SUMMARY:

• Skilled in various domains like Information Technology, Financial Services and Event Management with prior expertise and certification, while having held various positions with over five years of business experience and expertise.
• Looking forward to utilize my skills in monitoring real world Cyber Incidents which has high business impact and automate the mundane tasks to increase productivity. Successful experience interfacing with both the Business side and IT to assess feasibility of new ideas and prioritize development items in the project.
• Extensive experience in Exploitation, Post Exploitation, Privilege Escalation.
• Hands on experience with system hacking, webserver hijacking, session hijacking, wireless network hacking and web application hacking.
• Performed Denial of Service, Sniffing, SQL Injection, buffer overflow and cryptography with various tools that helped to achieve goals.
• Hands on experience with viruses, worms, trojans and backdoors.
• Experienced with virtualization of different operating systems.
• Good experience in web technologies like HTTP, HTML, CSS, Forms and Database Connectivity.
• Simulate how an attacker would exploit the vulnerabilities identified during the dynamic analysis phase.
• Coordinate with dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.
• Broad knowledge of hardware, software and networking technologies to provide a powerful combination of analysis, implementation and support.
• Domain experience in IT, Banking and Financial Services and E Commerce.
• Execute and craft different payloads to attack the system for finding vulnerabilities with respect to input validation, authorize checks etc.
• Identifying the critical, high, medium, low vulnerabilities in the applications based in OWASP top 10 and SANS 25 and prioritizing them based on critically.
• Experience in using Python and its framework Django.
• Using various Firefox add - ons to perform pen tests leading the online application team in reporting the issues and taking them to closure.
• Experienced with full software development life-cycle Waterfall, Agile methodologies.
• Deployed production site using Apache Servers.
• Experience in analysis of live network traffic and capture packets using Wireshark.
• Experienced in using XAMP and WAMP.
• Versatile with GITHUB, JIRA and SVN.
• Familiar with Linux, basic cryptography, security, secure SDLC and Source Code Analysis.
• Familiar with different attacks such as DOS, DDOS, IP Spoof, Man in the middle, DNS poisoning, Password cracking, CSRF, XSS etc.
• Can work with any US Employers - will not need visa sponsorship now or on the future.

TECHNICAL SKILLS:

Operating Systems: Kali Linux, Debian, Windows and Mac

Web technologies: HTML, CSS, Bootstrap

Web Frameworks: Django

Web Server: Apache, IIS 6.0/7.0

Languages: Python, R, Shell Scripting

Database: SQLite3, MYSQL, PostgreSQL, Oracle

Methodologies: Agile, Waterfall

Configuration Management: GitHub, SVN, CVS.

Software Tools: Wireshark, NMap, Httrack, Maltego, Nessus, Metasploit, Wordpress Scanning, Acunetix, IBM AppScan, Burp Suite, SQL Map, OWASP ZAP proxy, DVWA, Webgoat, Recon-NG, Vega, Aircrack-ng, Social engineering toolkit, Hamster, Driftnet, Ettercap, HP Fortify, Qualys SSL, MS Office, MS Visio, Tally, Finacle, Joomla, PeopleSoft, Tableau

PROFESSIONAL EXPERIENCE:

Confidential, Atlanta, GA

Web Application Security / Penetration Tester

Responsibilities:

• Extensive interaction and coordinator in understanding the business issues, requirements, doing exhaustive analysis and offering end to end solutions
• Involved in complete SDLC to address and integrate Security by using the techniques such as Threat Modeling, Risk Management, Logging, Penetration Testing.
• Conducting privacy (PIA), and threat risk assessments (TRAs).
• Worked with a group of individuals committed for conducting research, attack detection and build mitigation techniques for threats posed in network and application layers.
• Worked intently with development teams to re-mediate application vulnerabilities detected through security scanning tools.
• Identified all the types of vulnerabilities in the applications based on OWASP Top 10 and SANS25 prioritizing them based on the criticality.
• Develop correlation rules for Security Incident and Event Management (SIEM) system. Reviewed the solution implemented for “log forwarding” from various network devices to ArcSight central logging for alerting and security monitoring.
• Performed analysis using Kali Linux environment and effectively neutralized DOS, DDOS, XSS, CSRF and SQL Injection Attacks.
• Assisted developers in re-mediating issues with Security Assessments with respect to OWASP standards.
• Developed Disaster Recovery and BCP plans.
• Developed corporate information and technology policies / methodologies to standardize and document processes.
• Prepare notices presentations and webinars to educate staff and dealer members on cyber security best practices and recommendations.
• Delivered the Information Security program, including Information Security framework for applications, tools, encryption, firewalls, business resumption and disaster recovery planning.
• Managed internal IT security and technology risk assessments of projects and general computer control risk reviews of integrated audits with operational audit teams.
• Communication effectively with various audiences such as executive senior management and technology teams
• Assessed program infrastructure and data to identify vulnerabilities caused by weaknesses or flaws in a large and complex IT solutions supporting Blockchain technology. Made recommendations to improve security based on assessment and knowledge of current and emerging threats.

Confidential, Houston, TX

Security Engineer

Responsibilities:

• Responsible from risk and quality management throughout the project lifecycle.
• Train staff on cyber security risks and controls and how to effectively complete the cyber security review procedures.
• Assisting projects in formulating security requirements ( Eg: CASB, Vendor Management, IAM, ERP).
• Acquainted with various approaches to grey and black box testing.
• Identified and reported vulnerabilities like SQL Injection, XSS, CSRF relating to session management, privilege escalation and other logical issues.
• Performed daily activities for assessing, monitoring and maintaining the operational security of the enterprise, assessing the security impact of configuration and architecture changes, and managing IT security incidents.
• Providing and raising client’s awareness and knowledge of security process frameworks, compliance and risk requirements and regulations, with regard to cloud data privacy and protection.
• Conducting Web Application Vulnerability & Threat Modelling, Gap Analysis, secure code review on the applications with respect to guidelines provided by Cisco.
• Conducting and delivering comprehensive ethical hacking assignments, information security and various Governance Risk and Compliance (GRC) reviews, Information Security Assessments(ISA’s), Threat & Risk Assessment, Privacy Impact Assessments (PIPEDA, HIPAA), assessing client’s security controls, architecture, policy, vulnerabilities against existing and emerging threat vectors & trends.
• Assisted developers in re-mediating issues with Security Assessments with respect to OWASP standards.
• Analyzed security vulnerabilities in the applications as well as in network using different assessment tools such as ZAP, Burpsuite, Metasploit and Nessus. Successful in defending against a DNS tunneling attack which if left unattended would cause data exfiltration.
• Gathered, analyzed, scored, notified, follow up on vulnerabilities and wrote formal Vulnerability Management related policy and procedure documents.
• Chaired monthly patch Tuesday Vulnerability Management meeting to discuss recently disclosed vulnerabilities with key stakeholders.
• Contributed to the development of Cyber Security standards and procedures consistent with corporate security objectives and generally accepted and leading edge information security practices and professional security standards.
• Conducted security assessment of PKI Enabled Applications

Confidential

Security Analyst

Responsibilities:

• Performed daily activities for assessing, monitoring and maintaining the operational security of the enterprise, assessing the security impact of configuration and architecture changes, and managing IT security incidents.
• Proficient in identifying flaws like SQL Injection, XSS, CSRF, File inclusion, XSS, Insecure direct object reference, Security Misconfiguration, Sensitive data exposure, function level access control, Invalidated redirect.
• Prepare notices presentations and webinars to educate staff and dealer members on cyber security best practices and recommendations
• Worked on projects ranging from basic network scans, fraud, ransomware, PCI DSS compliance, OWASP compliance and mobile applications. I have researched a lot into these technologies and have gained a considerable amount of knowledge.
• Used Burp Suite, Nmap, Nessus, SQLMap for web application penetration tests and infrastructure testing.
• Experienced in ISO27001, NIST Standards, COBIT, ITIL and other security and IT management frameworks to in corporate security into various business and technical processes
• Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% closure.
• Assisting in review of business solution architecture from security point of view which helps avoiding security related issue/threats at the early stage of project.
• Develop and write procedures for installation, use and troubleshooting of various infrastructure and security projects.
• Communicate audit progress and findings by preparing reports, providing information in meetings.

Confidential

Application Security Analyst & Event Coordinator

Responsibilities:

• Organized and led several events for different projects of the company.
• Performed manual host, network and web application penetration test.
• Performed vulnerability assessments of high priority servers.
• Produced quality reports, detailing findings, methodology and remediation details
• Code development and maintaining security throughout the entire SDLC of projects.
• Made recommendations of mitigated identified risks.
• Post analysis the data was represented in visual charts and graphs
• Performed pentesting utilizing tools such as Maltego, NMAP, Nexpose, Nessus, Acunetix, Metasploit, Burp Proxy Suite, ZAP, Kali & Parrot Distributions tools sets, Hydra and cURL
• Performed Web application penetration tests standard based on OWASP and PCI requirements.
• Facilitated client engagements and executed within assigned budgets.
• Executed corporate events such as IT Fests, management events, and trade exhibitions.
• Conducted penetration testing for all the web applications and websites developed by the company using Nmap, Nessus, Metasploit, Wordpress Scanning, Burpsuite, Recon-ng, Vega etc.
• Facilitating workshops and developing and conducting presentations and training for both business executives and technical audiences.
• Contributed to the development/delivery of awareness training and general information security education.