PROFESSIONAL SUMMARY:

• Having 6 years of experience in IT industry as web application security professional. Specialized in information technology assurance, web application security, application security controls and validation, regulatory compliance and Secure Software Development Life Cycle (Secure SDLC).
• Experience in Developing and Implementing of Information Security Policies and Guidelines as per OWASP (Open Web Application Security Projects), SANS Secure Coding guidelines
• Hands on Experience on vulnerability assessment and penetration testing using various tools like Burp Suite, Fiddler, ZAP Proxy, SQL map, HP Web Inspect and IBM AppScan, checkmarx, HP fortify.
• Having experience in identifying SQL Injection, Script Injection, XSS, Phishing and CSRF attacks.
• Involved in Secure Software Development Life Cycle (secure SDLC) process.
• Possesses substantial understanding and experience on teh SSDLC, which has been TEMPeffectively translated across a number of consulting engagements.
• Hands - on with DAST, SAST and manual ethical hacking.
• Create detailed assessment reports with remediation, recommendations, and present findings to clients and re-testing teh security issues.
• Vulnerability Assessment includes analysis of bugs in various applications spread across N-tier on various domains by using both manual and Automation tools.
• Excellent oral and written communications, interpersonal, negotiation, judgment, decision-making, analysis and problem-solving skills.

TECHNICAL SKILLS:

Web Application: Acunetix Web Vulnerability Scanner, IBM Appscan, Zap, HP Web Inspect, Paros, Fiddler2, Brup suite, FortyDB

Servers and Databases: MSSQL, Oracle

Web Services Testing: Soap UI tool and SOA Test tools for web services security

Tracking tools: Bugzilla, QC Trac, Team Forge

Network Auditing: Nessus, GFILAN Guard, NMAP

Web Technologies: HTML, Web services, XML

Languages: C, Java, Python Scripting Java, C++, C, SQL, X86, VBA, Python, Java Script

PROFESSIONAL EXPERIENCE:

Confidential, Reston, VA

Application Security Engineer

Responsibilities:

• Performed Web Application Security /Penetration Testing in accordance with OWASP standards using manual techniques and also automated tools.
• Recommend Best Practices for securing teh Application.
• Communicating and coordinating day-to-day project activities within teh project team and assure dat priorities are developed and known.
• Provide assistance to IT staff and provide all security specifications for all vendor products and evaluate all requests for security architecture.
• Assess all risk and evaluate all impact for technology changes in processes and maintain knowledge of all security systems and deploy all required infrastructure.
• Manage all repeated threats to all systems and perform vulnerability tests.
• Evaluate all system and recommend all application patches and suggest appropriate security products and perform regular audit on systems and ensure compliance to all standards and policies.
• Vulnerability assessment using Nessus and other monitoring tools.
• Build enterprise risk dashboards and generate reports as needed for teh organization

Environment: Web inspect, Burp suite, Nmap, Nessus, GRC Tools, Archer, Windows, Linux

Confidential, Blue Bell, PA

Application Security Engineer

Responsibilities:

• Conducted application penetration testing of 20+ business applications.
• Conducted Vulnerability Assessment of Web Applications.
• Responsible for leading in teh research, mitigation, and coordination of actions designed to reduce information security risk across internet facing presence.
• Coordinate with dev team to ensure closure of reported vulnerabilities by explaining teh ease of exploitation and teh impact of teh issue.
• Security assessment of online mobile applications to identify teh vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
• Update with teh new hackings and latest vulnerabilities to ensure no such loopholes are present in teh existing system.
• Created clear communication and collaboration with internal and external teams.
• Performing onsite & remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment.
• Responsible for performing application penetration testing on web, thick client, and other types of applications to identify significant vulnerabilities dat threaten teh confidentiality, integrity, and availability of customer systems.
• Change Management to highly sensitive Computer Security Controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
• Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System Vulnerabilities and develop remediation plans and Security Procedures.
• Identifying teh critical, High, Medium, Low vulnerabilities in teh applications based on OWASP Top 10 and SANS 25 and prioritizing them based on teh criticality.

Environment: ASP, Kali Linux, Nessus, Nmap, Metasploit, HPfortify, HPwebinspect

Confidential

Application Penetration Testing

Responsibilities:

• Established vulnerability assessment practice, proactively ensuring safety of client-facing applications and minimizing client audit findings.
• Performing security analysis and identifying possible vulnerabilities in teh key derivation function, create Vulnerability Assessment report detailing exposures dat were identified, rate teh severity of teh system & suggestions to mitigate any exposures & testing known vulnerabilities.
• Having real time experience in Sql Injection protection, XSS protection, script injection and major hacking protection techniques
• To address and integrate Security in SDLC by following techniques like Threat Modeling, Risk Management, Logging, Penetration Testing, etc.
• Providing fixes & filtering false findings for teh vulnerabilities reported in teh scan reports.
• Adding new vulnerabilities to teh Vulnerability Database for various platforms with proper exploits.
• Scan Networks, Servers, and other resources to validate compliance and security issues using numerous tools
• Assisting in preparation of plans to review software components through source code review or application security review
• Assist developers in remediating issues with Security Assessments with respect to OWASP standards.

Confidential

Web Application Security Engineer

Responsibilities:

• OWASP Top 10 Issues identifications like SQLi, CSRF, XSS.
• Preparation of risk registry for teh various projects in teh client.
• teh development team on teh secure coding practices.
• Conducted research, mitigation, and coordination of actions designed to reduce information security risk across internet facing presence.
• Providing details of teh issues identified and teh remediation plan to teh stake holders
• Verified teh existing controls for least privilege, separation of duties and job rotation.
• Involved in a major merger activity of teh company and provided insights in separation of different client data and securing PII
• Identification of different vulnerabilities of applications by using proxies like Burpsuite to validate teh server-side validations
• Execute and craft different payloads to attack he system to execute XSS and different attacks.
• SQLMap to dump teh database data to teh local folder.
• Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, encryption, Privilege escalations.