TECHNICAL SKILLS:

Network Security: Confidential DLP, Checkpoint, Palo Alto, Netcat, Tenable Nesses Security Center, Openvas, Cisco IDS/IPS, Confidential Endpoint Protection, Anti - virus.

Password Cracking: Hydra, Rainbow Crack, 0phcrack, John the Ripper, Pyrit.

Security Tools/Frameworks: Metasploit Pro, AppDetect, AppRador, Oracle IdentityManager, Oracle Access Manager, JHijack, OAuth 2.0, SAML, ZED attack proxy, SQLMAP, Wireshark, WebScarab, Paros, Nmap, BMC BladeLogic, Tenable Confidential, Rapid7 Nexpose, Tripwire, Confidential DLP, DBProtect, Confidential ArcSight SIEM, DBProtect, e-DMZ Password Auto Repository (PAR), Varonis.

DAST and SAST Security: Confidential AppScan Enterprise, Standard & Source editions, Confidential WebInspect, Fortify SCA, Checkmarx, QualysGuard, BurpSuite Pro, Acunetix, OWASP Zaproxy.

Cloud Security: Amazon Web Services and MS Azure.

Middleware: TIBCO EMS, Confidential WebSphere MQ, JMS.

Continuous Integration (CI) and Continuous Delivery (CI/CD) Pipeline: Jenkins, Maven, ANT, Gradle, RTC, GitHub.

Databases: Oracle, MS SQL Server, DB2, MySQL.

Operating Systems: Oracle Solaris UNIX, RedHat Linux, Kali Linux, Ubuntu.

Servers: Weblogic Server, iPlanet, Linux, Windows Server 2008/2012, Netscape Application Server

Languages: Java, Python, C/C++, C#.NET, Perl, Struts2, Spring Framework, Servlets, JavaServerPages (JSPs), JMS, Java, UML. Mail API, JNDI, LDAP, JDBC, JTS, RMI, AWT, Swing, Socket Programming, IONA Orbix CORBA.

Scripting Languages: Python, Powershell, AngularJS, XML, XSLT, XPath, HTML/JavaScript/JQuery.

PROFESSIONAL EXPERIENCE:

Confidential, Herndon, VA

Lead Security Engineer

Responsibilities:

• Designed, documented and executed maintenance procedures, including system upgrades, patch management and system backups.
• Specifically, security testing has been performed to identify XML External Entity (XXE), Cross-Site Scripting, ClickJacking, and SQL Injection related attacks within the code.
• Developed threat modeling framework (STRIDE, Confidential ) for critical applications to identify potential threats during the design phase of applications.
• Implemented file system security by applying hashing techniques for protecting data stored in files on the file servers.
• Implemented Confidential AppScan standard, source editions, Confidential WebInspect, Whitehat Sentinel, Confidential, and QualysGuard web application scanners. In addition, the security tools Metasploit and BurpSuite were utilized for manual penetration testing.
• Administered PKI, cryptography, certificate management and implemented dual keys to address segregation of duties issue between DBAs and security admins.
• Participated in the development of IT risk assessments for enterprise applications.
• Reviewed source code (Java/J2EE/C#/.NET/Spring/FTL/JavaScript) and identified security vulnerabilities.
• Implemented Network Security Groups ( Confidential ) to control network traffic to various Azure network resources. Created Confidential rules (inbound and outbound) and prioritized the rules based on the requirements. Associated Confidential to VMs, NICs, and subnets based on the deployment model.
• Validated database security for SQL servers deployed in Azure Cloud environment. Implemented Integrated Windows authentication supported by Azure Active Directory.
• Enabled threat detection for databases in the Azure portal. The security alerts generated in the Azure Security Center have been reviewed and remediated.
• Troubleshooted and resolved web application issues escalated from customer support and other departments with a 100% success rate.
• Monitored security events, investigate the root cause to identify their impact and develop prevention strategy for remediating the security issues. Responded to security events and worked with the respective teams for resolution.
• Implemented Multifactor Authentication (MFA) for AWS root accounts, including password rotation policies. Set up Access Keys and Secret Assess Keys for newly created users.
• Develop security requirements for applications and infrastructure deployed in the Cloud. Ensured that Cloud security best practices have been followed.
• Configured AWS Simple Storage Service (S3) to securely store the organization’s critical file systems. Implemented Access Control Lists (ACLs) and Bucket Policies for controlling access to the data.
• Implemented Security Group Policies for Elastic Compute Cloud (EC2) instances within AWS. Developed AWS Service Roles to protect Identity Provider access.
• Configured Gemalto ProtectDB to enable column level encryption for securing confidential customer data.
• Designed security architecture for web and mobile apps.
• Conducted security assessments to ensure compliance to firm's security standards (i.e., OWASP Top 10, SANS25).
• The NIST framework has been utilized for IT risk assessments.
• Rolled out Confidential AppScan products such as AppScan Enterprise (ASE), Standard, Source, Checkmarx, Developer plug-ins to various development teams across the business lines.
• Implemented Identity and Access Management ( IAM) solutions across the organization for various business applications.
• Prepared technical architecture proposals for enhancements and integration of existing third party software systems.
• Conducted monthly developer workshops to educate and train developers on secureSDLC, scan source code using Confidential, Confidential and resolve the security vulnerabilities.
• Working knowledge of AWS Cloud Security in implementing IAAS, PAAS and SAAS based applications.
• Implemented Continuous Integration (CI) and Continuous Delivery (CD) pipelines for automating the security scanning process. Developed build scripts as part of DevSecOps to automate CI/CD. The tools such as Jenkins, Maven, ANT, Gradle have been utilized.
• Implemented Multifactor Authentication (MFA) for AWS root accounts, including password rotation policies.
• Performed the configuration of security solutions like RSA two factor authentication, Single Sign on (SSO), Confidential Vontu DLP and log aggregation and analysis using Confidential ArcSight SIEM.
• Set up Access Keys and Secret Assess Keys for newly created users.
• Developed WACLS for AWS Web Application Firewalls (WAF) and configured the rules and conditions to detect security vulnerabilities in the Cloud Front.
• Doing multiple level of testing before production to ensure smooth deployment cycle.
• Performed vulnerability testing using tools such as Tenable Confidential Security Center and Qualysguard.
• Implemented Active Directory Federation Services in Windows-Linux client server PKI environment.
• Issued SSL certificate for intranet / internet / web applications using Active Directory Certificate Services (ADCS) in MS Windows Servers- 2003, 2008 / 2008 R2, 2012, 2016 and MS Azure.
• Configured users computers and organization units using Active Directory domains and users in MS Server Manager.
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Dirbuster, Qualysguard, Confidential, SQLMap for web application penetration tests and infrastructure testing.
• Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, cryptographic attacks, authentication flaws etc.

Confidential, Jersey City, NJ

Sr. Security Engineer

Responsibilities:

• Performed the penetration testing of mobile (Android and iOS) applications, specifically, APK reverse engineering, traffic analysis and manipulation, dynamic runtime analysis.
• Developed secureSDLC policies and standards for Web and Mobile apps.
• Working knowledge of SSO implementation for the applications deployed in AWS cloud platform.
• Implemented security controls in accordance to NIST, CIS Benchmarks, Confidential, ISO 27001 Frameworks.
• Developed Information Assurance (IA) designs to meet specific operational needs and environmental factors
• Participated in the implementation of AWS Cloud security for applications being deployed in the Cloud.
• Implemented Azure Key Vault for storing secrets.
• Developed security controls for implementing Azure storage security. The Confidential with Confidential has been implemented for securing the storage account.
• The data transmission between applications and Azure has been secured by client-side encryption, HTTPS, SMB3.0.
• Azure disk encryption has been implemented for encrypting OS and data disks.
• Developed WACLS and configured to rules and conditions to detect security vulnerabilities in the AWS Cloud Front.
• Implemented OAuth2.0 and SAML authorization frameworks for granting permissions by third party Identify Providers.
• Participated in the implementation of AWS Cloud security for applications being deployed in the Cloud.
• Developed WACLS for AWS Web Application Firewalls (WAF) and configured the rules and conditions to detect security vulnerabilities in the Cloud Front.
• Participated in the implementation of data tokenization in various environments to ensure compliance to regulations.
• Developed AWS Security Groups to control traffic to various instances in the Cloud.
• Experience with SaaS applications in configuring and deploying to the cloud platform Worked with DevOps teams to automate security scanning into the build process.
• Worked extensively with software development teams to review the source code, Confidential the security vulnerabilities generated by, Confidential WebInspect, Confidential Fortify, Checkmarx and eliminated false positives.
• Reviewed Android and iOS mobile source code manually and recommended code Confidential .
• Participated in the Proof of Concept (POC) in implementing Arxan application protection software for Mobile apps.
• Performed Root Cause Analysis for the incidents reported at Security Operations Center.
• Performed Security event monitoring of heterogeneous networks such as Firewalls, IDS/IPS, Cisco ASA, DLP devices using Splunk.
• Solved many problems on call with my knowledge on the applications using event logs on the system / server and telemetry logs on the server, later started using Splunk for health monitoring, analysis and reporting.
• Used Confidential Information Technology Service Management (ITSM) tool for managing the incidents based on the priorities and solved issues which are in security domain.
• Generated Vulnerability reports to monitor health of the applications and also reported High, Medium and low vulnerabilities in these system.
• Troubleshoot network application inbound/outbound connectivity utilizing BluCoat proxies and Wireshark.
• Actively involved on Bridges in solving High / Severe incidents reported in the application or in environment. Reported all my findings on the incident status to the higher management, clients in timely fashion.
• Held Responsibility for Securing and Maintaining 14 legacy applications, 10 geographically separated application servers and around 200 Citrix Servers along with a small team.

Confidential, Oakland, CA

Security Engineer

Responsibilities:

• Performed security compliance assessments for all IT infrastructures (firewalls, routers, IDS/IPs, DLP, Linux/Windows security hardening).
• Provided with Threat profiling of the application to the Client and prepared combined reports of level of risks, their trend, and frequency to the client
• Conducted white/gray box penetration testing on the financial systems using Kali Linux, Cobalt Strike for OWASP top 10 Vulnerabilities like XSS, SQL Injection, CSRF, Privilege Escalation and all the test-case of a web application security testing
• Splunk licensing updates by adding new license under Admin and System and License Management.
• Ironport URL filtering for known bad URL content.
• Mail analysis and blocking for known bad emails Analysis of pcap files using Confidential and Wireshark System audit and analysis using DOD checklist.
• Threat and virus scanning using Malwarebytes from centralized console Enforcement of policies and procedures for users, admins, and management
• Reverse engineering of malware using tools like malwr, process hacker and so on Incident response tabletop exercise by documenting and alerting necessary personnel.

Confidential

Web Application Developer

Responsibilities:

• Designed and developed effective internal Web applications, relational database and stored procedures to analyze and monitor all activities related to Web-based sales.
• Developed application presentation layer, which is based on Spring MVC framework involving JSP, Servlets and HTML, CSS.
• Involved in implementing SOAP as well as RESTful web services using WSDL, SOAP, JAX-WS, JAX- RS, SOAP UI and JERSEY.
• Developed this web application to store all system information in a central location. This was developed using Spring MVC, jQuery, JSP, Servlet, Oracle 10g, Python,HTML and CSS.
• Automated sales monitoring and credit/identity verification application processes, decreasing costs and improving quality.
• Created documents related to System Development Life Cycle (SDLC) deliverables.
• Assisted in business process design and documentation as needed for new technology solution implementations.