We provide IT Staff Augmentation Services!

Senior Security Engineer Resume

Boston, MA

PROFESSIONAL SUMMARY:

  • 8 + years of experience in Cyber Security and network security, including extensive experience in Web Application, Vulnerability Assessment, Infrastructure Security, penetration testing
  • Experience in penetration testing with Kali Linux: nmap, nessus, nexpose, wireshark,password cracking, TCPDump, metasploit
  • Proficient in Linux operating system configuration, shell scripting
  • Worked on Application Security Tools like Qualys Nessus scanner & IBM AppScan
  • Experience using a wide variety of security tools to include Kali - Linux, Wireshark, Snort, Nitko, IBM Appscan, Nessus, Open Vas, Metasploit, Burp Suite, OWASP ZAP Proxy, Nessus, Nmap and HP Fortify.
  • Performed bi-weekly network scans. Analyze risks and automate repeatable tasks.
  • Experience in POS, Transaction Logs ( TLOG), payment systems, electronic funds transfer, cloud, data warehousing, web development, applications
  • Experience in Point of Sale application testing including Functional, System Integration, User/Business acceptance, regression, data migration, data conversion, E2E and production acceptance Testing for web-based applications
  • Good understanding on OWASP vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak passwords
  • Configured, maintained and Worked on firewalls, switches, VPNs and routers
  • Worked on software development lifecycle and Software Testing Life cycle and Agile Methodologies
  • Experience in different web application security testing tools
  • Good Knowledge on OWASP Top 10 and SANS Top25
  • Worked on onsite/offsite environment
  • Reviewing, Designing, modifying test scenarios, test cases & Creating test data.
  • Extensive experience working with Qualys Guard to conduct Network Security assessments.
  • Good Understanding of compliance and regulatory requirements like PCI DSS, SOX & HIPAA.
  • Team player and ability to learn the new concepts effectively and efficiently.
  • Experience in Preparing test strategy/Plan, status reports.
  • Expert in Planning, scheduling, and test environment/data setup, execution, tracking and reporting
  • Conducted presentations to clients projecting the security services offered by the firm.
  • Having good experience in Source Code Analysis Tools on Web based Applications.
  • Skilled in analyzing and monitoring network security solutions

TECHNICAL SKILLS:

Vulnerability Testing: Tenable Nessus, NMAP, OpenVAS, Qualys Guard Rapid 7 nexpose

Application Security: IBM Rational AppScan, Burp Suite,HPWeb Inspect, HP Fortify, Nikto, Metasploit, Kali Linux,Veracode,SonarQube

SIEM Tools: SPLUNK, Arc Sight

Penetration Testing: Wireshark, Metasploit

Languages & Databases: SQL, Python, Shell scripting

SECURITY SKILLS/TOOLS:

Port/Vulnerability Scanning: Nmap/ ZENMAP, Nessus, OpenVAS

Sniffing/Man-in-the-Middle: Wireshark

Web Application Vulnerability Scanning: Nessus, OpenVAS, HP Fortify, Acunetix, HP Web inspect, IBM AppScan, Burpsuite Pro.

Server/Client-Side Exploitation: Metasploit

Password Cracking: Hydra, Rainbow Crack, 0phcrack, John the Ripper

Web Application: Manual SQL Injection, Manual Cross Site Scripting(XSS), Cross site request

Wireless: Aircrack-NG Suite and Kismet

Operating system: Windows and Linux

Protocols: TCP/IP,IPv4,TACACS,SSH,SSL,TLS,RADIUS(AAA),SNMP,DHCP,ICMP,FTP,VLAN,VTP,NAT,IPSEC,VPN,Subnetting,RIP,OSPF,BGP,LAN/WAN,DNS,ATM,PPP

Tools: JIRA, Quality center(HPALM),SCCM, Confluence, Bug zilla, SVN,CDETS

PROFESSIONAL EXPERIENCE:

Confidential, Boston, MA

Senior Security Engineer

Responsibilities:

  • Conducting Web Application Vulnerability Assessment & Threat Modeling, Gap Analysis, secure code review on the applications..
  • Used SAST tools (SonarQube) to test source to expose weaknesses in the software before it is deployed.
  • Perform DAST on the web applications using Burpsuite pro, OWASP ZAP to identify security weaknesses and provide remediations.
  • Perform Manual assessments on the source code (Java, .Net & Python) to look for security weakness inside the code.
  • Hands on Experience in conducting web application security scan using IBM Appscan, HP web inspect and Accunetix.
  • Discussing with Mangers and Development Team on the identified vulnerabilities
  • Assigning the priority and Planning for the remediation of the high level Vulnerabilities found during the scan reports
  • Assist developers in remediating issues with Security Assessments with respect to OWASP standards.
  • Perform Mobile penetration testing and using Open source tools and validate results by eliminating false positives.
  • Executing vulnerability assessments using tools like Nmap,Nexpose, Nessus & Qualys
  • Providing KT sessions on vulnerabilities and security policies to the different teams.
  • Performing Web application and source code assessments to make sure application are compliant with PCI DSS requirements.
  • Worked on Manual penetration testing using tools like Kalilinux,Metaspoilt,aircrack
  • Participate in daily scrum meetings & security assessment meetings.

Confidential

Senior Security Engineer

Responsibilities:

  • Conducting Web Application Vulnerability Assessment & Threat Modelling, Gap Analysis, secure code review on the applications.
  • Work with different application teams to help them understand the vulnerabilities listed and provide recommendations to fix the same.
  • Used SAST tools (SonarQube) to test source to expose weaknesses in the software before it is deployed.
  • Session with the application teams to understand the application security requirements, application flow, functionality, architecture and the technology.
  • Understanding the OWASP and SANS Top 25 vulnerabilities.
  • Verifying the router performance with the live environment
  • Checking the difference between the vendors routers
  • Responsible for Working on different DSL Technologies
  • Used DAST Tools IBM App scan to test the Web application implemented.
  • Maintained network and ensured that all changes were implemented effectively.
  • Ensured that all data was maintained in accordance to quality requirements.
  • Trained and recommended improvements in process.
  • Prepared guides for performing troubleshoot on system and upgraded procedures accordingly.
  • Configure, monitor and troubleshoot firewalls using CLI commands and GUI interface
  • Configure, implement and troubleshoot IPSec, SSL and remote access VPN
  • Preparing monthly and weekly reports based on the Tool reports
  • Experience with Change management process and Project documentation tools like Excel and VISIO
  • Experience in Network Security like creating Access Lists(ACL), NAT.
  • Managed inventory of all network hardware, Management and Monitoring by use of SSH, Syslog, SNMP, NTP
  • Research, analyze and understand log sources utilized for the purpose of security monitoring, particularly security and networking devices (such as firewalls, routers, anti-virus products, proxies, and operating systems)
  • Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms
  • Support day to day event parsing and repairing of events that have missing or incorrect information, create log source extensions, and flow management
  • Providing KT sessions on Threat modelling and security Projects to the different teams.

Confidential

Security Engineer

Responsibilities:

  • Executed network Vulnerability Assessments using tools to evaluate vulnerabilities.
  • Conducted vulnerability scanning on both internal and external IPs using NMAP and reported the same.
  • Used Network scanning using tools like NMap and Nessus, and Nitko as part of the penetration testing, performed vulnerability testing using tools such as Nessus and OpenVAS.
  • Performing source code analysis to find the vulnerabilities at the code level and providing mitigation techniques to the developers.
  • Worked closely with risk assessment team to provide them with the proof for the vulnerabilities exploited for the final report.
  • Used SAST tools (SonarQube) to test source to expose weaknesses in the software before it is deployed.
  • Used DAST Tools IBM App scan to test the Web application implemented.
  • Prepared Threat modelling reports for the different projects
  • Providing KT sessions on Threat modelling and security Projects to the different teams.
  • Discussing with Mangers and Development Team on the identified vulnerabilities
  • Assigning the priority and Planning for the remediation of the high level Vulnerabilities found during the scan reports
  • Worked on Manual penetration testing using tools like Kalilinux, Metaspoilt, aircrack
  • Generated and presented reports on Security Vulnerabilities to both internal and external customers.
  • Experience in using Kali Linux to do vulnerability assessment with tools like Nessus, and NMap.
  • Regular tracking of threats and vulnerabilities using the Tools and mitigating the issues.

Confidential

Security Engineer

Responsibilities:

  • Conducting Web Application Vulnerability Assessment & Threat Modelling, Gap Analysis, secure code review on the applications.
  • Preparing Test plan, Test cases and Test results..
  • Performed vulnerability scans using Qualys Guard, report findings, create remediation plan
  • Scheduled and execute the Vulnerability Assessments and a Evaluate the results obtained
  • Hands on Experience in conducting web application security scan using IBM Appscan, on daily basis to complete the assessments.
  • Preparing monthly and weekly reports based on the Tool reports

Hire Now