PROFESSIONAL SUMMARY:

• Over 8+ years of experience as Security Engineer in various domains such as
• Web Application security testing, Vulnerability Assessment, penetration testing and generating reports using tools
• Hands on Experience working with LAN and WAN topologies, TCP/IP protocol, routers, switches, and firewalls in Internet, Intranet and Extranet environments.
• Background/understanding of software development lifecycle.
• Excellent knowledge in OWASP Top 10 2010, and WASC THREAT CLASSIFICATION 2.0 methodologies.
• Experience on Virtual Private Network (VPN) for operating Network and Data Center.
• Installing and configuring servers, configure hardware, services, settings, directories, storage, in accordance with standards and operational requirements.
• Proficient in Linux operating system configuration, utilities and programming
• Broad knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support.
• Managed the cycle of project continuity, reviewed the technical work of team, and ensured the quality of service deliverables.
• Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws etc.
• Worked on windows server administration activities.
• Experience using a wide variety of security tools to include Kali - Linux, Wireshark, Lophtcrack, Snort, Cain and Abel, Nitko, Dirbuster, IBM App scan, Nessus, Open Vas, W3AF, BeEF, Etthercap, Maltego,Experience with scheduling firewall policy provisioning and user interaction to identify connectivity related issues.
• Experience in different web application security testing tools like Acunetix, Metasploit, Burp Suite, Sqlmap, OWASP ZAP Proxy, Nessus, Nmap and HP Fortify.
• Sound knowledge and industry experience in Vulnerability Assessment and
• Penetration Testing on WEB based Applications, Mobile based application and Infrastructure penetration testing.
• Extensive experience working with Qualys Guard to conduct Network Security assessments.
• Good Experience in exploiting the recognized vulnerabilities.
• Experience in Threat Modeling during Requirement gathering and Design phases.
• Experience with Internet/Intranet Networking Protocols and Services.
• Worked as a key member in streamlining security processes, design and implement efficient security solutions achieving security efficiency.
• Excellent team player, enthusiastic initiator, and ability to learn the fundamental concepts effectively and efficiently.
• Performed software Licensing audit.
• Experienced in Web Application Firewall developing the signatures.
• Conducted presentations to clients projecting the security services offered by the firm.
• Having good experience in Secure SDLC and Source Code Analysis (Manual & Tools) on WEB based Applications.

TECHNICAL SKILLS:

Vulnerability Testing: Tenable Nessus, NMAP, Qualys Guard

Application Security: Websense, IBM Rational AppScan, Burp Suite, Paros, HPWeb Inspect, SQLmap, Nikto, Metasploit, Kali Linux.

SIEM Tools: TSIEM, Arc Sight

Penetration Testing: Wireshark,Metasploit Framework

Languages & Databases: HTML,Javascript,PHP, SQL

Network Enumeration: Maltego, Google Hacking, DNS, SMB, LDAP.

Port/Vulnerability Scanning: Nmap/Nmap Scripting Engine (NSE), Netcat, Nessus

Sniffing/ManintheMiddle: Wireshark, Ettercap, Cain

Web Application Vulnerability Scanning:, Nessus, OpenVas, Vega, Acunetix, HP Web inspect, IBM AppScan.

Server/ClientSide Exploitation: Metasploit, Social Engineering Toolkit (SET).

Password Cracking: Hydra, Rainbow Crack, 0phcrack, John the Ripper, Pyrit

Web Application: Manual SQL Injection, Manual Cross Site Scritping(XSS), Cross site request forgery(CSRF), SQLmap

Debuggers: Ollydbg, WinDBG.

Wireless: Aircrack-NG Suite and Kismet

PROFESSIONAL EXPERIENCE:

Confidential, Houston, TX

Security Engineer

Responsibilities:

• Extensive Interaction with Onsite Coordinator in understanding the business issues, requirements, doing exhaustive analysis and providing end-to-end solutions.
• Conducting Web Application Vulnerability Assessment & Threat Modelling, Gap Analysis, secure code review on the applications.
• Doing multiple level of testing before production to ensure smooth deployment cycle.
• Performed vulnerability testing using tools such as Nessus and Qualysguard.
• Maintains network performance by performing network monitoring and analysis, and performance tuning, trouble shooting network problems. Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Dirbuster, Qualysguard, Nessus, SQLMap for web application penetration tests and infrastructure testing.
• Application Security Review of all the impacted and non-impacted issues.
• Providing KT to Development team for better understanding of Vulnerabilities.
• Other Adhoc Activities like monthly and weekly report creations. Scheduling meeting with different application teams for understanding future pipelines for applications.
• Implemented remote VPN access allowing users to use their active directory credentials to authenticate using Microsoft internet authentication server using RADIUS protocol.
• Assisting customer in understanding risk and threat level associated with vulnerability so that customer may or may not accept risk with respect to business criticality.
• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.
• Scanned web and mobile applications prior to deployment using AppScan to identify security vulnerabilities and generated reports and fix recommendations.
• Daily monitoring the systems, systems and key processes, reviewing system and application logs, and verifying completion of scheduled jobs such as backups
• Assisting in review of business solution architectures from security point of view which helps avoiding security related issues/threats at the early stage of project
• Ensuring compliance with legal and regulatory requirements
• Security monitoring to identify any possible intrusions.

Confidential, Coralville, IA

Security Engineer

Responsibilities:

• Established vulnerability assessment practice, proactively ensuring safety of client-facing applications and minimizing client audit findings.
• Performing security analysis and identifying possible vulnerabilities in the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities.
• Installation, Configuration and Troubleshooting of Check Point Security Gateways.
• Adding and removing checkpoint firewall policies based on the requirements of various projects.
• Using Network monitoring tools to ensure network connectivity and Protocol analysis tools to assess and pinpoint networking issues causing service disruption.
• Having real time experience in DDos, Sql Injection protection, XSS protection, script injection and major hacking protection techniques
• To address and integrate Security in SDLC by following techniques like Threat Modeling, Risk Management, Logging, Penetration Testing, etc.
• Providing fixes & filtering false findings for the vulnerabilities reported in the scan reports. Adding new vulnerabilities to the Vulnerability Database for various platforms with proper exploits.
• Scan Networks, Servers, and other resources to validate compliance and security issues using numerous tools
• Conducted periodic scans and on demand scan as and when new network devices are introduced or configurations are updated in the windows servers with Qualys Guard.
• Assisting in preparation of plans to review software components through source code review or application security review
• Assist developers in remediating issues with Security Assessments with respect to OWASP standards.

Confidential

Jr.Security Engineer

Responsibilities:

• Perform threat modelling of the applications to identify the threats.
• Identify issues in the web applications in various categories like Cryptography, Exception Management.
• Worked on installation, configuration, and administration and troubleshooting of LAN/WAN infrastructure.
• Risk assessment on the application by identifying the issues and prioritizing the issues based on risk level.
• In the team, main focus of work was to audit the application prior moving to production.
• Explanation of the security requirements to the design team in initial stages of SDLC to minimize the efforts to rework on issues identified during penetration tests.
• Providing remediation to the developers based on the issues identified.
• Revalidate the issues to ensure the closure of the vulnerabilities.
• Verify if the application has implemented the basic security mechanisms like Job rotation, Privilege escalations, Lease Privilege and Defense in depth.
• Using various add on in Mozilla to assess the application like Wappalyzer, Flagfox, Live HTTP Header, Tamper data.