SUMMARY:

• Over 6+ years of experience in Information Security.
• Experience in manual penetration and application testing .
• Conducted network vulnerability assessments using tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.
• Monitor the security of critical systems (e.g., e - mail servers, database servers, web servers, etc) and changes to highly sensitive computer security controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
• Perform ethical cracks ("hacks") to assess the vulnerabilities of test, Internet, and/or Intranet connected systems, networks, and applications.
• Perform onsite and remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment.
• Identified vulnerabilities posing a high risk to the business and communicated them to the appropriate stakeholders for remediation, resulting in improved security posture and increased attack resiliency.
• Reviewed security architecture specifications and modelled real-world threats against the architecture.
• Hands on experience in conducting Web Application Security scan, Network Penetration Testing and Ethical Hacking using commercial and non-commercial applications and methodologies such as OWASP Top 10, IBM AppScan, Fortify, Burp Suite, DirBuster, Nmap, Nessus, Kali Linux, Metasploit, Accunetix.
• Involved in Software development Life cycle (SDLC) to ensure security controls are in place.
• Proficiency in scripting, Unix operating systems and windows.
• Generate and present reports on security vulnerabilities to both internal and external customers.

TECHNICAL SKILLS:

Tools: BurpSuite, DirBuster, OWASP ZAP Proxy, Nmap, Nessus, Kali Linux, Metasploit, Accunetix

Programming languages: Python, PHP

Web technologies: HTML, CSS, XML, JavaScript

Operating system: Kali Linux, GNU/Linux, Windows

Database system: MySQL, Oracle,MSSQL

PROFESSIONAL EXPERIENCE:

Confidential, Boston, MA

Security Tester/ Pen tester

Responsibilites:

• Provided security implementation for authorization, by controls like principle of lease privilege, Relinquishing privilege when not in use, Non Guessable tokens, forced browsing.
• Performed semi-automated and manual Web Application and Network Penetration Testing utilizing multiple tools to include Burp Suite, NetSparker, Tenable Nessus, SQLMap, AppDetective, Custom Scripts, metasploit, nmap, netcat, and other tools within the Kali Linux toolset.
• Maintaining and performing all Network configurations.
• Experienced in configuration and debugging applications like Web Server, FTP Server, Firewall Configuration, Mail Server and customization.
• Expertise in Maintaining all the Printer configurations and password protection to all the users’ in order to prevent them from unauthorized access.
• Strong Hands-on Experience in Penetration Testing, Vulnerability Testing, Security Analysis.
• Checking the site vulnerable to SQL injection.
• Identified attacks like SQLi, XSS, CSRF, RFI/LFI, logical issues.
• Experienced in performing user administration activities such as setting up user login Ids and assigning and resetting passwords, locking and unlocking users.
• Using various Firefox add-ons like Flag fox, Live HTTP Header, Tamper data to perform the pen test.
• Network scanning using tools like Nmap and Nessus.
• Diagnosed and troubleshot UNIX and Windows processing problems and applied solutions to increase client security .
• Regularly performed research to identify potential vulnerabilities in and threats to existing technologies, and provided timely, clear, technically accurate notification to management of the risk potential and options for remediation.
• Proficient in most application scan penetration tools using commercial and non-commercial applications and methodologies such as OWASP Top 10, IBM Appscan.

Environment: JAVA, PHP, MS SQL, Apache Kali Linux, Burp Suite, Dirbuster, IBM Appscan Enterprise, Nmap, Nessus.

Confidential, Bethpage, NY

Application security Researcher

Responsibilites:

• Analyzed product requirements, outlined test plans and conducted tests.
• Supervised product quality.
• Conducted penetration testing and security tests.
• Formulated scripts to test systems.
• Managed validation security testing.
• Identified vulnerabilities of applications by using proxies like Burpsuite to validate the server side validations.
• OWASP Top 10 Issues identifications like SQLi, CSRF, XSS.
• The ability to balance risk mitigation with business needs.
• Executed different payloads to attack the system using XSS.
• Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, Encryption, Privilege escalations.
• Provided and validated the controls on logging like Authentication, profile modification, logging details, log retention, duration, log location, synchronizing time source, HTTP logging.
• Identified vulnerabilities, recommend corrective measures and ensure the adequacy of existing information security controls.
• Educated business unit managers, IT development team, and the user community about risks and security controls.
• Prepared detail practices and procedures on technical processes.
• Participated security research, analysis and design for all client computing systems and the network infrastructure.
• Developed, implemented, and documented formal security programs and policies.

Environment: PHP, ASP, MS SQL, MY-SQL, Apache, OWASP ZAP Proxy, Dirbuster, HP Fortify, Nmap, Metasploit.

Confidential, Providence, RI

Security Project Engineer

Responsibilities:

• Interacting with related technical groups for resolving the pending hardware problems Provided basic operations and engineering support for information security systems and services, including Windows and Linux servers, endpoint security, computer forensics, vulnerability/penetration assessments, and security information and event management (SIEM).
• In-depth understanding of the OSI Reference Model and its security implications.
• Capable of designing, configuring, and maintaining network security devices with adherence to industry, best practice, and PCI standards.
• Experienced in Firewall implementation, firewall management, network management and troubleshooting connectivity, routing, and configuration issues with routers, switches, firewalls.
• Perform operating system, network and application vulnerability assessments to identify security exposures in the environment.
• Checking for uploading java scripts & html tags.
• Checking for source code disclosure exploit.
• Worked in the area of LAN & WAN. Monitoring and optimizing the Network Performance.
• Created, modified & deleted users, roles and assigned appropriate authorizations for application access.
• Established security policies for systems, and designed and managed secure networks for clients.
• Validate Input validations, sessions management, client protocol controls, cryptography, Logging, Information leakage.
• Increased efficiency of risk assessment engagements.
• Researched new attack vectors and mitigating solutions.
• Provided guidance to regional security teams.
• Provided analysis/opinions to senior management/project teams on “hard-to-solve” problems.
• Used Burp Suite, Dirbuster, HP Fortify Nmap tools on daily basis to complete the assessments.
• Engaged with development teams and promote secure design/development early in the SDLC.

Environment: JAVA, Asp.net, MySQL, Apache Kali Linux, Burp Suite, Dirbuster, Microsoft Visual Studio, HP Fortify, Nmap, Wireshark.