SUMMARY:

• 10+ years of experience in Security Domain on Information Security, Cyber Security, Application Security assessment, Vulnerability Assessment & Penetration testing(VAPT) and DevSecOps.
• Completed Bachelor of Electronics Engineering.
• Well versed with VA / PT for Networks and Web & Mobile Applications.
• Identifying the risks / Gaps or any issues that could affect the project and providing the recommendation to mitigate the risk.
• Managed Secure Software Development Lifecycle (SDLC) program which includes identifying security requirements, implementing security controls & assessing security threats.
• Reviewing the documents either it could be of policies, procedures and follow - up with the application owners / delegates are done if the supporting documents are completely accurate.
• Have performed risk assessment reviews of SRS (Software Requirement Specification) documents.
• Audited 550+ Web & Mobile applications in the areas of Telecom, Internet Banking, Core Banking, Insurance, Social Networking and ecommerce domain as per OWASP top 10 guidelines.
• Performed Source Code review for 150+ Web & Mobile applications.
• Have performed Static Code Analysis (SAST) and Dynamic Web App Analysis (DAST) of multiple applications.
• Performed vulnerability assessment & penetration testing of 1000+ IPs, including servers, firewalls and network devices for 10+ corporate networks.
• Managed vulnerability management program at leading Insurance Company.
• Worked on a long term application security program at a leading Telecom & Insurance company.
• Conducted mobile penetration testing for Banking, Telecom, Insurance, Financial applications etc.
• Experience in developing and testing security architectures of payment & cloud-based systems.
• Have managed security architecture & software development processes to ensure security best practices are followed.
• Experience with Enterprise Architecture framework such as TOGAF.
• Security audit for Wireless networks.
• Security assessment for Public and Private Cloud.
• Worked on Cloud Security for OpenStack Cloud Architecture & AWS.
• Knowledge of various AWS security services like AWS Identity and Access Management (IAM), Amazon Inspector, AWS Key Management Service (KMS), Amazon Macie, AWS Shield, AWS WAF, Amazon GuardDuty, AWS Security Hub etc.
• Experience in DevOps environments and maintaining security in CI/CD processes.
• Security assessment for MPOS device.
• Risk assessment of USSD.
• Worked on Indusguard & Citrix Web Application Firewall (WAF).
• Performed security assessment for 120+ Web-Services.
• Well versed with API security & performed security assessment of multiple API gateways.
• Have knowledge of IDS/IPS technologies.
• Have knowledge of NIST Risk Management Framework.
• Have good understanding of frameworks and standards including OWASP, ISO 27001, PCI DSS & HIPAA.
• Taken 60 hours of training for Certified Ethical Hacker (CEH).
• Awarded appreciation certificate for Jio Money & WAF testing at Confidential Town hall.

TECHNICAL SKILLS:

Web App Security Scanner: HP WebInspect, HP Fortify, IBM Appscan, Veracode, Netsparker.

Web Proxies: Burp Suite, Paros, Fiddler, ZAP.

Vulnerability Management Platform: Threadfix, IBM Rational, Jira.

Other Tools & Addons: Nikto, SqlMap, DirBuster, BeEF framework, Tamper Data, Cookie Editor, Fire Bug, Web Developer, CO2, EchoMirage, Winhex.

Language & Scripting: C, C++, Java, HTML, Python, JavaScript.

Platform: iOS, Android, Windows.

Android Tools: Dex2jar, gd-gui, Apktool, Adb, Inspackage, AppUse, Drozer, Xposed Framework, Rootcloak, Sqlite browser, Jarsigner, MobSF framework, Androbugs, QARK. iOS Tools: SyncIOS, Ifunbox, Cydia, Otool, Snoop-it, Classdump, Sslkillswitch2, Trustme, IRET, Xcode.

Port Scanning Tools: Nmap

Vulnerability Scanners: Nessus, Nexpose

Operating Systems: BackTrack, Kali Linux

Other Tools: Wireshark, Tcpdump, Metasploit, Scapy, Netcat, Testsslserver, QualysGuard.

Platform: SOAP, REST

Tools: SoapUI, Postman, Rest Client, Burp.

Tools: Aircrack, inSSIDer, WireShark, WepAttack, Reaver.

PROFESSIONAL EXPERIENCE:

Confidential, Texas

COMPUTER SECURITY SPECIALIST

Responsibilities:

• Working as Computer Security Specialist - for AT&T client.
• Project involved DevSecOps & Web application security testing of largest telecom company in United States.
• Involved in analyzing User Stories and different projects assigned with security impact and preparing security test related scenarios.
• Developing test scenarios and deciding their severity and prioritization.
• Performing penetration testing by considering all the flows of the application.
• Test web applications for vulnerabilities like SQL injection, Cross Site Scripting (XSS), Business Login Bypass, Session Management, XXE etc.
• Vulnerabilities detected were supported by appropriate Proof Of Concept (Screen Shots).
• Preparing a detailed report of the vulnerability findings.
• Raising defects in Quality Center/TDP, tracking and closure of defects.
• Have used various Vulnerability Management platforms like ThreadFix, IBM Rational etc.
• Suggesting mitigation to developers, and finally performing revalidation.
• Strong knowledge of networking, virtualization, authentication & cryptography.
• Supporting client’s ISG (Information security Group) to resolve the reported vulnerabilities / gaps / findings without impacting the performance of the system & business.
• Managing client’s bug bounty program.

Confidential

INFORMATION SECURITY CONSULTANT

Responsibilities:

• Worked as Information Security Consultant - for the Company.
• Vulnerability Assessment / Penetration Testing
• Application Security
• Planning and carrying Information Security Audits
• Risk Management
• Well versed in handling client relationship, through the lifecycle of a project, from requirement gathering phase to report delivery, to consulting various solutions for mitigation of found vulnerabilities and then finally the revalidation phase.
• Performing Business Impact Analysis with the application team.
• Creating Reports as per customer needs, of the scans.

Confidential

ASSISTANT MANAGER (Application Security)

Responsibilities:

• Worked as Assistant Manager in Application Security - for the Company.
• Identifying a strategy and method for Web Application Security, Mobile Application Security, Web Application Attacks & Network Security Testing.
• Performing Mobile Penetration Testing.
• Creating vulnerability reports with proper mitigation and POC.
• Responsible for creating and implementing vulnerability assessment checklists for an application vulnerability assessment
• Coordinating with respective Application Managers to understand the requirement of Findings regarding application security.
• Creating, updating and closing finding related to Application Plan development and Internal Application Assessment.
• Experience in integrating security within the various cloud service models (e.g., IaaS, PaaS, SaaS) in order to identify the appropriate security solutions for various cloud implementations. Able to architect, implement, and document system security controls.
• Source Code Review manually as well as automated.

Confidential

ELECTRONIC ENGINEER TRAINEE

Responsibilities:

• Programming of PLC, HMI and DRIVES of SIEMENS, LENZE, PARKER and ALLEN-BRADLEY etc.
• Designing of Electrical & Automation Panels and Pneumatic system.
• Implementation & Calibration of Load Cells, Web guides of Erhardt+Leimer & BST, Proximity Sensor, Diameter Sensor etc.

Confidential

APPLICATION SECURITY CONSULTANT

Responsibilities:

• Performed Web Application security testing.
• Performed Mobile Application (Android & iOS) security testing.