SUMMARY:

• A fully independent and process dependable Information Security Analyst with Five Years of exceptional record of competence and discretion. Adept at communicating with other engineers and clients in a clear and understandable manner. Able to maintain the highest standards of confidentiality in handling and protecting sensitive client information.
• Have knowledge of all stages of informatics systems life cycle.
• Very good understanding of OWASP top ten security framework.
• Detailed reports based on Stride and Dread threat modelling.
• Experienced in identifying potential threats and ensuring security of network systems.
• Strong knowledge of system, network security, log analysis, and intrusion detection technologies.
• Expert in taking quick action on cyber threat intelligence.
• Good knowledge of TCP/IP, firewalls, routers, and network protocols and technologies.
• Excellent communication, organization, and troubleshooting skills.
• Expert in risk assessment, and security audits.
• Ability to solve complex problems in a simple and accurate manner.

AREAS OF CONCENTRATION:

Network and wireless security, Vulnerability scanning, Intrusion Detection/prevention systems, Network penetration testing, Cryptography, Threat modelling, Access control, Configuring Firewalls, Routers and Switches, Endpoint Protection, Subnetting, Routing protocols, Digital incident response, Security policy, Virtualization, Cyber threat analysis and remediation, NIST framework implementation, PCI DSS implementation, Compliance and operational security.

TECHNICAL SKILLS:

Hardware: HP: 1900/1800 Series, IBM P Series / e Servers, RS/6000, IBM Netfinity, SUN, DELL 1950/1850/550

Operating Systems / Virtualization: Windows Server 2012/2008/2003 , Windows 10/8/7, UNIX, LINUX, VM Ware, Vbox

Linux flavors: Red hat Linux, Debian, Ubuntu

Databases: MS Access, SQL Server, DB2

Browsers: Internet Explorer, Chrome, Fire Fox, Netscape Navigator

Information Gathering: Recon: ng, Maltego, DNS map, Dmitry, Harvester

Network Vulnerability Scanners: Nessus, Nexpose, Qualys, Openvas, Sonarcube, sonarlint.

Enumeration: NMAP, snmpwalk

System Hacking: Metasploit, Armitage, Searchsploit, John the Ripper, Beefxss framework

Malware Analysis: PEid, Dependency walker, Malwr

Wireless Penetration Testing: Aircrack: ng, Kismet, Reaver

Intrusion Detection Systems: Snort, Suricata, OSSEC

Intrusion Prevention Systems: OpenWIPS: ng

FIM S: Tripwire, Lynis

Network Monitoring Tools: Solarwinds

Network Analysis: Wireshark, TCPdump

Web Application Analysis: Burpsuite, HP fortify, IBM Security appscan, Acunetix

Load Balancers: F5 Load Balancer, Akamai

Reporting Tools: Dradis, Magictree

Firewalls / Security Tools: WatchGuard, CICSO, PFsense, DD, WRT

EXPERIENCE:

Confidential, Dallas, TX

Information Security Analyst

Responsibilities:

• Conducted open security testing standards and projects, including OWASP secure coding practices and Top Ten testing framework, FISMA, NIST, WASC
• Executed daily vulnerability assessments, threat assessment, mitigation and reporting activities to safeguard information assets and ensure protection has been put in place on the systems.
• Found common web site security issues (XSS, CSRF, session fixation, SQL injection, information leakage, application logic etc.) across various platforms.
• To address and integrate Security in SDLC by following techniques like Threat Modeling, Risk Management, Logging, Penetration Testing, etc.
• Performed wireless pentesting using Aircrack - ng and analyzed the network using Wireshark. Found network vulnerabilities using Nexpose and analyzed web application using HP Fortify.
• Perform Security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services)
• Provided technical review and testing of new technologies such as Enterprise security applications/devices, appliances, mobile devices, mobile applications, etc.
• Packet analysis code written for sniffing the packets and enumerating the keys using Python Scripting.
• Reviewed Splunk tool for detecting and responding to attacks on the network, endpoint devices.
• Used Web Application Firewall (Blue Coat) for application protection and application optimization.
• Supported Information Assurance asset deployments, upgrades, and maintenance; including servers, databases, network assets and wireless LAN security
• Exhibited client facing skills and capability to articulate technical concepts to a variety of technical and non-technical audiences
• Worked independently and within a team environment.
• Monitored Live systems to discover real time threats.
• Demonstrated effectiveness of security controls.
• Examined and evaluated computer software and hardware to uncover access attempts.
• Maintained and tested corporate response plans.
• Make recommendations for mitigating identified risks.
• Authentication and authorization using device Ids and API Keys so that only registered and verified devices can send or receive data.
• Analyzed and reversed engineer codes to discern weaknesses and provided feedback to penetration testingteam.
• Assisted in developing appropriate security measures for system flaw.
• Maintained activities log for each penetration test administered and its outcomes.
• Developed and implemented a key password policy which made it impossible for hackers to break user passwords
• Improved the workings of company system by effectively analyzing security issues and creating and implementing security strategies
• Designed a series of penetration tests as a basis for more advanced testing, resulting in ease of strategic tests development
• Performed the maintenance and security updates in the data center and implemented the Security Information and Event Management(SIEM) for the project. Assess threats, risks, and vulnerabilities from emerging security issues.

Confidential, Hyderabad, TG.

Information Security Analyst

Responsibilities:

• Involved in analyzing test requirements, identifying the risks involved, Reviewing/preparing test strategy, test plan, reviewing test cases for custom implementation projects and enterprise release. source code security analysis for Identified vulnerabilities posing a high risk to the business and communicated them to the appropriate stakeholders for remediation, resulting in improved security posture and increased attack resiliency.
• Setup customer profiles, TPA, security certificates X509, PGP, SFTP, HTTPS(SSL), FTPS, JPMCSSL, Tumbleweed.
• Testing the H2H Custom Implementation Projects.
• Risk Evaluations, Risk mitigation, Change Controls.
• Packets inbound translated flow over Swiftnet and going to CCAP.
• AS2 is used in the DMZ and the inbound goes to NDM.
• Performed white box security assessments to identify the client's strengths and weaknesses in their web applications Major initiatives includes testing intranet application subjected to be exposed to Internet. I used HP Fortify for checking code Vulnerabilities.
• Analyzed HP Fortify results, fixed the code that has defects cross-site scripting XSS, session hijacking, SQL injection, CSRF Cross-Site Request Forgery.
• Experience in Performing secure code review (SCR) of various applications using static code analyzer (SCA) like HP FORTIFY and YASCA.
• Perform attack simulations on company systems and web applications to determine and exploit security flaws.
• Test form factors and technologies based on scopes of work.
• Perform application and infrastructure penetration tests along with physical security reviews
• Define requirements for information security solutions and perform reviews of application designs and source code.
• Implement penetration test tools and use existing ones to handle penetration testing.
• Document and discuss security findings with information technology teams.
• Work on improvements for security services and provide feedback and verification about existing security issues.