SUMMARY

• Information Security professional with 6+ years of experience as Application Security Engineer
• As a App Security engineer has experience in Static application security testing (SAST)and Dynamic application security testing (SAST) and Pen testing web applications
• CEH Certified
• Involved in Software Development Life cycle (SDLC) to ensure security controls in both DevOps and Waterfall models
• Experience in Threat Modelling during Requirement gathering and Design phases
• Involvement in various security tools for testing like Micro Focus Fortify, IBM(HCL) AppScan, Burp Suite, Kali Suite, Nessus
• Experienced in C/C++, ASP.NET and JavaScript and SQL
• Experience with multiple OS such as Linux, Mac and Windows
• Experience in performing web application penetration testing
• Experience in conducting reverse engineering
• Provide consultative support with implementation of remediation steps, standards, and best practices
• Profound knowledge of network architectures, operating systems, application software and security tools
• Good knowledge of software attack scenarios and exploitation techniques
• Experience in coordinating network security penetration testing performed by third - party on internally hosted assets
• Experience with risk scoring standard such as CVSS v3 and how to apply them
• Knowledge of Vulnerability Management, Data protection, Logging and Monitoring, Network Security, Encryption, Identity and Privileged Identity Management
• Experience with enterprise ticketing systems and task management/issue tracking
• Capability to articulate technical concepts to technical and non-technical audiences.
• Assisted clients with questions regarding vulnerabilities and propose mitigations
• Worked independently and within a team environment

TECHNICAL SKILLS

• BurpSuite Pro
• Micro Focus Fortify
• HCL AppScan
• Kali suite sqlmap
• Nmap
• Zap Proxy

PROFESSIONAL EXPERIENCE

Confidential

Application Security Engineer

Responsibilities:

• Design and support evolving application security program
• Run vulnerability and patch management
• Train development team on the secure coding practices
• Perform Security Architecture Reviews; ensuring compliance and best practices during design
• Network security analysis and risk management for in network systems
• Assist development teams in finding best remediation strategies for identified vulnerabilities
• Active participation in Performing Penetration testing on Business critical applications
• Residual risk analysis and security reports creation, detailing assessment findings and recommendations
• Assist bank with independent, point-in-time and 3rd party assessments on bank hosted web applications
• Performed Security Event Analysis as a point of escalation in regard to web based attacks
• Monthly Reviews carried out with BISO’s and CISO
• Ensured compliance with legal and regulatory requirements
• Assist Incidence Response and Threat Intelligence in validating alerts and zero days

Confidential

Security Consultant

Responsibilities:

• Part of Security programs and processes such as Patch Management and Security Requests
• Established vulnerability assessment practice, proactively ensuring safety of client-facing applications and minimizing client audit findings.
• Performing security analysis and identifying possible vulnerabilities in the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities
• Preparation of security testing checklist to the company
• Ensure all the controls are covered in the checklist
• Updating of the checklist on weekly basis to ensure all the test cases are up to date as per the attacks happening in the market
• Creation/Review of Security Policies, Standards and Procedures
• Assisted in review of solution architectures from security point of view which helped avoiding security related issues/threats at the early stage of project
• Monthly Reviews carried out over the Vulnerability Assessments
• Raising issues against any High severity vulnerabilities in the Scan reports.
• Ensured compliance with legal and regulatory requirements

Confidential

Security Analyst

Responsibilities:

• Preparation of risk registry for the various projects in the client
• Training the development team on the secure coding practices
• Providing details of the issues identified and the remediation plan to the stake holders
• Actively search for potential security issues and security gaps that are beyond the ability of detection by any security scanner tool
• Conducted security research on threats and remediation methods
• Identification of different vulnerabilities of applications by using proxies like BurpSuite to validate the server-side validations
• Assist developers in remediating issues with Security Assessments with respect to OWASP standards

Confidential

Security Analyst

Responsibilities:

• Actively participated in designing of Vulnerability Management and Application security programs
• Conducted research on security tools
• Investigate, Contain, and Eradicate Virus, Trojans, Malware etc. In Windows devices
• Involved in writing security test cases from project requirements and help QA teams to incorporate security testing
• Monitored, analysed and responded to security incidents in the infrastructure
• Helped in creating weekly scanning report on range of IP’s from asset management repository and communicated the results to responsible asset owners for the fix