PROFESSIONAL SUMMARY

• A knowledgeable, creative and passionate security engineer with 10 years of IT experience includes penetration testing, security assessments and Test Automation.
• Certified Ethical Hacker (CEH) by EC Council
• Hands on experience in providing recommendations to improve the security posture of the application.
• Hands on experience in using the tools like Burp Suite, IBM app scan, SoapUI, HP Web inspect, HTTP watch.
• Good working knowledge on OWASP Penetration testing methodology, attack vectors in web and mobile applications, risk assessment and vulnerability reporting.
• In - depth knowledge on various vulnerability categories like Authentication, Authorization, Encryption, Session Management, XSS, SQL injection, CSRF etc.
• Performed threat modelling on various web applications.
• Good understanding of firewalls/IDS/IPS.
• Exposure to all stages of Agile, SDLC, STLC methodologies.
• Having good working knowledge on Agile Scrum environment.
• Knowledge on .net application development.
• Expertise in testing web services-SOA architecture, SOAP, HTTP andRESTusing various industry standard tools like SOAP UI.
• Possess good working experience in test automation on Selenium using C# and Java.
• Involved in different types of testing like Regression Testing, End to End Testing and Adhoc Testing, Certifying the patches in production.
• Involved in Peer reviews and Periodic review meetings.
• Excellent communication, interpersonal and presentation skills with strong analytical mind-set.

TECHNICAL EXPERIENCE:

Primary Skills: Web, mobile application penetration testing, OWASP methodology

Security Vulnerabilities: SQL injection, XSS, CSRF, Session Management, Cryptographic issues

Security Testing Tools: Burp Suite, AppScan, WebInspect, Fortify, Nmap, Nessus, Kali Linux

Protocols: HTTP, SSL, IPSEC, SSH, VPN, SMTP, FTP, TCP/IP

Programming skills: C, Java, C#, Python, HTML, CSS, JavaScript, VB Script,XML, JUnit

Database Servers: SQL Server 2008

Operating Systems: Windows 7, 8, 10,Windows Server 2008, IOS

Automation tools: Selenium using Java and C#,UFT 11.0/UFT12

GRC tool: Archer

PROFESSIONAL EXPERIENCE

Security & Automation Engineer

Confidential, NJ

Responsibilities:

• Responsible for developing and enhancing the Selenium Automation Framework using Eclipse Java.
• Worked on POC for Selenium framework using C#.
• Responsible for preparing the Automation Test Scripts.
• Involved in testing the database and data validation using SQL Queries.
• Involved in Regression test executions on Scubel application.
• Carried out manual penetration tests on Scubel client application.
• Manual penetration testing of web,IOS based applications
• Documenting all the vulnerabilities with proper risk assessment.
• Suggesting possible remediation’s to fix the vulnerabilities.

Security & Automation Engineer

Confidential

Responsibilities:

• Responsible for performing manual penetration testing, automated security scanning and static code analysis of ADP products using Burp Suite Professional, IBM AppScan.
• Analyze the scan results and effectively eliminate the false positives.
• Threat modelling applications to identify and address the security risks associated with them.
• Performed security testing for over 70 ADP web, mobile and desktop applications.
• Communicated and demonstrated the security vulnerabilities to development teams.
• Adding and updating the findings in Archer.
• Performed the remediation tests after the vulnerabilities are being fixed.
• Development and enhancement of STAT Team portal which is an internal application developed in C# to capture the team’s weekly efforts.
• Strategic approach towards proceeding with testing the application by defining the application perimeter.
• Manual penetration testing of web and IOS applications.
• Performing source code analysis against the findings reported by IBM App scan Source tool.
• Creating proof of concepts to demonstrate the exploits.
• Writing scripts/tools to perform security assessments of complex applications.
• Documenting all the vulnerabilities with proper risk assessment.
• Suggesting possible remediation’s to fix the vulnerabilities.
• Exploring different web technologies to understand the security issues arise in web applications.
• Web service penetration tests and occasional source code reviews.
• Training & Mentoring the new team members from the basics.
• Preparation of dashboard reports.
• Received appreciations for identifying critical risk security vulnerabilities: SQL injection, XSS, Authorization bypass.
• Evaluated various tools like SOAP UI and HP Web Inspect.
• Responsible for developing and enhancing the UFT/Selenium Framework by adding new functions.
• Involved in designing and developing a new framework in Selenium using C# and Java.
• Responsible for preparing the Automation Test Scripts.
• Involved in Regression test executions.
• Performed Smoke testing in Production environment when new code is released to Production.
• Responsible for certifying the patches before they are released to Production
• Preparing reports to publish to the management mentioning burn down charts, automation status of team etc.
• Involved in testing the database and data validation using SQL Queries.
• Performed Parallel, Cross - Browser, multiple platforms Testing using Selenium Webdriver.
• Actively involved in Scrum methodology for the project from requirements through the delivery of project.
• Developing scripts for build, deployment, maintenance and related tasks using Jenkins
• Involved in Sprint planning meetings and user story discussions.
• Reported and Tracked Defects using Quality Center,MTM,TFS,Rally