SUMMARY

• Software Test Engineer with Fifteen years of experience involved in all phases of Software Development Life Cycle, which includes system study, analysis, development, debugging, testing, implementation, industry standards for testing, GUIs, document control, version control & documentation of various applications
• Senior Software Assurance proficient at providing system security support to a fast - paced, highly demanding federal agency which includes Department of Defense (DoD), Defense Information Security Agency (DISA). Sean software for vulnerabilities analysis using Micro Focus WebInspect and Fortify Static Code Analyzer (SCA). Experience with technical documentation related to NIST SP, 53A, REV 4 and Risk Management Framework (RMF), continuous monitoring, and POA&M management. Prepare and document reports including assessment- based findings, outcomes and vulnerability Metris.
• Kick of Jenkin New build Console Output Status Report Generated Deployment and Debugging Static File using DEV & SAT using Jenkins and AquSec,
• Mesosphere DC/OS Logs (Error stderr) and (Output stdout) and Docker Snapshot Container Status Report Generated after it Launches Using DEV & SAT using Maven and Mesosphere.
• Experience with creating automated CI/CD processes and working with various technologies such as GitLab, GitHub, Jenkin, Aqusec, SonarQube, Veracode
• Vulnerability scanning using approved DoD scanner. Application code scanning with Fortify or other industry standard product.
• Extensive Experience in preparation and working with others in creating Test Strategies, Plans, Cases & Scripts
• Experience in multiple applications in IEEE, IV&V, CMMI, VV&A, and DoD regulations, standards and policies.
• Wrote test suite to verify XML response from REST based web service and developed a UAT strategy, process, test plan, procedures and reports for acceptance testing.
• Experience in Manual and Automation Software Testing, Test methodologies, preparation of test data, preparation and execution of Regression Test scripts, preparation of weekly Status Report
• Experience in using test management & bug-reporting tool Quality Center/Test Director/IBM Rational Clear Case/Bugzilla, Jira.
• Extensive Experience in use of HP Interactive Suite of Automated Testing Tools Quick Test Pro, Load Runner, Win Runner and Test Director/Quality Center, HP Web Inspect, and HP Fortify.
• Experience in testing various applications in Java, J2EE, Web Logic, Oracle, Linux, Solaris, SQL Server,
• Possess excellent interpersonal, written, verbal communication skills and strong analytical, problem solving, decision-making skills coupled with the proven ability to work independently or as a member of a team successfully
• Possesses a positive attitude and high level of professionalism to meet the expectations of client demands and the corporate culture
• Able to work in a hectic environment and to change direction quickly while prioritizing request from the Test Lead or Project Manager
• Fortify SCA, Fortify Audit Workbench, Micro Focus WebInspect, Fortify Software Security Center (SSC), SonarQube Putty, WinSCP, SSH, AqueSec, Docker, Jenkins.
• Performed Code testing and analyzed the results using HP Fortify, Veracode
• Experience performing Security testing, Vulnerabilities testing, Penetration testing,using tools such as HP WebInspect
• Used Load Runner for Volume, Performance and Load testing with Web multiple protocol (HTTP/HTML, Web- Services, Web - click and script, Ajax- click and script and Flex
• Utilize HP Quality Center, ALM for linking requirements to test cases and managing test execution and defects
• Database solutions/design/modeling. Design, Develop SSIS packages to migrate the data from legacy DB to SQL Server.
• Performance Analysis and Tuning, Production Support & Maintenance solutions of various web-based Software Projects.
• Lead teams in Waterfall, Agile and SCRUM development methodologies.

TECHNICAL SKILLS

Testing Tools: HP Web Inspect, HP Fortify, Checkmark, Burpsute, Kali Linux, HP QuickTestPro, UFT, TestDirector, Quality Center, ALM, LoadRunner, WinRunner, PVCS, Rational TestManager, HP Fortify, HP WebInspect, Checkmarx, Bursuite, KaliLinux. Nessas, Aqua, SonarQube, Jenkins

Software: VB, HTML, SQ

LOperating Systems: Operating Systems - Windows 95/98/2000/XP, Windows NT and Sun Solaris/Unix, Linux.

Languages: Java, J2EE, Python, .Net, Rubi, HTML, DHTML and XML

RDBMS: Oracle, SQL Server, MS Access

Tools: SQL Loader, Microsoft Office Suite, TOAD

CM Tools: Web Server - Web logic, Apache Server, Java Web server

Database: SQL Server, Oracle 10g, 11g and MS-Access. Platforms - Visual Studio. NET SharePoint, Visual Basic

PROFESSIONAL EXPERIENCE

Confidential, Washington DC

Cyber Security Code Reviewer

Responsibilities:

• Conduct web application and code testing for all systems and applications within the Confidential environment, and open-source dependencies, providing analysis and risk assessments for vulnerabilities discovered. The Contractor shall provide highly skilled developers with deep understanding of secure coding concepts and practices, skilled in writing and correcting coding mistakes for source code written in Java, Ruby, C#, Javascript, and other languages.
• Utilize code analysis and fuzzing tools that are furnished or approved by the Government to assess the quality and security of Confidential source code.
• Conduct code reviews for all code changes for a given application release, providing both a detailed risk analysis of the security posture of the code and technical programming solutions (secure coding standards) to the developers to mitigate insecure code from being implemented.
• Apply the DoD-DHS Software Assurance Forum guidance to Confidential /DHS Systems Lifecycle Process, software development, and engineering principles.
• Provide DevOps evaluation, implementation, and operations support for Confidential static and dynamic code analysis tools (currently HPe WebInspect Enterprise, and HPe Fortify). This includes user account and access management, server management, monitoring, patching, version upgrades, and integration with continuous integration/continuous delivery pipelines.
• Working with AppScan Source code, HPE Security Fortify SCA platform
• Experience with BOTH manual and automated penetration testing of web applications using Client Webinspect.
• Knowledge and understanding of application or softwaresecuritysuch as: web application penetration testing, securecodereview, secure staticcodeanalysis
• Conduct dynamic applicationsecuritytesting using both manual and automated testing tools.
• Generate HPE Security Fortify SCA/HP WebInspec report and review test results
• Ensure that automated tests are completed successfully
• Identify and remove any false positives from automated testing tool reports
• Working Federal Information Security Management Act (FISMA).
• National Institute of Standards and Technology (NIST Rev 4)
• Provide applicationsecurityconsulting SME Support to developers
• Assist developers with understanding ofsecuritydefects and risk
• Stay up to speed on 3rd party (inside and outside Client) knownsecurityvulnerabilities
• Hands onexperience with HPE Fortify SCA.
• Hands on experience with integrating SCA code scanning into the build process
• Code scanning experience - Manual/Automated/Static/Dynamic
• Experience with application security source code scan tailoring, defect analysis and false positive/negative identification
• Experience with Open Web Application Security Project (OWASP) Top 10.
• Developed HPE Security Fortify SCA Application and Audit workbench with Java/Ruby/.Net/Python platform.
• Provided (OWASP) Top 10-2013 Auditing False Positive, Exploitable, Acceptable Risk, identification.
• Hands on experience with HP Fortify scanning - support a decentralized scanning model.
• Actively doing Security and Vulnerability Code Scans with HP WebInspect.
• Ability to assist Customer resource in secure development techniques using HPE Security Fortify SCA
• Experience in web development or application code review.
• Experience testing for security vulnerabilities. Security Assessment Report preparation.
• Develop Security Test Plan.
• Hands-on experience of running the web application testing, performing Security and Vulnerability Code Scans with HP WebInspect.
• Hands on experience with security, web-based and infrastructure vulnerabilities is required.
• Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience.
• Vulnerability Management: ISS Internet Scanner, Tenable Nessus/WebInspect/Fortify Security Center Vulnerability Assessment Scanner
• Experience in static & dynamic testing techniques and tools such as Fortify, Appscan. Evaluate applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques.
• Relevant tool experience should include code security scanners such as Fortify SCA, Checkmarx, web vulnerability scanners such as HP WebInspect tools such as BurpSuite, Metasploit, Core Impact, etc. Performed Code testing and analyzed the results using HP Fortify/Checkmarx. Performing manual testing and source code review using tools HP Fortify/Checkmarx validating test results and identifying root cause.
• Experience of (technical) Information Security, Red Team, development operations, incident response, or forensics analysis.
• Experience with ethical hacking, firewall and intrusion detection and prevention technologies, secure coding practices, and threat modeling.
• Hands on Experience to plan and perform security controls assessments in accordance with National Institute of Standards and Technology (NIST) SP A rev 4, to include interviews, examinations, and technical vulnerability testing. Knowledge to assess, review, update and develop documentation to satisfy RMF, National Institute of Standards and Technology (NIST), Federal Information Security Management Act (FISMA), and FISCAM support activities for non-DOD federal agencies
• Experience security control assessments Security Controls Assessment (SCA), which could include interviews & examinations, security test and evaluation (ST&E), vulnerability assessments, and penetration testing. Developed performing Security Controls Assessment (SCA) on networks, servers. Able to install, configure and tune HPE Fortify and WebInspect product suites. Hands on experience with HP Fortify (backend - application and database server)
• Experience with HP Fortify scanning - support a decentralized scanning model. Experience in doing Security and Vulnerability Code Scans with HP WebInspect. Experience performing Security Testing using tools such as HP WebInspect. Ability to assist Customer resource in secure development techniques using HPE Fortify SCA
• Develop Security testing and generated the status report using HP Web Inspect. Review requirements and design documents to ensure requirement documentation is testable. Involved in extensive DATA validation using SQL queries and back-end testing. Created conceptual, logical, and physical data models and Analyzed data using SQL and other tools. Experience in writing SQL queries for data verification and backend testing

Environment: Ruby & Rails, GitHub, Python, Winscp, Winzip, Putty, HPE Security Fortify SCA, .Net, Linux, Java, HTML, SQL plus, SQL-Developer, HP Web Inspect, HP Fortify. Linux, Java J2EE, HTML, SQL plus, SQL-Developer.

Confidential, Arlington, VA.

Software Test Engineer Lead

Responsibilities:

• Developed performance test strategy, test plans, test summary and publish performance test metrics to senior management.
• Manage the Requirements Traceability Matrix (RTM) to ensuring all requirements are documented and linked to design and test collateral.
• Experience in all types of Performance testing (Load/Stress/Endurance, Skilled in Load runner tools (Vugen, Controller, and Analysis tool)
• A good understanding of web application and browser concepts (HTTP, connections, cookies, caching, streaming, etc)
• Create and maintain test scripts using Load Runner/PC for desktop and mobile applications using multiple protocols, troubleshoot issues from analyzing logs/output errors from performance center.
• Experience with performance testing tools i.e., HP- Load Runner/Performance Center
• Designs, develops and executes many distinct types of performance tests based on application requirements.
• Expert in analyzing performance test result and identify bottlenecks of web applications
• Record and enhance Vugen scripts to emulate real world users.
• Sets up monitoring both in HP Performance Center and with support them members
• Acts as a performance consultant to the technology team
• Assists project status meetings/sprint planning sessions in representation of the Performance team.
• Manages the development and execution of both functional and performance test scripts for Unit Testing, and Integration Testing
• Performed Code testing and analyzed the results using HP Fortify.
• Performing manual testing and source codereview using tools HP Fortify validating test results and identifying root cause.
• Designs, specifies, implements, and maintains systems.
• Hands on experience with HP Fortify (backend - application and database server)
• Experience with HP Fortify scanning - support a decentralized scanning model.
• Experience in doing Security and Vulnerability Code Scans with HP WebInspect.
• Experience performing Security Testing using tools such as HP WebInspect
• Experience testing for security vulnerabilities.
• Security Assessment Report preparation
• Develop Security Test Plan
• Hands-on experience of running of the web application testing tools HP Web Inspect
• Develop Security testing and generated the status report using HP Web Inspect.
• Review requirements and design documents to ensure requirement documentation is testable
• Plan and document High level test case scenarios for assigned application
• Developed detailed reusable test cases and test scripts for in scope high level test case scenarios
• Supports testing of iterative development methodologies such as Agile
• Utilizes tools such as HP Application Lifecycle Management (ALM) defect tools.
• Proficient with HP LoadRunner and Performance Center to design and execute performance tests against applications with a multi-tier architecture.
• Strong ability to write test plans, cases and record/track defects.
• Experience working on performance testing and engineering of large-scale web applications.
• Hands-on expertise on web protocols of LoadRunner
• Coordinate and collaborate with multiple groups to determine, gather and verify performance test needs
• Develop a workload simulation matrix and determine scripting scenarios
• Develop a Performance Test Plan/Strategy document that includes short- and long-term test objectives, types of tests required, workload matrix, scenarios, etc
• Document test results and develop custom made summary reports to satisfy both technical and non-technical stakeholders.
• Experience in developing multi-protocol (web, database, terminal emulator/mainframe, etc.) advanced scripts that follow object-oriented framework using HP LoadRunner/Performance Center
• Gather Non-Functional Requirements and understand performance SLAs
• Collaborate with Engineering, Product Management, Professional Services, Client and 3rd parties at various stages of the performance tests
• Expertise in a variety of performance test tools such as Apache JMeter, WebLoad, PH Performance Center/ LoadRunner
• Supports the prioritization of requirements and matches resources with requirements
• Proven experience in agile methodologies and continuous integration
• Coordinate with system partners to schedule System Integration Testand User Acceptance Test.
• Coordinate with client to identify UAT testers and provision the required access to perform testing.
• Manage User Acceptance Testing (Define Test Approach and Tester Roles and Responsibilities, coordinate environment access, coordinate onsite logistics, track test execution and results, document defects, brief results to client leadership)
• Manage communications with project and client leadership (overall status updates,progress on writing test scripts, test readiness, test execution and defect resolution).
• Experience using HP Performance Center (HPPC)
• Strong understanding of the methods, processes, and procedures to performance test for personnel & paysystems including the selection of techniques and methods to be used to validate the system requirement specification
• Experience in developing test scripts, scenarios, and use cases
• In-depth experience in using HP ALM and HPPC
• Experience of organized, detail-oriented, and be able to work independently
• Basic understanding of data center asset stacks, including Applications, Middleware, Databases, Operating Systems, Virtual Machines, Servers, Storage, and Network.

Environment: Linux, Java J2EE, HTML, SQL plus, SQL-Developer, HP-Load Runner/PC, HP Web Inspect, HP Fortify. Java, HTTP, LDAP, .NET, MS SQL Server, ODBC, Oracle - 2 Tier, Oracle NCA, Oracle Web Applications 11i, Microsoft Office 2013, Visio, WinSCP, Putty

Confidential

Developmental Software Test Engineer Lead

Responsibilities:

• Performed testing the functionality, interoperability, scalability, performance, and usability of the SCM related systems.
• Develop test plans for evaluating the functionality, interoperability, performance, scalability, and usability of each release of the SCM programs.
• Wrote test suite to verify XML response from REST based web service and developed a UAT strategy, process, test plan, procedures and reports for acceptance testing.
• Application Security experience with hands on Penetration Testing
• Vulnerability Management with experience advising clients on results and how to remediate problems
• Perform basic vulnerability scans using vendor utility tools
• Tenable Security Center implementation and configuration experience
• Provide expertise in the areas of database security, web application security, systems security, and network security
• Assist in performing product evaluations and recommend products/services for network security
• Validate and test basic security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies
• Responsible for identifying the enterprise impact of deploying and upgrading the system under test.
• Developed and executed test plans for each of the assigned SCM programs.
• Provided a report outlining the results of the test event and any potential impacts identified during testing after completion of the test event.
• Performed Code testing and analyzed the results using HP Fortify.
• Designs, specifies, implements, and maintains systems.
• Hands on experience with HP Fortify (backend - application and database server)
• Knowledge of HP Fortify client packaging
• Experience with HP Fortify scanning - support a decentralized scanning model.
• Performing manual testing and source codereview using tools HP Fortify validating test results and identifying root cause.
• Experience performing Security Testing using tools such as HP WebInspect
• Experience testing for security vulnerabilities.
• Security Assessment Report preparation
• Develop Security Test Plan
• Hands-on experience of running of the web application testing tools HP Web Inspect
• Experience in doing Security and Vulnerability Code Scans with HP WebInspect.
• Develop Security testing and generated the status report using HP Web Inspect.
• Advanced to expert knowledge in VuGen Scripting, Loadrunner, Performance Center
• Designed Performance test scenarios, VuGen Scripts using Load Runner, ran Baseline and Stress Test, analyzed the results.
• Hands on experience with XML, soap interfaces, &Web Services protocols
• Sound knowledge on analysis of test results and finding issues/bottlenecks
• Experience track the project status closely, prepare summary reports, pro-actively identifying the risks and prepare mitigation plan.
• Used Load Runner for Volume, Performance and Load testing with Web multiple protocol (HTTP/HTML, Web- Services, Web - click and script, Ajax- click and script and Flex)
• Microsoft SQL Server 2005+ and Microsoft IIS Web Servers.
• Generated and implemented templates for Test Plan, Test Cases, Test Scripts.
• Responsible for analyzing the requirements and the critical areas of the application to setup and execute baseline tests.
• Involved in Designing, Planning, Manual and Automation testing of the application.
• Execute test plans in structured test events.
• Developed and executed Test Cases based on reviewing and understanding both requirement documentation and technical specifications.
• Responsible for automated test case development, automated test case execution, and documentation of results for various testing activities.
• Experience in Manual test scripts were developed and converted into automation scripts for regression testing and smoke testing using RFT.
• Documented and reported the defects with evidence using PVCS Tracker and Quality Center.
• Briefed any major impacts that were identified during testing to the Quality Test Manager, Govt Test Lead.
• Experience in Rational Quality Manager includes a set of predefined reports to give the status of the project
• Documented discrepancies in the installation/upgrade/user guide identified during testing.
• Assisted the Test Manager and System Administrator as needed with lab configuration and maintenance.
• Participated in weekly project meetings and organized defect meetings.
• Participate in regular meetings with the engineering team of the SCM programs assigned.

Environment: Linux, Java J2EE, HTML, SQL plus, SQL-Developer, HP-Load Runner11.50, HP Web Inspect, HP Fortify. Cristal Report.

Confidential, Washington DC.

Software Test Engineer Lead

Responsibilities:

• Developed test plan and test cases using user Functional Requirements Document (FRD) and Data Matrix and upload test cases in Serena Dimensions.
• Performed functional testing to check the functionality of the GUI applications.
• Performed Negative and Positive testing
• Experience in the IT software process with IV&V, QA and testing fields, leading teams through the whole software life cycle, business analysis, requirement definition, data analysis, application design and development, data conversion, testing, and implementation. Lead system, acceptance, IV&V, QA, and operational test teams
• Performed Integration testing, Regression testing, and Smoke testing
• Communicated with team lead, project manager, developers, and operation team members to optimize the system configuration
• Developed ad hoc testing
• Developed a UAT strategy, process, test plan, procedures and reports for acceptance testing.
• Review Division mission, goals and objectives; assess business processes against the stated requirements.
• The DOJ/EOUSA Remedy System and opened tickets.
• Section 508 Compliance Test.
• Reported and tracked bugs/defects using Bugzilla
• Developed and executed test cases and verified actual results with expected results.
• Worked closely with Requirement analysts, developer, database administrators, and configuration management teams
• Led the projects of test engineers managing and delegating project tasks
• Analyze the Business Requirements of the Product/system. Worked with the development team to review project plans, requirements specification, design documents, and computer software.
• Develop Test Scenarios with Test Data to support Test Objectives.
• Documented and maintaining the test daily status reports.
• Performed MS-Patch testing and weekend support in production in client side.

Environment: J2EE, HTML, SQL plus, SQL-Developer, Oracle11g, Dimensions10.0, USAnet-SharePoint, HP Quick Test Professional. And HP-Load Runner11.0 Windows 7, Visual Studio.NET 4.0, Web Server, Microsoft Visio 2010

Confidential, Arlington, VA

Software Test Engineer Lead

Responsibilities:

• Responsible for developing Test Plan based on Functional and Technical Specification of the Application.
• Utilize HP Quality Center for linking requirements to test cases and managing test execution and defects
• Responsible for designing, developing and maintaining automated test tools, scripts for application profiling, performance and load test suites.
• Create a plan for performance test environment and overall performance test strategy as an integral part of the development process.
• Performed Capabilities IV&V on System of Systems and SOA and cloud architecture products.
• Developed Directives and Instructions for the client in T&E, V&V and Quality Assurance for all developed software product.
• Established a program from Ad Hoc for IV&V in the Enterprise Architecture (EA) a major source criterion for V&V. The EA defines the operational and technical framework for all capital assets of the Program.
• Analysis the requirements and develop scenario after that from scenario I develop the test cases.
• Analysis of Use Cases, Functional, Non-functional Requirements, and Service Oriented Architecture (SOA) Service Specifications and generate Test Requirements and Specifications for Functional Testing and System Integration Testing.
• Design test plans, test strategies, test scenarios, test cases and test scripts. Use of Test Tools is critical.
• Oversee execution and perform hands-on execution of test cases and test scripts, reporting results metrics and creation ofTest and Analysis Reports.
• Interact with client and development teams on a daily, weekly and monthly basis.
• Developed and executed test plans and test cases based on the Requirement, and Design Documents.
• Worked with multiple applications interfaces to support testing of primary application.
• Refine performance test environment architecture
• Automate code and configuration deployment within the performance test environments.
• Design and execute performance and load tests
• Automate performance and load test scripts/ scenarios
• Record and store performance data over time for use in trending, troubleshooting, and forecasting.
• Develop models for performance testing based on logs of web activity.
• Identify and report performance bottlenecks
• Multi-tasking capability and flexible working habits to meet very strict deadlines
• Develop test plans and test cases for software releases
• Conduct system testing and documentation activities
• Participate with Business Analysts in documenting requirements and ensuring they are testable
• Experience creating and running automated test scripts
• Architect and design test automation frameworks in collaboration with the Testing team and Development teams in QTP & Quality Center workflow.
• Design and Architect modular and reusable automated testing solutions that satisfy testing requirements.
• Develop functional/regression automated testing solutions using QTP.
• Create and execute test scripts, cases, and scenarios that will determine optimal system performance according to specifications.
• Research new technologies, develop cutting-edge automation and provide product enhancements and/or recommendations when necessary.
• Conduct all types of application testing as needed, such as integration, system, regression, load, and acceptance testing.
• Required Verification and Validation (IV&V) Test and backend applications in IV & V test environment
• Collaborate with business analysts, designers, and system owners in the testing of new software programs and applications.
• Coordinate with software engineers to assist with quality assurance, program logic, and data processing.
• Produce reports and documentation for all testing efforts, results, activities, data, logging, and tracking.
• Communicate test progress, test results, and other relevant information to project stakeholders and management.
• Experience with Testing Automation using Quick Test Professional, including
• Working knowledge of programming languages, and relational database systems, including SQL query development.

Environment: OSD-CIO, Enterprise Engineering Applications Management & Database Services-MOSS 2007, SQL Server 2005, .NET, VMware, -ESX, MS Server-2003, Windows, Infopath-2007, MS Excel, Weblogic-10.3, HP Quality Center (Test Director), Load Runner, Quick Test Pro. Windows XP, Visual Studio .NET