SUMMARY

• A Penetration Tester and Security Analyst with 2+ years of professional experience and specialized master’s degree in Cyber Forensics and Security with 8 months academic project on VoIP technology and 4 months project on penetration testing.
• Performing port checking and filtering all the open ports and defencelessness examining on the IP & identifying IP, ports, administrations, vulnerabilities, and administrations running on the objective system (vulnerability and network scanning)
• Using Enterprise level Vulnerability scanners like IBM App Scan, Hp Web Inspect, Nessus, OpenVAS Scanner, Armitage, Snort, Dirbuster and various opensource and free in - built tools like Nmap, Metasploit, OWASP ZAP, Hping3, Aircrack-ng, OpenVAS Vulnerability Scanner and many in-built tools available in Kali Linux and Parrot Security Operating systems.
• Adept in penetration testing and forensic analysis. Certified in Cisco Network Associate, Kali Linux, PCI DSS Auditing, and worked on VoIP, HTTPS, SNMP, FTP, RDP, TCP, RTP etc.
• Good practical knowledge in vulnerability analysis, Exploit Creation, risk mitigation and recommendation on how to avert the security breach.
• Hands-on knowledge in computer forensics, extracting data logs for a breach and doing a live forensic analysis. Security Auditing in PCI DSS, Policy Creation, audit assessment, compliance and reporting.
• Checkpoint firewall administration with configuration, Java, SQL and technical support for most of the devices.
• Troubleshooting system and network problems and diagnosing and solving hardware or software faults, replacing parts as required, setting up new users' accounts and profiles and dealing with password issues.
• Maintenance of internet connections, monitor and test system performance and provide performance statistics and reports. Prepared technical documents by implementing the necessary changes as defined in the change management process.
• In-depth understanding of Information Security Concepts, Vulnerability Assessment and Penetration testing.
• Sound Knowledge in Security Auditing and hand-on experience in PCI DSS Assessment and report writing.
• Complete hand-on experience with Checkpoint firewall from configuration to policy creation and logging.
• Configuration of wireless routers, switches & modems. Purchasing of IT Peripheral online & offline. Aware of video conferencing system in organization, Knowledge of Cloud storage system like, G-Drive, One Drive and box.
• Good Knowledge on Encryption/Decryption, Authentication and Authorization, Signing, GnuPGP, Public-key Encryption.

TECHNICAL SKILLS

• Nessus Enterprise
• Paladin (Desktop Forensics)
• Burp Suite Pro
• OpenVAS Scanner
• Qualys Guard
• Wireshark
• Cherry tree Report Maker
• FTK Imager
• Kali Linux
• Windows
• IBM AppScan
• HP Web Inspect
• Metasploit
• Snort
• Splunk
• W3AF (Web App testing)
• Encase
• Win Hex
• Parrot Security
• Windows Servers
• Maltego
• Nmap
• Nikto Scanner
• Beef XSS Framework
• Armitage
• Social Engineering Toolkit
• The Sleuth Kit
• ProDiscover Forensics
• Ubuntu
• Checkpoint Firewall

PROFESSIONAL EXPERIENCE

Confidential, Alpharetta, Georgia

Vulnerability Assessment and Penetration testing

Responsibilities:

• In-depth understanding of information security concepts.
• Experience on assessment and penetration testing
• Perform Vulnerability assessment on the internal network in the organization to identify if they are patched and updated.
• Conduct vulnerability scans and patch management on client application and machines
• Schedule and initiate automated vulnerability scans in Nessus and IBM Scan, and manual verification of the vulnerabilities by conducting penetration testing to quantify the impact and calculate time frame for the patching.
• Conducting Web Application Vulnerability Assessment using Burp Suite, HP Web Inspect, IBM AppScan.
• Red teaming and Blue Teaming
• Researching and preparing demo's on latest vulnerabilities with exploits which will affect company.
• Investigate and resolve any security issues found in the host systems, databases, network configurations, OS vulnerabilities, users and password creations and try to be in compliant.
• Extensive experience working with Qualys-guard to conduct Network Security assessments.
• Sound knowledge and industry experience in Vulnerability Assessment and Penetration Testing on web-based Applications, Infrastructure and penetration testing and Mobile based applications.
• Broad knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support.
• Experience in vulnerability assessment and penetration testing using various tools like Metasploit, Burp Suite, DirBuster, OWASP ZAP proxy, NMap, OpenVAS, Nessus, Acunetix, HP Fortify, IBM AppScan enterprise, Kali Linux
• Expertise in SQL Injection protection, XSS Protection, Script Injection and major hacking protection techniques
• Involved in Software Development Life cycle (SDLC) to ensure security controls are in place
• Experience in Threat Modelling during Requirement gathering and Design phases
• Static Code Analysis during development phase
• Performed the gap analysis to identify scenarios like privilege escalation
• Experience as an Information Security Analyst involved in OWASP Top 10 based Vulnerability Assessment of various internet facing point of sale web applications and Web services

Confidential

SOC Analyst

Responsibilities:

• Conducted vulnerability assessments on host systems, web applications, company network servers and firewall devices and operating systems and carefully identified critical vulnerabilities in applications and systems that cyber attackers could exploit.
• Conducted network security audits and scanning on a predetermined basis on assets.
• Executed vulnerability assessment using the enterprise application like Tenable Nessus Scanner to pinpoint vulnerabilities and reduce time-consuming tasks.
• Performed manual testing techniques and methods to gain a better understanding of the environment and reduce false positives on certain findings in the reports.
• Compiled and tracked vulnerabilities over time for metrics purposes and produced deliverables on a weekly basis for the customer. Developed and presented comprehensive Vulnerability Assessments on the system assets in my scope. Reviewed and defined requirements for information security solutions and worked directly with systems engineers and developers to resolve findings.
• Performed penetration testing using standard penetration tools (Metasploit, Nmap, Nessus, Burp Suite, etc.). Planned, communicated, coordinated and performed penetration testing, application testing, and security assessments at application, system and enterprise level.
• Conducted testing on web applications and performed scans using BurpSuite, OWASP ZAP Scanner and WebInspect. Validated findings by performing manual exploitation of findings to eliminate false positives.
• Recognized, explained, documented, and reported vulnerabilities and kill chains, describing remediation activities, with the ability to extensively communicate the results, in both technical, and layman terms, to the appropriate audience. Contributed to developing and implementing tools for penetration testing and early warning of weaknesses.

Confidential

Jr. Network Systems Engineer

Responsibilities:

• Handle daily tier one support from end users and generate tickets.
• Organize daily support tickets and finish them on time.
• Maintaining and administering computer networks and related computing environments including systems software, applications software, hardware, and configurations.
• Troubleshooting, diagnosing and resolving hardware, software, and other network and system problems.
• Replacing faulty network hardware components when required.
• Maintaining, configuring, and monitoring virus protection software and email applications.
• Monitoring network performance to determine if adjustments need to be made.
• Conferring with network users about solving existing system problems.
• Coordinating computer network access and use.
• Designing, configuring and testing networking software, computer hardware, and operating system software.
• Testing and checking the system for weaknesses in software and hardware.
• Configure CPU, memory, and disk partitions as required.
• Perform daily routine checking on servers and services.
• Take on call role to provide 24/7 support to end users.