SUMMARY

• Professional with around 7 years of progressive experience in IT with extensive experience in Information Security, Application Security, Network Security, Mobile Security, Security Architecture Review, PCI DSS Compliance, Project management and Team building.
• Domain expertise in Telecom, Energy and Utilities, Banking and Financial Services.
• Involved in Secure Software development Life cycle (SDLC) to ensure security controls are in place and performed Application security risk assessment throughout teh SDLC cycle.
• Experience in Threat Modeling during Requirement gathering and Design phases.
• Implementation and review of security controls across SDLC.
• Excellent knowledge CWE, CVE, NIST, OWASP Top 10, WASC threat classification methodologies.
• Experience on vulnerability assessment and penetration testing using various tools like Burpsuite, DirBuster, NMap, Nessus, Kali Linux, Metasploit, OWASP Zap, SQLmap.
• Performed static code Assessment using HP fortify, Checkmarx and identify teh false positives.
• Monitor, Analyze and respond to security incidents in teh infrastructure. Investigate and resolve any security issues found in teh infrastructure according to teh security standards and procedures.
• Perform Vulnerability analysis on all teh workstations in teh organization to identify if they are patched and updated and exploitation of applications, operating systems and networks.
• Penetration testing based on OWASP Top 10.
• Interpreted least privilege for applications and segregation of duties.
• Implemented Azure cloud security and experience in AWS/Azure cloud security administration.
• Deployed in teh cloud and on - premises using Amazon Web Services (AWS) and Single- Server Support.
• Design model and detailed security control framework for all aspects of organization’s Infrastructure (AWS & Azure).

TECHNICAL SKILLS

Penetration Testing: Backtrack, Kali Linux, Metasploit

Application Security: Burp Suit, OWASP-Zap, IBM AppScan, HP-Web inspect, Hp-fortify, Checkmarx, Veracode.

Network Security: Nessus, Nexpose, Metasploit

SIEM: Splunk, Q-Radar

Standards: NIST, OWASP, SANS, SWAT Check List, S-SDLC, PCI-DSS.

Language: Java, JavaScript, HTML, Python, graphQL.

Other Tools: Visual Studios, Eclipse, Soap UI, AWS

Compliance: PCI-DSS, PCI, HIPAA

Web Technologies: Http, HTML, CSS, Database Connection.

PROFESSIONAL EXPERIENCE

Confidential, St. Louis, Missouri

Vulnerability Management Engineer/ Penetration tester

RESPONSIBILITIES:

• Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) using tools like Microfocus WebInspect, Burpsuite, IBM Appscan, OWASP ZAP Proxy etc.
• Identify software vulnerabilities and analyze false-positive by using secure code review tools like Fortify, Checkmarx, etc.
• Understand OWASP Top 10 vulnerabilities, find vulnerabilities in teh web applications due to improper and malicious code written and advise on teh remediation.
• Monitor, Identify and Fix security vulnerabilities in source code of teh application like SQL Injection, Cross-site Scripting, XXE, Command Injection, CSRF etc.
• Perform Threat Modelling as per STRIDE, DREAD models and also perform Secure Architecture Review.
• Perform evaluation of new tools and technologies in application security such as Runtime Application Self Protection (RASP), Interactive Application Security Testing (IAST), etc.

Confidential, Chicago, Illinois

Security Technology Consultant/Architect

RESPONSIBILITIES:

• Create Security patterns, frameworks and libraries dat can be easily incorporated into new & existing applications.
• Collaborated with application architects to understand their goals, objectives and pain points and provide strong solutions to address them securely, effectively and efficiently in security perspective.
• Worked closely with developers on their design with Information Security Architecture, Infrastructure and Technology Risk organizations as needed and recommend solution to reduce security risk and design in terms dat business can understand.
• Actively contribute to Architecture and Design discussions and to teh work of teh group, including:
• Developing and using common development Frameworks like spring security and Patterns. Promoting and leveraging general re-usability and teh use of common services.

Confidential, St. Louis, Missouri

Information Security Analyst

RESPONSIBILITIES:

• Executed application risk profiling and threat modeling during architecture/ design sessions and throughout teh program in all phases.
• Documented output of application risk profiling and threat modelling Provide with security requirements
• Provided ongoing security architecture and design recommendations.
• Cryptography including simplification where possible, including encryption, Hashing, key management, digital certificates, TLS. Secure network design Secure Web design Security policy, Standards, processes.
• Managed Security features/ stories for program, identity and access control.
• Ensure program is using appropriate security tool during SDLC (software development life cycle).
• Evaluate software, on premise and off premise applications and services from a holistic security perspective.
• Consult and advise on risk recommendations related to policy exceptions.
• Review security defects tune static code analysis rules.
• Monitor security defects/vulnerability trends within program, determine root cause and identify methods to remediate.
• Partner with Business operations threat led to drive actions such as reduce vulnerabilities, PCI certification.
• Perform Vulnerability assessment on all teh workstations in teh organization to identify if they are patched and updated.
• Provided security approvals of Change request where applicable (API resource)
• Participated in program cabinet meetings and PI sessions.
• Conducted security assessments of program and north star assessment.
• Implementation and review of security controls across SDLC.
• Apply security enhancements for various cloud and hosted systems, to include Azure, AWS, and make recommendations to management.
• Worked with project teams to ensure dat new systems, applications and processes are implemented securely.
• Provide guidance on security best practices and technical solutions for application design, network configuration, PCI, cryptography, data protection and many other security topics dat arise.

Confidential, Pennsylvania

Application Security Engineer

RESPONSIBILITIES:

• Perform security code review of JAVA, .Net, PHP code using static code analysis tools. e.g., HP Fortify and IBM AppScan. Help team to remediate security issues with sample code.
• Performed static code analysis for client using tools such as Checkmarx.
• Review and validate teh privileged users and groups at Active Directory, Databases and application on a periodic basis.
• Provided teh development team with detailed reports based on teh findings obtained from teh manual and automated testing methodologies, also provide teh necessary remediation’s for individual findings.
• Attended meetings with development team to discuss teh previously submitted reports on teh findings to ensure dat teh fixes are made to those applications.
• Performed a threat analysis on teh new requirements and features.
• Planning, Scheduling, tracking and reporting on manual/automated security testing on teh internet and intranet applications
• Security assessment of online applications to identify teh vulnerabilities in different categories like Input and data Validation, Autantication, Authorization, Auditing & logging.
• Defined teh security program and integrated application security throughout all phases of Software Development Life Cycle (SDLC) from Requirements Gathering to Testing.
• Performed Web Application Security /Penetration Testing in accordance with OWASP standards using manual techniques and also automated tools

Confidential, Denver, CO

Penetration testing/ Security tester

RESPONSIBILITIES:

• Performing manual application security testing on teh everyday changes carried out in teh application.
• Used various Firefox add-ons like Flag fox, Live HTTP Header, Tamper data to perform teh pen test.
• Scan Networks, Servers, and other resources to validate compliance andsecurityissues using numerous tools.
• Port scan servers using NMAP and closes all unnecessary ports to reduce teh attack surface.
• Performing Server Hardening Audits which includes OS, Database, and Web Servers
• Developed Hardening scripts for Linux OS, Apache Web server and Oracle database.
• Conduct penetrationtestingusing automated tools such as Paros Proxy, WebInspect, Traffic Viewer, TCP Dump etc.
• Experience in using Kali Linux to do webapplicationassessment with tools like Dirbuster, Nikto, and Nmap
• Leading teh online application team in reporting teh issues and taking them to closure
• Performing static code reviews with teh help of automation tools
• Performing a threat analysis on teh new requirements and features
• Review of firewall rules and policies in web proxy.
• Highlight teh user access and privileged user access risks to teh organization and providing teh remediation plan.

Confidential

Software Developer

RESPONSIBILITIES:

• Maintaining constant communications with Business Analyst and Business Users to identify information needs as per business requirements
• Usage of Spring as middle tier application framework, persistence strategy using spring support Hibernate
• Used struts validator framework for client side and server-side validation and implemented dynamic loading of JSP’s
• Deployment of teh application on IBM WebSphere Application server
• Worked with production support team in debugging and fixing various production issues
• Preparation of high- and low-level design documents for teh business modules for future references and updates, Worked on DB2, Utilization of Waterfall model.