CAREER OBJECTIVE:

Lead Cyber Security Analyst with an innovative, collaborative, research and goal oriented approach towards mitigating overall product Security Risk and Infrastructure risk. Proven leadership and technical skills involve wide range of product security risk assessment and mitigation. Excellent analytical and problem - solving skills. Dedicated to high quality assessments and deliverables.

PROFESSIONAL SUMMARY:

• 12+ years of experience in Information Security
• Application security Penetration testing on Enterprise and mobile applications by manual and automated tools
• Dynamic scan on Web applications with Whitehat dynamic scanner and Veracode dynamic scanner
• Application Security design reviews at the code level and Architecture level, threat modelling, Risk Management
• Confidential using Qualys and Nexpose
• Confidential with SIEM tools and Managed services like BT and Alertlogic
• Confidential on Windows AD
• Management with the Symantec, Digi cert, thawte etc.,
• Active participation in audits like PCI, VISA ACS, SOC2 etc.
• Working on Incident Management, Change Management and Defect Management
• Firewall review for entire SaaS Ops environment and AWS security group evaluation
• Network Pentesting on SaaS hosting environment
• Risk assessment on entire SaaS Ops vulnerability assessment results
• Static code analysis with Fortify and IBM App scan
• Cloud Security Architect for AWS, Century link and Azure for Infrastructure as a Service
• Enable security controls for SaaS network and applications in a DevOpS framework
• Lead Infosec tasks for the deployment of a Cloud Fedramp Environment
• Team management

TECHNICAL SKILLS:

Languages: C, Python, Jython, C#, ASP.net

Web Designing: HTML, javascript

Security Tools: Http watch,Webinspect, Appscan, Core impact, Burp proxy,Com Raider, Ounce, Oll’y Debugger,Jad, Wire shark, Open ssh, gdb, Appscan source edition, Fortify, Whitehat dynamic scanner, Veracode Dynamic scanner, BT Sentry device, Alertlogic Confidential, Splunk, SNORT, Nexpose, Appspider, Nessus, Active directory, Qualys.

Operating systems known: Server Side Red Hat Enterprise Linux, Windows Server 2003/ 2008

Client Side: Windows XP, Vista, Windows 7,Windows 8,Linux, Mac OS

PROFESSIONAL EXPERIENCE:

Confidential

Tools: Used: Web Inspect, AppScan, Burp proxy, Http Editors, HTTP watch, Qualys etc.

Responsibilities:

• Conducted penetration tests of Confidential and CA websites on a regular basis.
• Communicate with the development teams for functional related issues.
• Manually analyze all the requests sent by the application and look for the common vulnerabilities like XSS, SQL injection, Authorization and Authentication related etc.
• Create proof of concepts to demonstrate the exploits.
• Write scripts/tools to assess the security of complex applications.
• Running scanners like AppScan, Web inspect.
• Disassembling/decompiling the client side applications.
• Documenting all the vulnerabilities with proper risk assessment
• Suggest remediation’s to all the identified vulnerabilities.
• Giving secure code snippets to the development teams.
• Explore different web technologies to understand the security issues arise in web applications.
• Keep update with the latest vulnerability finding techniques. the new team members.
• Developed small web applications which are useful for the work in Asp.net.
• Performed penetration tests on web services.
• Performed application security tests on cloud based applications
• Worked with the customers security questionaires related to different services in Confidential and Confidential
• Presented Application pentest findings to customers as a CA Infosec representative

Confidential

Tools: Used: Fortify and IBM Appscan source edition etc.

Responsibilities:

• Carried out over 30 static code analysis on a different kind of web applications.
• Analyzed false positives on Fortify results and delivered reports to product teams.
• Have done consulting work with product teams.
• Worked on fixes as per CA risk policy remediation guidelines with Engineering team.

Confidential

Tools: Used: Nessus, Nmap, Qualys and Nexpose etc.Managing Confidential program for entire SaaS BU

Responsibilities:

• Monitor and update scheduled scans when there are changes
• Review scan results and work with service managers to remediate the issues
• Deploy new scan engines when new environments are setup
• Configure new sites and asset groups
• Identify and tag assets for proper sorting into the asset groups
• Integrating Nexpose in a DevOpS build pipeline
• Qualys - Vulnerability scanning
• Monitor and update scheduled scans with PCI Scan profile
• Worked on PCI ASV scans and generated PCI ASV attestation reports every quarter
• Review scan results and work with service managers to remediate the issues

Confidential

Tools: used: Splunk, SNORT, BT and Alertlogic managed services

Responsibilities:

• Alertlogic Managed Service for Confidential:
• Alertlogic Monitoring for one of the SaaS hosting environment
• This involves reviewing the alerts and incidents
• This involves reviewing failed logins
• Alertlogic Maintenance
• This involves coordinating the shipping and swapping out of appliances
• Ordering and configuring new appliances
• Working with the network team to ensure coverage of all networks
• Integrating Confidential tools in the PaaS Common Stack Automation deployment of VMs.
• BT managed services for Confidential:
• BT Sentry monitoring for one of the SaaS hosting enviornment
• This involves reviewing the alerts and incidents

Confidential

Responsibilities:

• Administer 3 Active Directory Domain
• Add new user accounts when people are hired
• Disable accounts when people leave
• Modify security groups - various reasons
• Reset passwords and troubleshoot user access issues
• Generated periodic access report for active directory, PKI management and also adhoc report requirements.