
• Dirbuster netcat ncat
• Nikto nmap msfvenom
• Sparta
• Vega wpscan grabber sniper wmap crunch beef fern wifi cracker wifite veil reaver wifijammer wifiphisher wifipumpkin
• Medusa
• Winpcap
• UTM
• RADIUS
• TACACS+
• AES
• VPN
• Network Security Toolkit
• NetWorX
• Kismet virustotal.com
• JonDoFox
• Hardware Security Module (HSM)
• Hash-based message authentication code (HMAC)
• Master Password
• Keepass
• Lastpass
• AuthyMobile Development
• Reverse engineering

PROFESSIONAL EXPERIENCE

Confidential

Application Security Analyst/QA Consultant

Environment: Kali Linux, IBM App Scan, JIRA, OWASP top 10 Methodologies, SQL Queries

Responsibilities:

• Performed testing of Confidential .com.
• Involved in the review of web portal Requirements with business analysts and technical specialists.
• Performed end-to-end manual testing.
• Used Kali Linux operating system to perform Penetration testing Assessments
• Planned, coordinated and monitored project levels of performance and activities to ensure project completion on time.
• Performed SQL Injection, XSS, CSRF simulated attacks on the web application and submitted the results for review.
• Used Jira to track, analyze and report bugs.
• Worked on some application development projects where in which applications were developed in .net and Java.

Confidential

Application Security Consultant / QA Analyst

Environment: Kali Linux, IBM App Scan, JIRA, OWASP top 10 Methodologies, SQL Queries

Responsibilities:

• Performed testing of Confidential Outage management System.
• The OMS system was developed using Java and Javascript .
• Facilitated and participated in improving Quality as part of Delivery Quality Initiative.
• Used OWASP top ten methodologies and IBM Appscan to perform Application security checkups.
• Provided trends, reports of defects at Release level. Tracked, Monitored, Supported UAT.
• Analyzed the complete set of documentations and reviewed Test Strategy, Test Plan, Test matrix, traceability matrix
• Involved in preparing the Test Plan and Test Cases for developed OMS based on the function specifications.

Confidential

Information Security Analyst/ BI SME

Environment: Nessus, Cain and Abel, Backtrack 5R3, John the Ripper, Wireshark, TcpDump, Nmap, Armitage, Ettercap, Acunetix Web Vulnerability Scanner, Sql Server Integration Services, SSRS, Cognos 10, SQL Server Management Studio & SQL Server Business Intelligence Studio.

Responsibilities:

• Provide technical leadership to the enterprise for the information security program.
• Mentor and train others in information security in addition to training for other technical groups.
• Install and maintain security infrastructure, including IPS, IDS, log management, and security assessment systems. Assess threats, risks, and vulnerabilities from emerging security issues. Publish Security Updates newsletter for technical groups
• Draft enterprise security standards and guidelines for system configuration. Managed process and acted in the lead role for computer security incident response team.
• Perform and create procedures for system security audits, penetration-tests, andvulnerability assessments.