Security & Automation Engineer Resume
NJ
PROFESSIONAL SUMMARY
- A knowledgeable, creative and passionate security engineer with 10 years of IT experience includes penetration testing, security assessments and Test Automation.
- Certified Ethical Hacker (CEH) by EC Council
- Hands on experience in providing recommendations to improve the security posture of the application.
- Hands on experience in using the tools like Burp Suite, IBM app scan, SoapUI, HP Web inspect, HTTP watch.
- Good working knowledge on OWASP Penetration testing methodology, attack vectors in web and mobile applications, risk assessment and vulnerability reporting.
- In - depth knowledge on various vulnerability categories like Authentication, Authorization, Encryption, Session Management, XSS, SQL injection, CSRF etc.
- Performed threat modelling on various web applications.
- Good understanding of firewalls/IDS/IPS.
- Exposure to all stages of Agile, SDLC, STLC methodologies.
- Having good working knowledge on Agile Scrum environment.
- Knowledge on .net application development.
- Expertise in testing web services-SOA architecture, SOAP, HTTP andRESTusing various industry standard tools like SOAP UI.
- Possess good working experience in test automation on Selenium using C# and Java.
- Involved in different types of testing like Regression Testing, End to End Testing and Adhoc Testing, Certifying the patches in production.
- Involved in Peer reviews and Periodic review meetings.
- Excellent communication, interpersonal and presentation skills with strong analytical mind-set.
TECHNICAL EXPERIENCE:
Primary Skills: Web, mobile application penetration testing, OWASP methodology
Security Vulnerabilities: SQL injection, XSS, CSRF, Session Management, Cryptographic issues
Security Testing Tools: Burp Suite, AppScan, WebInspect, Fortify, Nmap, Nessus, Kali Linux
Protocols: HTTP, SSL, IPSEC, SSH, VPN, SMTP, FTP, TCP/IP
Programming skills: C, Java, C#, Python, HTML, CSS, JavaScript, VB Script,XML, JUnit
Database Servers: SQL Server 2008
Operating Systems: Windows 7, 8, 10,Windows Server 2008, IOS
Automation tools: Selenium using Java and C#,UFT 11.0/UFT12
GRC tool: Archer
PROFESSIONAL EXPERIENCE
Security & Automation Engineer
Confidential, NJ
Responsibilities:
- Responsible for developing and enhancing the Selenium Automation Framework using Eclipse Java.
- Worked on POC for Selenium framework using C#.
- Responsible for preparing the Automation Test Scripts.
- Involved in testing the database and data validation using SQL Queries.
- Involved in Regression test executions on Scubel application.
- Carried out manual penetration tests on Scubel client application.
- Manual penetration testing of web,IOS based applications
- Documenting all the vulnerabilities with proper risk assessment.
- Suggesting possible remediation’s to fix the vulnerabilities.
Security & Automation Engineer
Confidential
Responsibilities:
- Responsible for performing manual penetration testing, automated security scanning and static code analysis of ADP products using Burp Suite Professional, IBM AppScan.
- Analyze the scan results and effectively eliminate the false positives.
- Threat modelling applications to identify and address the security risks associated with them.
- Performed security testing for over 70 ADP web, mobile and desktop applications.
- Communicated and demonstrated the security vulnerabilities to development teams.
- Adding and updating the findings in Archer.
- Performed the remediation tests after the vulnerabilities are being fixed.
- Development and enhancement of STAT Team portal which is an internal application developed in C# to capture the team’s weekly efforts.
- Strategic approach towards proceeding with testing the application by defining the application perimeter.
- Manual penetration testing of web and IOS applications.
- Performing source code analysis against the findings reported by IBM App scan Source tool.
- Creating proof of concepts to demonstrate the exploits.
- Writing scripts/tools to perform security assessments of complex applications.
- Documenting all the vulnerabilities with proper risk assessment.
- Suggesting possible remediation’s to fix the vulnerabilities.
- Exploring different web technologies to understand the security issues arise in web applications.
- Web service penetration tests and occasional source code reviews.
- Training & Mentoring the new team members from the basics.
- Preparation of dashboard reports.
- Received appreciations for identifying critical risk security vulnerabilities: SQL injection, XSS, Authorization bypass.
- Evaluated various tools like SOAP UI and HP Web Inspect.
- Responsible for developing and enhancing the UFT/Selenium Framework by adding new functions.
- Involved in designing and developing a new framework in Selenium using C# and Java.
- Responsible for preparing the Automation Test Scripts.
- Involved in Regression test executions.
- Performed Smoke testing in Production environment when new code is released to Production.
- Responsible for certifying the patches before they are released to Production
- Preparing reports to publish to the management mentioning burn down charts, automation status of team etc.
- Involved in testing the database and data validation using SQL Queries.
- Performed Parallel, Cross - Browser, multiple platforms Testing using Selenium Webdriver.
- Actively involved in Scrum methodology for the project from requirements through the delivery of project.
- Developing scripts for build, deployment, maintenance and related tasks using Jenkins
- Involved in Sprint planning meetings and user story discussions.
- Reported and Tracked Defects using Quality Center,MTM,TFS,Rally