SUMMARY:

• Professional with 6+ years of progressive experience in Information Technology with extensive experience in Information Security, Application Security, Software Security, Enterprise Vulnerability Management, penetration testing and generating reports using tools.
• Domain expertise in Telecom, Banking and Financial Services, Health Care.
• Expertise in performing Application Security risk assessments throughout the SDLC cycle Performed Application security which includes Application Security design, review, testing and remediation
• Experience in vulnerability assessment and penetration testing using various tools like Burp Suite, DirBuster, OWASP ZAP proxy, NMap, Nessus, Hp Fortify, IBM AppScan enterprise, Kali Linux,Metasploit.
• Good experience in Web technologies like HTTP, HTML, CSS, Forms, Database Connectivity.
• Good knowledge in programming and scripting in asp, Java.
• Simulate how an attacker would exploit the vulnerabilities identified during the dynamic analysis phase.
• Coordinate with dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.
• Reporting the identified issues in the industry standard framework.
• Sound knowledge and industry experience in Vulnerability Assessment and Penetration.
• Testing on WEB based applications, Mobile based application and Infrastructure penetration testing.
• Broad knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support.
• Proven experience in manual/automated security testing, secure code review of web and mobile applications
• Security assessment based on OSSTMM methodology and OWASP framework.
• Experience in establishing process for periodic reviews of privilege user groups at AD,database and application level.
• Implementation and review of security controls across SDLC.
• Ability to work in large and small teams as well as independently.

TECHNICAL SKILLS:

Standards & Framework: OWASP, OSSTMM, PCI DSS

Application Scanners: IBM Appscan, HP Webinspect

Network Security Tools: Nessus, NMap

Proxies/Sniffers/Tools: Burp Suite, Web scarab, Wireshark, DirBuster

Operating Systems: Windows, RHEL, Kali Linux

Databases: MySQL, MS SQL, Oracle

Penetration Testing: Wireshark, Metasploit Framework

Programming Languages: C, C#, Java, Python, Javascripting, Swift,Obj - C

PROFESSIONAL EXPERIENCE:

Confidential, ATLANTA-GA

PENETRATION TESTER

Responsibilities:

• Performed manual application security testing on the everyday changes carried out in the application.
• Performed Automation scanning and analysis on the applications on a monthly basis.
• Uncovered high vulnerabilities at the infrastructure level for internet facing web sites.
• Documented information security guidance in step by step operational procedures.
• Performed static code reviews with the help of automation tools.
• Network scanning using tools like NMap and Nessus
• Initiative to streamline the access control mechanism of various applications.
• Provided the development team with detailed reports based on the findings obtained from the manual and automated testing methodologies, also provide the necessary remediations for individual findings.
• Attended meetings with development team to discuss the previously submitted reports on the findings to ensure that the fixes are made to those applications.
• Performed a threat analysis on the new requirements and features.
• Burp Suite, DirBuster, Hp Fortify, NMap tools were used as part of the penetration testing, on daily basis to complete the assessments.

Confidential, SAN JOSE, CA

PENETRATION TESTER

Responsibilities:

• Performed grey box testing of the web applications.
• Execute and craft different payloads to attack the system for finding vulnerabilities with respect to input validation, authorization checks, etc.
• Review and Validate the User Access Compliance on a quarterly basis.
• Review the requirements for privileged access on an everyday basis and provide recommendations.
• Review and validate the privileged users and groups at Active Directory, Databases and application on a periodic basis.
• Documented information security guidance in step by step operational procedures.
• Performed static code reviews with the help of automation tools.
• Performed a threat analysis on the new requirements and features.
• Burp Suite, DirBuster, Hp Fortify, NMap tools were used as part of the penetration testing, on daily basis to complete the assessments.
• Establishing and improving the processes for privileged user access request.
• Review of firewall rules and policies in web proxy.
• Highlight the user access and privileged user access risks to the organization and providing the remediation plan.

Confidential

SECURITY TEST ENGINEER

Responsibilities:

• Identified attacks like SQLi, XSS, CSRF, RFI/LFI, logical issues.
• Performed security implementation for authorization, by controls like principle of least privilege, Relinquishing privilege when not in use, Non guessable tokens, forced browsing.
• Using various Firefox add-ons like Flag fox, Live HTTP header, and Tamper data to perform the pen test.
• Performed port scanning using Network scanning tools like NMap and Nessus.
• Diagnosed and troubleshot UNIX and windows processing problems and applied solutions to increase client security.
• Performing manual/automated application security testing on the major changes carried out in the application.
• Guiding the developers in fixing the issues by simulating the attack.
• Performing a threat analysis on the new requirements and features.
• Taking session and spreading security awareness.