SUMMARY:

• 6+ years of experience in IT industry as web Application Security professional. Specialized in information technology assurance, web application security, application security controls and validation, regulatory compliance and Secure Software Development Life Cycle (Secure SDLC).
• Experience in Developing and Implementing of Information Security Policies and Guidelines as per OWASP (Open Web application Projects), SANS Secure Coding guidelines
• Hands on Experience on vulnerability assessment and penetration testing using various tools like Burp Suite, Fiddler, ZAP Proxy, SQL map, HP Web Inspect and IBM App Scan, checkmarx, HP fortify.
• Having experience in identifying SQL Injection, Script Injection, XSS, Phishing and CSRF attacks.
• Involved in Secure Software Development Life Cycle (secure SDLC) process.
• Possesses substantial understanding and experience on the SSDLC, which has been effectively translated across many consulting engagements.
• Hands - on with DAST, SAST and manual ethical hacking.
• Production - planning the production run, including redesigning machine tools, equipment, and processes to make new parts, monitoring costs, and production schedules, and overseeing quality control
• Critical thinking ability sufficient for diagnosis of systems failures
• Interpersonal abilities sufficient to interact with customers, supervisors, and fellow employees from a variety of social, emotional, cultural, and intellectual backgrounds
• Remain continuously on task for several hours while standing, sitting, moving, lifting, bending, and/or working in awkward positions.
• Ability to focus and concentrate on diagnostic, repair, and maintenance tasks requiring electrical and technological skills.
• Troubleshooting, evaluation of logs, and captured test fleet issues with ITIL guidance.

AREAS OF EXPERTISE:

• Information Security
• Compliance
• Audit
• Data Loss Prevention
• BCP/Disaster Recovery
• Vulnerability Assessments

PROFESSIONAL EXPERIENCE:

Confidential, Franklin lakes, NJ

Security Engineer / Cyber Security

Role & Responsibilities:

• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality Environment: ASP, Kali Linux, Nessus, Nmap, Metasploit, HPfortify, HPwebinspect.
• Worked on SQL Injection protection, XSS protection, script injection and major hacking protection techniques.
• To address and integrate Security in SDLC by following techniques like Threat Modeling, Risk Management, Logging, Penetration Testing, etc
• Hands-on experience on OWASP -Top 10 for Web applications.
• Expertise knowledge in Penetration Testing, DAST, SAST and manual ethical hacking.
• Experienced in System Support and Linux Platforms focusing on Information Security .
• Working Knowledge of Secure Software Development Life Cycle SSDLC .
• Have a good understanding of Web Application based attacks to include Denial-of-service attacks, MITM attacks, Local file inclusion(LFI), Remote file inclusion(RFI) and Buffer overflow.
• Experience in conducting IT Security Risk Assessments in accordance to NIST and FFIEC framework.
• Performed security design and architecture reviews for web and mobile applications . knowledge of AWS Cloud Security in implementing Web Application Firewalls (WAF).
• Created a penetration testing guide based on OWASP testing guide, on new environments searching for security vulnerabilities including XSS, SQL injections, buffer overflows, Broken Authentication Management, Function Level Access Controls and others.

Confidential, P hiladelphia, PA

Security Engineer / Cyber Security

Role & Responsibilities:

• Worked on Identity and Access Management controls to authenticate the users based on their roles in the organization.
• Developed a security awareness training document for the employees.
• Reviewed and assessed IT applications to mitigate risks associated with the security response plans.
• Streamlined Security Control policies for applications and website using NIST .
• Developed end user security access rules and profiles across multiple systems and platforms.
• Developed and maintain documentation for security systems, procedures and security diagrams.
• Worked with stakeholders to establish and remediation policies, practices and implementation.
• Skilled using Burp Suite, IBM App Scan, N-Map, ZAP.
• Conducted Vulnerability Assessment (DAST and SAST) of Web and Mobile (iOS and Android Applications, including third party applications. The tools IBM AppScan, ZAProxy, BurpSuite Pro SecureAssist, HPE Fortify Web Inspect, CheckMarx, Qradar, Fortify, WAS. Have been utilized for scanning the applications.
• Evaluating organization's SDLC and identifying gaps or missing security related tasks and activities and making recommendations. Assist to integrate secure SDLC into functional model.
• Conducted IT security risk assessments including, threat analysis and threat modeling (STRIDE, DREAD).
• Specialize in Security Trainings Solutions- OWASP Top 10 and SANS 25.
• Hands on experience in planning and conducting security risk assessment and vulnerability analysis.
• Expert in performing risk assessment and providing recommendations for improvements in policies and standards.
• Skilled in analyzing application security, performing security design review, identifying application vulnerability and providing vulnerability remediation.
• Experience with Identity and Access Management (IAM) and development of user roles and policies for user access management.
• Analyzed correlation rules developed for Security Incident and Event Management (SIEM) system. Reviewed the solution implemented for "log forwarding" from various network devices to ArcSight central logging for alerting and security monitoring.
• Assisting customer in understanding risk and threat level associated with vulnerability so that customer may or may not accept risk with respect to business criticality
• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality for remediation.
• Assisting in review of solution architectures from security point of view which helps avoiding security related issues/threats at the early stage of project
• Ensuring compliance with legal and regulatory requirements.

Confidential, OH

Security Engineer

Responsibilities:

• Responsible for developing information security risk identification, classification, triaging and mitigation.
• Worked with the enterprise architecture team, Security Governance, and Policy team.
• Good understanding of administering and implementing SIEM, DLP, Web sense, Advance malware detection program, vulnerability assessment, and prevention,
• Worked on PCI, SOX and HIPPA security baseline support and as Information Security Professional.
• Executes the PCI Data Security Standards (PCI DSS) assessments for all controls, including communication of key milestones, gap remediation consulting/tracking, and guidance on compensating controls.
• Participate in risk assessment and perform walkthrough procedures and control testing.
• Participate in a risk advisory role on company initiatives or information systems projects to ensure proactive identification of relevant risks.
• Deliver reporting and metrics to inform management of risk and status.
• Worked directly with various teams to document exceptions, identify compensating controls, and remediation action plans accordingly.
• Perform compliance analysis to identify noncompliance areas with respect to OMB guidance, NIST publications, and FISMA.
• Expertise in Gathering and analyzing metrics, key risk indicators and maintain scorecards defined within the area of information security to ensure our information security program is performing effectively and efficiently.
• Familiar with general security risk management principals and best practices.
• Supported and helped mature the security risk management program. Familiar with general Governance, Risk and Compliance (GRC) programs with specific knowledge of vendor risk and policy management.
• General knowledge in the areas of IT management, acquisition and maintenance of systems, system operations and Information security control activity.
• Knowledge and experience in standard security and regulatory frameworks including ISO … NIST, HITRUST CSF and PCI DSS.
• Worked on Fireeye for Management Systems and for Threat Intelligence.
• Experienced in the design and deployment of Palo Alto, Sourcefire, Checkpoint Firewalls & Blue Coat Proxy.
• Knowledge in planning, design, implementing and troubleshooting, complex networks and advanced technologies.
• Familiarity with vulnerability assessment and penetration best practices.
• Experience with vulnerability and penetration testing techniques.
• Worked on PCI, SOX and HIPPA security baseline support and as Information Security Professional.