SUMMARY

• Resourceful Security Analyst with hands on approach and mindset for implementing security in every phase of SDLC.
• Over 8 years of experience in the IT industry and 2+ years of hands - on experience in security analysis and vulnerability assessment.
• Knowledge of DAST and web application security testing tools like IBM Appscan, Burp Suite, Sqlmap, OWASP ZAP Proxy, HP Fortify, Datatheorem and Whitehat.
• Knowledge of network security and SAST tools like Checkmarx, Nmap and Nessus.
• Identified flaws like Injection, XSS, Insecure direct object reference, Security Misconfiguration, Sensitive data exposure, Functional level access control, CSRF, Unvalidated redirects.
• Experience in identifying flaws and prioritizing as High, Medium and Low based on OWASP Top 10 and SANS 25.
• Experience in being an excellent liaison between the product development team and the company’s operations, design, and security teams.
• Experience in reporting the identified issues in the industry standard framework. Closely working with the product development teams to resolve, remediate and retest security issues with consistent vulnerability management process.
• Looking for a position as a Security Analyst performing securityaudits, risk analysis, vulnerability assessments and penetration testing.
• Excellent written and verbal communication skills and ability to work in large and small teams as well as independently.
• Thriving efficiently and productively in the remote work environment over the past year.
• Over 6 years of past experience as a UX/UI designer creating hundreds of product designs, web assets and social media user experience and user interface.
• Elaborate experience in Adobe design tools and product photography. Excellent at keeping up to date with latest technology.

TECHNICAL SKILLS

• Knowledge of OWASP Top 10 and SANS Top 25, VulnerabiltyAssesment
• Risk Management, Remediation and Mitigation plans, IBM App Scan
• Burp Suite, Live HTTP Header, BurpSuite, DAST, SAST, SIEM, Checkmarx
• Veracode, Nmap, Whitesource, Whitehat, Datatheorem, Tamper data, DB Protect
• Cenzic Hailstorm, WebScarab, SOAPUI, HP Web Inspect, HP Fortify, Sqlmap, SOAPUI

PROFESSIONAL EXPERIENCE

Application Security Engineer

Confidential

Responsibilities:

• Vulnerability management and risk assessment champion for leading event management software and applications.
• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on severity, risk and impact.
• Security assessment of online applications to identify the vulnerabilities in different categories like security misconfiguration, Input and Data Validation, Output Encoding and Escaping, Authentication, Authorization, Sensitive Data Exposure, Vulnerable components, etc.
• Vulnerability Assessment of various web applications used in the organization using Burp Suite, IBM AppScan, Live HTTP Headers, HP Web Inspect.
• Using ticket tracking and data analysis tools like Jira, Tableau and DefectDojo to track and manage vulnerabilities, and to report on consistent improvement of the Security posture of applications.
• Regularly coordinate with product developers to ensure remediation of the reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.
• Security testing of APIs using SOAP UI and Rest client for Rest Web services.
• On boarding and integration implementationof various micro services and web services repos on the SAST tool Checkmarx.
• Source Code review and Static Code analysis of the applications using Checkmarx tool. Verifying and triaging false positives and true positives from the scan results and providing remediation guidelines.
• Training the development team on common vulnerabilities, common code review issues and explaining remediations and secure coding best practices.
• Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure with consistent vulnerability management.
• Implementing processes for security roadmap and a Secure SDLC with an approach to shift security left in the software development life cycle.
• Threatmodeling using tool like Threatmodeler, working closely with the architecture team to provide a secure infrastructure from the planning and design phase.
• Procurement and management of third party vendors for any necessary certifications or security reports as required for compliance for all applications.
• Working closely with vendors and security researchers for the bug bounty programs and assessing findings from vulnerability reporting platforms.

Application Security Analyst

Confidential

Responsibilities:

• Experience security testing web applications based on OWASP top 10 and SANS top 25.
• Developing process and documentation for testing accurate security standards and quality engineering measures for web applications used in the company.
• Collaborated with the company’s management and the design and development teams to create a partnership and communication based on appropriate expectations.
• Created documentation and process for adopting IT security industry standards and security best practices.
• Hands-on experience in application security, vulnerability assessments and OWASP Top 10 along with different security testing tools.

User Experience Designer

Confidential

Responsibilities:

• Led the product development and design process alongside the Creative Director to develop a cohesive brand identity and intuitive user experience and UI design for the company.
• Worked closely with the development team to ensure quality and accuracy of the UI/UX Design along with application security standards.
• Collaborated with the company’s operations team, and develop IT security standards and advise on best practices.
• Good experience in Web technologies like HTTP, HTML, CSS, Forms, Database Connectivity.
• Hands-on experience in application security, vulnerability assessments and OWASP Top 10 along with industry standard security testing tools.
• Mentored a team of junior designers and interns, teaching them company processes and industry standards for software use and best practices.
• Managed multiple assignments under tight deadlines with extreme attention to detail while efficiently managing time, workflow and schedule.

Senior Graphic Designer

Confidential

Responsibilities:

• Led the design process alongside the Creative Director to develop a cohesive brand identity, logo, brand guidelines and assets for web, print and production including interactive catalog, marketing material.
• Developed User Centric Design of the UX/UI for the company website and social media presence.
• Led the creative direction for the email marketing and online campaigns for the marketing team.
• Designed successful graphic layouts for digital and print media and the marketing team using my strong understanding of grids, typography and hierarchy of information.
• Art direction, production, photography and editing for jewelry and all company product lines.
• Created innovative techniques to maintain a smooth workflow while keeping in mind the opportunities and constraints of current technology and design trends in the visual communication industry.
• Participated in the product development and design processes with the VP and creative director.
• Led a team of junior designers and interns, teaching them company processes and industry standards for software use and proper pre-press and online preparation.
• Experienced in pre-flight files production for techniques such as sublimation, laser engraving, etching, sand blasting and others.
• Managed multiple assignments under tight deadlines with extreme attention to detail while efficiently managing time, workflow and schedule.