SUMMARY:

• Astute Information Security Professional with 13 years of experience spanning across Information Technology with last 8+ years in Application Security domain. Currently in a Technical Test Lead role in Confidential Limited, formulating application security planning, testing for enterprise applications against OWASP, NIST, PCI DSS, HIPPA, ISO/IEC270001 and other compliance standards, integrating Security in the DevSecOps pipeline, Technical competence for the organization to achieve competitive advantage and sustainable growth.
• Performed Architecture Review, Secure Code Review, Vulnerability Assessment, Penetration Testing of Web and Mobile Applications and Infrastructure Security Assessments in multiple industry domains.
• Led cross - discipline, multi-cultural, geographically distributed security consultant teams. Skilled in end-to-end security project management, stakeholder management, mitigating security project related risks, and ensuring timely delivery. Developed human capital by counseling and coaching; provided technical input and guidance to the staffing process; actively participated in recruitment and retention activities.
• Leading multi-cultural, international penetration testing team
• Co-ordinated geographically distributed security teams
• End-to-end security project management
• Liaising with Business and Technical stakeholders
• Formulating the shift left approach by integrating Security in DevSecOps pipeline to fully automated ‘path to Production’ pipeline
• Web Application Security (Secure code review, Vulnerability assessment, Penetration testing)
• Mobile Application Security (Secure code review and Penetration testing)
• Infrastructure security testing (Vulnerability assessment, Penetration testing - VA, PT)
• Third Party security controls and Risk Assessment
• Integration of Static and Dynamic Testing tools in Continuous Integration, Continuous Development(CICD) and Continuous Testing pipeline with TFS/SVN/GitHub, Jenkins with continuous vulnerability management
• Database Security and Monitoring
• Implementation and testing Enterprise Data Loss Prevention (DLP) policies for any security breach via SkyHigh CASB
• Worked extensively on Security Testing Life Cycle and Secure SDLC
• Expertise in security defect triage, consultation with development team, and other stakeholders
• Good documentation skills - estimation, test plan, security test result report, and test completion report
• Excellent verbal and written communication

TECHNICAL SKILLS:

Others: IBM AppScan, HP Web Inspect, HP Fortify, Checkmarx, Qualysguard, Veracode, Cenzic Hailstorm, Acunetix, Armorize Code Secure, Burp Suite Pro, ZAP Proxy, Nmap, Nessus, Wireshark, Kali tools, Microsoft Threat Modeling tool, Tamper IE, Paros, Fiddler, other application penetration tools

Cloud Security Tools: - McAfee SkyHigh CASB

DataBase Security Tools: - IBM Guardium

Functional Automation Tools: - Selenium, QTP

Development experience: Microsoft world (VB, VB.net, ASP.net, C#, Visual Studio, HTML) Java world (Java, Javascript)

Other Programming Languages: (C, C++)

PROFESSIONAL EXPERIENCE:

Confidential, Naperville, Ilinois

Information Security Test Manager

• Working as Information Security Test Manager handling multiple security and infrastructure projects strategizing the security test plans whilst driving end - to-end test coordination among cross testing and product teams, thus ensuring successful project implementation, test signoff and completion.

Confidential, Atlanta, Georgia

Security Test Lead

Responsibilities:

• Security practice gap analysis
• Security requirement analysis
• Tool Configuration
• Penetration testing
• DLP Policy Configuration and Testing
• Application release level security service delivery strategy
• Highlighting the risks to the Project team and Suntrust Cyber Security team
• Client stakeholder management
• Security staff planning

Tools: Used: HP Web Inspect Enterprise, Burp Suite, and other free security testing utilities, HP ALM, Rally

Confidential

Technical Test Lead

Responsibilities:

• Test Strategy
• Threat modeling and Penetration testing
• Review of security deliverables
• Co-coordinating with other vendor and testing streams
• Resource onboarding
• Leading entire offshore team of 6 people

Tools: Used: Architecture Track: Microsoft’s Threat Modeling tool

Confidential

Service Delivery Manager

Responsibilities:

• Acting as PMO and coordinated with different regional coordinators and providing consulting to them
• Develop a mature security testing project tracking system
• Provided technical support to the region by scheduling vulnerability scans on demand
• Collaboration with Information Security Group to maintain and improve IS Security Policies to respond appropriately to fast evolving and new emerging threats
• Leading implementation and enforcement of IS Security polices and Vulnerability management process across the company
• Coordinating with the Integrated Security Centre(ISC) Group and SIEM teams in investigating the events generated from IDS/IPS systems and vulnerability scanning
• Security testing initial triage and analysis
• Setting up process to regularly identify unknown client’s Web application available on Internet
• Establishing and coordinating regular security scanning activities to ensure new vulnerabilities are regularly identified and remediation is in place
• Preparation of security test plan
• Pre-planning for security test execution
• Secure Code Review (J2EE, .Net, Python)
• Penetration testing (Web)
• Conducting defect triage discussions with relevant stakeholders
• Preparation of test completion report and get sign-off from relevant stakeholders
• Performing security testing closure

Tools: Used: Web Track: Burp Suite Pro, HP Fortify, QualysGuard Vulnerability Scanner, Paros Proxy, Fiddler and other open source tools

Confidential

Security Test Analyst

Responsibilities:

• Co-coordinating with the development team to understand the application’s entry points for penetration testing
• Defining the Test plan with high level test scenarios for each application under test
• Periodic execution of security scans
• Guiding the team technically with remediation techniques
• Awareness sessions for Developers on the Application security and providing application security best practice

Tools: Used: Web Track: Cenzic Hailstorm Vulnerability Scanner, IBM Appscan Source Edition, IBM Appscan Standard Edition, Burpsuite Pro

Confidential

Security Test Analyst

Responsibilities:

• Liaising with functional testing team to understand application workflow
• Performed security scans of web components and web services
• Providing scan report with the findings, their severity and remediation techniques to development team

Tools: Used: Scanning Tools: Burpsuite Pro, Tamper IE, SoapUI

Confidential

Security Test Analyst

Responsibilities:

• Performed source code review of the applications
• Validating the application’s adherence to the PCI DSS standards 2.0
• Analysis of the scan findings and shared the final report with project team
• Providing scan report with the findings, their severity and remediation techniques to project team

Tools: Used:Scanning Tools: HP Fortify

Confidential

Security Test Analyst

Responsibilities:

• Perform source code review and penetration testing of the Avon web applications via HP Fortify and Burp suite
• Manual analysis of findings, False positive elimination
• Providing scan report covering the vulnerabilities, their severity and remediation techniques to development team

Tools: Used: Scanning Tools: HP Fortify, Burpsuite Pro, Tamper IE, SoapUI

Confidential

Functional Test Lead

Responsibilities:

• Understanding the requirements and collaborating in the Requirement Specification activity
• Preparing the Test Plan
• Preparation of testing estimate
• Leading the team of 3 resources
• Test automation for complex business workflows using Selenium
• Test script creation and execution
• Reviewing and prioritizing the discovered defects
• Providing regular updates on the defects
• File the defects in defect management system
• Providing final testing results report
• Functional Testing closure

Tools: Selenium IDE, HP ALM

Confidential

Senior System Engineer

Responsibilities:

• Co-ordination with the feed source systems on the timely arrival of feed files
• Scheduling the jobs for executing the DTS packages
• Troubleshooting the DTS package failures, feed files error, as and when needed
• Reporting the progress of DTS jobs execution on daily basis to the BT customers
• Creating new and modifying existing DTS packages for the change requests
• Testing the new DTS packages before moving to production
• Analysis of faults/BOSS requests raised by BT customers for anomalies in the data

Tools: Used:SQL Server 2000, Visual Studio 2005

Confidential

Technical Test Lead (Application Security)

Responsibilities:

• Lead Offshore Security Team single handedly from Onshore
• Define Enterprise Security Process, Methodology and Architecture review
• Collaborate with the Enterprise’s Cyber Security team and help defining Information Security policies
• Take up application security client engagements
• Develop technical competence