Pen Tester Resume
4.00/5 (Submit Your Rating)
New York, NY
SUMMARY
- Penetration tester with over 5 years of experience in the creation and deployment of solutions protecting applications, networks, systems and information assets for diverse companies and organizations.
- Highly skilled in installing, testing, maintaining and designing advance secure network solutions
- Experience as an Information Security Analyst, involved in Confidential Top 10 based Vulnerability Assessment of various internet facing point of sale web applications and Web services.
- Skilled in identifying the business requirements for information security as well as regulations of information security
- Experience on vulnerability assessment and penetration testing using various tools like BurpSuite, DirBuster, Confidential ZAP Proxy, NMap, Nessus, Kali Linux, and Metasploit.
- Developed, implemented and enforced security policies through experience, in - depth knowledge of security software, and asking the customer the right questions
- An enthusiastic team player who embodies a strong work ethic and a leader who utilizes complex problem solving skills for incident analysis.
- As a Security Consultant involved in enhancing the security stature of the project by initiatives like Threat Modelling, Security awareness sessions, Dormant & Never Logged IDs clean-up.
- Technical business expert employing tremendous Information Security Audit, Strategy and Risk Management Techniques.
- Excellent communication, analytical, troubleshooting, customer service and problem solving skills; excels in mission-critical environments requiring advanced decision-making.
- Certified as an Ethical Hacker.
TECHNICAL SKILLS
Vulnerability Assessment Tools: Burp Suite, Dirbuster, Confidential ZAP Proxy, NMap, Nessus, Kali Linux,Metasploit,Accunetix
Languages: C, C++, JAVA, C#.
Technologies: HTML, CSS, XML, JavaScript.
Operating System: Windows, Linux, Mac OSX
RDBMS: Oracle, MySQL
PROFESSIONAL EXPERIENCE
Confidential, New York, NY
Pen Tester
Responsibilities:
- Schedule the pen test for the whole year, also make sure that all the applications are covered in the schedule and completed in the time frame.
- Perform risk assessments to ensure corporate compliance
- Provide oral briefings to leadership and technical staff, as necessary.
- Provide the report and explain the issues to the development team
- Using various Firefox add-ons like Flag fox, Live HTTP Header, Tamper data to perform the pen test
- Provide remediation steps to the team and follow up
- Retest the fixed issues and ensure the closure
- Performed Vulnerability Assessments and Data Classification
- Conducted onsite penetration tests from an insider threat perspective
- Involve actively in the release management process to ensure all the changes of the application had gone to security assessment.
- Burp suite, Dirbuster, HP Fortify NMap tools on daily basis to complete the assessments
- Perform Secure code review of the code base
- Validate the false positives and report the issues
- Diagnosed and troubleshot UNIX and Windows processing problems and applied solutions to increase client security.
- Advised on secure data deletion and equipment sanitization, decommissioning. And reuse guidelines for high security environments.
- Regularly performed research to identify potential vulnerabilities in and threats to existing technologies, and provided timely, clear, technically accurate notification to management of the risk potential and options for remediation.
Confidential, Iowa city, IA
Security Engineer
Responsibilities:
- Black box pen testing on internet and intranet facing applications
- Explanation of the security requirements to the design team in initial stages of SDLC to minimize the efforts to rework on issues identified during penetration tests
- Perform peer reviews of Security Assessment Reports
- Perform threat modelling of the applications to identify the threats.
- Confidential Top 10 Issues identifications like SQLi, CSRF, XSS
- Training the development team on the secure coding practices
- Using various add on in Mozilla to assess the application like Wappalyzer, Flagfox, Live HTTP Header, cookie manager, Tamper data.
- Providing details of the issues identified and the remediation plan to the stake holders
- Verified the existing controls for least previlage, seperation of duties and job rotation.
- Involved in a major merger activity of the company and provided insights in separation of different client data and securing PII
- Identification of different vulnerabilities of applications by using proxies like Burpsuite to validate the server side validations
- Execute and craft different payloads to attack the system to execute XSS and different attacks
- SQLMap to dump the database data to the local folder
- Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, encryption, Privilege escalations
Confidential, Redmond, WA
Security researcher
Responsibilities:
- Preparation of security testing checklist to the company.
- Developed ontological and heuristic behavior frameworks for incident investigation and response.
- Many of my findings were implemented into a leading security platform.
- Finding security deficiencies in applications, networks or people or processes
- Ensure all the controls are covered in the checklist
- Managing and prioritizing multiple tasks in accordance with high level objectives
- Perform pen tests on different application a week
- Metasploit to exploit the systems
- Updating of the checklist on weekly basis to ensure all the test cases are up to date as per the attacks happening in the market
- Creation of secure virtualized lab for exploit creation, malware distribution analysis and security product testing
- Information gathering of the application using websites like Shodan, ReverseDNS, Hackertarget.com
- Using various Firefox add-ons like Flag fox, Wappalyzer, Live HTTP Header, Tamper data to perform the pen test
- Network scanning using tools like NMap and Nessus
- Initiative to stream line the access control mechanism of various applications