SUMMARY

• A dedicated Security professional wif 5+ years of work experience in teh field of Information and Cyber Security wif a strong aptitude in Network Security, seeking good time opportunity to enhance my knowledge and contribute to overall development of teh organization.
• Involved in Software development Life cycle (SDLC) to ensuresecuritycontrols are in place.
• Analyze teh results of penetrations tests, design reviews, source code reviews and othersecuritytests. Decide on wat to remediate and wat to risk accept based onsecurityrequirements.
• Experience onSecurityRisk Management wif TCP - based networking. Good knowledge on TCP/IP, Firewalls, LAN/WAN, IDS/IPS.
• Proficiency wif Dynamic Application assessment of web, Static applicationsecurity, Network, Mobile, SSRS and client-server applications, Threat modeling and Resource management.
• Good working experience on various tools for Vulnerability assessment like DirBuster, Burp Suite, Nmap, Nessus, Kali Linux, IBM Appscan, SQL MAP.
• Strong understanding of static analysis, dynamic analysis, fuzzing, OWASP top 10, SANS/CWE top 25 and vulnerability scanning.
• Having good experience in Secure SDLC and Source Code Analysis (Manual & Tools) on WEB based Applications.
• Updated risk assessments business to reflect regulatory and business changes, as well as teh impact of audit, compliance testing, and regulatory exam results on risk assessments.
• Proficient in Penetration testing based on OWASP Top 10 vulnerabilities like XSS, SQL injection, CSRF, Source code review assessment.
• Experienced in documenting, analyzing business reports and Functional Specification documents to maintain teh quality and quantity of output.
• Good Knowledge in Java, JavaScript, SQL, PL /SQL stored procedures.
• Proficient in securing webservers such as IIS, Apache http server.
• Strong Network Communications, Systems & ApplicationSecurity(software) background looking forward for implementing, creating, managing and maintaining informationsecurityframeworks for large scale challenging environments.
• Experienced wif RSADLP, as well as SymantecDLPversions 12.5, 14.0, 14.5, and 14.6
• Have an experience of handling source code reviews in C, C++ technologies in various projects.
• Updated wif teh new hackings and latest vulnerabilities to ensure no such loopholes are present in teh existing system.
• Proven Knowledge on Agile, Scrum, and other software development methodologies.
• Provide consultative support wif implementation of remediation steps, standards, and best practices.

TECHNICAL SKILLS

Tools: Burp proxy, Paros proxy, Wireshark, Web Scarab, Nmap, Metasploit, BurpSuite, SQLmap, OWASP ZAP Proxy and HP Fortify, IBM AppScan, Acunetix Web Scanner, Kali Linux, SSL Scan, Live http header.

Technologies: C, C++, HTML, JavaScript.

Platforms: Windows XP/Vista/ 7/ 8.1/10, Windows Server 2000/2003, UNIX.

Database: My SQL 5.0, MS SQL SERVER 2016/ 2012/ 2008 R2, Oracle 12c/ 11g, 10g, 9i, DB2.

Packages: MS-Office 2016/ 2014, MS Access, MS Visio.

Network Tools: Nmap, WireShark, Nessus, Rapid7, Core Impact.

PROFESSIONAL EXPERIENCE

Confidential, Spartanburg, SC

Security Analyst

Responsibilities:

• Conduct penetration testing on web applications, mobile applications and web services to ensure teh compliance requirements are met.
• Responsible to assess thesecuritycontrols of web applications to identify gaps.
• DAST on internal, public facing business critical applications using Rapid 7 AppSpider.
• Conducted ManualSecurityassessments using Burp Suite Professional to identify critical issues like SQLi, Stored XSS, CSRF, IDOR, Privilege Escalation, Business logic flaws etc.
• Categorize teh risk ratings of teh findings based on Threat agents, likelihood and impact on organization and calculated CVSS Score.
• Perform validation on design features to test authentication, authorization, accountability of web applications.
• Conducted Input validations, sessions management, client protocol controls, cryptography, Insecure Logging practices, Information leakage.
• Focused onSecurityIncident Management, Detection, Investigation, Technical Response & Reporting.
• Assist wif teh development of process and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
• Assist InformationSecurityEngineers in troubleshooting and resolution of critical issues and collaborate wif other ITsecurityprofessionals to provide exceptional support and problem resolution as a member of SOC
• Perform Static code analysis during teh development phase to identifysecurityissues prior to deployment.
• Validate teh false positives and report teh issues
• Performed manualsecurityassessments to rule out false positives generated by automated tools.
• Reproduce and Re-test teh identified issues and worked wif concerned teams in closure of findings.
• Involve in requirements gathering and analysis phases of project to understand application functionality.
• Actively involved in teh release management process to ensure all teh changes of teh application had gone tosecurityassessment
• Collaborate in developing and testing scripts to automate static test cases.

Confidential, Fortworth, TX

Information Security Analyst

Responsibilities:

• Monitoring activity using Splunk, QRadar (SIEM) and managing logs. Troubleshooting and escalatingsecurityalerts like malware MacAfee ePO.
• Conduct varioussecurityscans like Web application scans, Network Vulnerability scans, Port scanning, Host and Database scan, using a variety of tools like Nmap, Nessus, Nexpose.
• Conducted systemsecurityassessments based on FISMA, NIST and HIPPA/PCI DSS Compliance.
• Experienced in endpointsecuritythrough DLP and McAfee EPO for penetration testing found vulnerabilities.
• Evaluate, Prepare and deliver a comprehensive assessment to outline teh risk, analyse findings and offer strategic and tactical recommendations to management.
• Developed custom SIEM deliverables in Splunk/McAfee/QRadar/ArcSight to meet customer needs in a variety of domains: ITsecurity, financial, IT ops, human resources, physicalsecurity, etc.
• Maintain data and monitorsecurityaccess and coordinatesecurityplans wif outside vendors and perform Risk analysis andSecurityassessments.
• Operate and maintain ITSecuritycontrols related to SIEM, DLP, Vulnerability Management, Cyber Threat Intelligence, Endpoint Protection, Cryptography algorithm, IPS, IDS.
• Contributed in providing secure environments for our clients regarding PCI compliance.
• Experienced of OWASP top 10 vulnerabilities
• Created custom searches, custom reports, rules, sets and maps.
• Worked on PCI, SOX and HIPPAsecuritybaseline support as InformationSecurityProfessional
• Validate criticalsecuritycontrols wif critical patches,securitysettings and Vulnerability management securityconfiguration policies.

Confidential

 Jr. Information Security Analyst

Responsibilities:

• Performed vulnerability scanning on web applications and databases to identifysecuritythreats and vulnerabilities. (Nexpose, Nessus).
• ConductedSecurityRisk Assessment on all new applications, IT Systems or changes to existing IT systems to verify if they satisfy establishedsecuritybaseline before adoption into Corporate Regional offices.
• Responsibility for policy configuration for all teh McAfee components and teh same is deployed to teh clients.
• Worked on setting up Windows Access permission for clients on teh respective servers.
• Working knowledge and ability to troubleshoot Operating Systems: Windows Desktop/Server, Linux.
• Applied techniques by using Splunk to identify Vulnerabilities in teh Clients Network and further installedsecuritypatches.
• Monitor Threats andSecurityevents on McAfee and Bit 9.
• Ensure teh issues identified are reported as per teh reporting standards and communicate teh findings wif teh development team.
• Demonstrate teh PoC of identified vulnerability to project team, product owners and provide remediation steps to teh team
• Installed and applied QualysGuard appliances and ran various standard reports.
• Foot printing, Scanning, Sniffing and monitoring Network activities by using Open source & commercial tools like (Wire shark, Nmap).
• Generated log reports from DLP solutions to analyze and mitigatesecuritygaps
• Expertise in virtual server technology (VMWare, Virtual Box).
• Installing, Configuring of Networking Equipment's: Routers and Switches and LAN/WAN design, implementation and optimization using routers and switches.
• Configure and Implement Remote Access Solution: IPSEC VPN, Remote Access.
• Conducted evaluation of intranets and firewalls on a regular basis.