SUMMARY

• A cyber security professional with 5 years of experience in Information security and Network security.
• Very good experience in implementing/executing, maintaining application security throughout teh Software development life cycle.
• Good experience in Threat modelling during requirement gathering and design phases.
• Very good hands - on experience in security testing during various phases such as Static application security testing(SAST), Dynamic testing (DAST), and Penetration testing.
• Good experience in requirement/information gathering, automated testing, manual verification, Penetration testing and report generation.
• Hands-on experience with Web application security assessment tools, and vulnerability assessment.
• Very good experience with automated testing tools such as Veracode, Burp suite professional, HPfortify, Web inspect, OWASP ZAP Proxy, and IBM App Scan.
• Good experience in performing secure code review (SCR) of various applications using static code analyzer like HP fortify, and Veracode
• Good experience and understanding teh security compliance/standards such as NIST, SOX, ISO-27002, OWASP Top 10,PCI, PII, HIPAA and SAN 25.
• Very good experience with a cloud-based application such as Salesforce and tradition web application.
• Experienced in profile validation, profile permissions validation, security configuration such as single-sign-on, SAML and from object level to field level security configuration.
• Very good experience with JIRA speciality for communication with developing teh team and teh Salesforce administrator.
• Validated all teh test cases and test results against requirements. Validates resource requirements.
• Decent experience in programming and database languages such as python, MS SQL Server, Oracle DB.
• Experienced with Web service-security testing, RestFul API and SOAP API’s.
• Performed security testing on RestFul API and SOAP API by using SoapUI and POSTMAN desktop application.
• Experienced with SAFE Agile, UML, Object Oriented Programming (OOP) and XML.
• Good experience and noledge in MS Windows Product Suite (MS-Project, MS-Visio, MS-Excel, MS-PowerPoint, and MS-Word).
• Has very good interpersonal skills, proactive, analytical, logical, practical, problem-solving, and smart working.
• Able to work on own initiative or as part of a team, backed by excellent communication skills along with teh capability to solve problems efficiently.
• Very good task initiator, able to work individually and very good collaborator with teh rest of teh team to work smartly and result oriented with proper ideology.

TECHNICAL SKILLS

Vulnerability testing: Tenable Nessus, Nmap, Qualys Guard

Application security & Penetration testing: Websense, IBM Rational AppScan, Burp suite, HP WebInspect, HP Fortify, Sqlmap, Metasploit, Kali Linux, Wireshark, Acunetix automatic Scanner and Nexpose

Methodologies: OWASP Top 10, CWE, NIST, ISO 27002, HIPAA, PTES and SAN 25

Languages: SQL, PL/SQL, Python, Shell Scripting and PERL Scripting

Databases: SQL Server, SQL Developer, SQL Server Management Studio

Programming: Shell scripting, Python Scripting.

Platforms: UNIX (Solaris), Linux (RedHat), Kali Linux, Windows Server

PROFESSIONAL EXPERIENCE

Confidential, Scottsdale, Arizona

Security Engineer / Security Test Engineer

Responsibilities:

• Worked on various projects at client location especially with Salesforce applications and traditional web applications.
• Worked on salesforce profile validation security testing manually on various programs such as Novartis ‘s COSENTYX, NPAF, PANO, AIMOVIG, Sun Pharma, TOBI.
• Worked on Mobile based security testing on COSENTYX application which is a manually based and with teh consideration of OWASP security standards.
• Very good experience with Browser stack for functional testing in terms of security perspective.
• Tested CoPay application manually to find vulnerabilities and remediated with a suitable solution.
• Tested web services/Restful API’s security testing by using SoapUI and Postman desktop application.
• Identifying teh critical, High, Medium, Low vulnerabilities in teh applications based on OWASP Top 10 and prioritizing them based on teh hypercritical.
• Collaborated with engineering team to solve identified security defects in a timely manner.
• Work prioritization around security testing based on requirements.
• Provided technical inputs, system security controls, evaluate and recommended with new and emerging security products and technologies, to support development and monitoring of on-prem and cloud based dynamic environments

Environment: Salesforce, Burpsuite professional, Browserstack, SoapUI, Postman.

Confidential, Dallas, Texas

Penetration tester / Information security Analyst

Responsibilities:

• Worked on Web Application Vulnerability Assessment and Threat Modeling, Gap Analysis, Secure Code Review on teh applications.
• Established vulnerability assessment practice, proactively ensuring teh safety of client-facing applications and minimizing client audit findings.
• Performing security analysis and identifying possible vulnerabilities in teh key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate teh severity of teh system & suggestions to mitigate any exposures & testing non vulnerabilities.
• Identified issues like SQL injection, XSS, CSRF using Burp Suite.
• Identifying teh critical, High, Medium, Low vulnerabilities in teh applications based on OWASP Top 10 and SANS 25 and prioritizing them based on teh hypercritical.
• Responsible for identifying how attacker exploits vulnerabilities during teh dynamic analysis phase.
• Performed security analysis for identifying vulnerabilities and rate teh severity and created vulnerability assessment report.
• Used tools like Nmap, and Burp Suite for performing penetration testing to complete assessments on daily basis.
• Performed through penetration testing on web applications.
• Performed SAST and DAST security testing on production applications.
• Used N-map and Sureness tools to perform network scanning.
• Application Security Review of all teh impacted and non-impacted issues.
• Ensuring compliance with legal and regulatory requirements.
• Identified issues on sessions management, input-validations, output encoding, Logging, Exceptions, Cookie attributes, encryption, Privilege escalations.
• Conducting web application security scan using IBM App Scan, HP web inspects and Acunetix.
• Identified different vulnerabilities of applications by using proxies like Burp suite to validate teh server-side validations.
• Perform periodic network vulnerability assessments to identify weak systems and vulnerabilities.
• Managing and prioritizing multiple tasks in accordance with high-level objectives Perform pen tests on teh different application a week Metasploit to exploit teh systems.

Environment: Burp Suite, OWASP Top 10, SANS Top 25, Kali Linux, QualysGuard, Web Inspect, IBM App Scan, HP Fortify, Metasploit, Nessus, Security Center, App scan Enterprise.

Confidential, Alpharetta, Ga

Penetration tester

Responsibilities:

• Performed Manual Code Review to find logic flaws, which are not identified by Automated Tools.
• Well versed in Understanding Application-Level Vulnerabilities like SQL Injection, XSS, CSRF, Authentication Bypass, Authentication Flaws, Cryptographic Attacks, etc.
• Extensively used Burp Suite, Acunetix Automatic Scanner, and Nmap for Web Application Penetration Testing and Conducted Functional Testing of RSA 2-factor Authentication.
• Conducted Social Engineering Attacks using Backtrack and Kali Linux.
• Worked on Vulnerability Assessment of various web applications used in teh organization using Paros Proxy, Burp Suite and Webscarab.
• Generated and presented reports on Security Vulnerabilities on both internal and external customers.
• Trained development team on teh most common vulnerabilities and common code review issues and explaining teh remediation.
• Interacted with teh customer in understanding teh business issues, requirements, doing exhaustive analysis and providing end-to-end solutions.
• Well versed in Understanding Application-Level Vulnerabilities like SQL Injection, XSS, CSRF, Authentication Bypass, Authentication Flaws, and Cryptographic Attacks.
• Monitored, Analyzed and responded to security incidents in teh infrastructure. Investigate and resolve any security issues found in teh infrastructure as per teh security standards and procedures.
• Executed and craft different payloads to attack teh system for finding vulnerabilities with respect to input validation, authorization checks, etc.
• Daily monitoring teh systems, systems and key processes, reviewing system and application logs, and verifying completion of scheduled jobs such as backups.

Environment: Acunetix, Burp Suite, IBM AppScan, Application Firewall, Paros Proxy, Webscarab, HP Webinspect, Kali Linux.

Confidential, Montgomery, AL

Student Technician

Responsibilities:

• Responsible for installing and supporting network hardware, software, and application on personal computers and Apple computers.
• Handled responsibilities of analyzing hardware and software problems and implemented teh corrective measures.
• Installed and troubleshot Networked Printers.
• Worked on issues related to configuring, troubleshooting and setting up a university email client.
• Assist with password resets and account management.
• Troubleshooting issues related to virus and malware.
• Installing and configuring third-party applications on computers for student use.
• Maintained and secured teh network by using MAC filtering procedures without interruption.
• Technical support to teh students facing network issues connecting to teh university network.
• Experienced in deploying Cisco routers and switches and managing network monitoring services.
• Responsible for monitoring, troubleshooting, configuring, and deploying LAN/WAN solutions.
• Skilled in MS Word, Excel and PowerPoint, Legal Solutions, Internet, and Email.
• Proficiency in handling network monitoring tools and packet capturing tools.
• Adept skills in technical documentation and presentations using Microsoft Visio/ Office.
• Maintained and monitored all teh installed system and teh infrastructure.
• Installed, configured, tested and maintained application software and system management tools.
• Maintained security, backup, and redundancy strategies.
• Installed, troubleshoot, repaired, and maintained Cisco VOIP/Call Manager/Unity/Network equipment on teh LAN/WAN.
• Configured VLANs with 802.1q tagging according to teh server team's requirements.
• Configured and managed Cisco access layer routers and switches, carried out route redistribution & manipulation.
• Configured Client VPN technologies including Cisco's VPN client via IPSEC.

Confidential

Jr. Network Engineer

Responsibilities:

• Performed network monitoring, provided analysis using various tools.
• Support and maintain networking devices, cabling, and standalone systems.
• Proactive monitoring including a weekly review of log files, reports, weekly noledge base updates, to determine teh health and performance of Secure appliances.
• Worked with teh basic communication protocols like TCP/IP, UDP, Ethernet.
• Managed service providers/vendors relationships from a project and technology perspective.
• Managed VPN, IPSec, Endpoint-Security, Status Policy, Application Control, IPS (Tipping Points), Monitoring, Anti-Spam, Smart Provisioning, DLP using Checkpoint Firewalls.
• Troubleshoot using various command tools on Cisco routers and network segments at various OSI layer.
• Tracked, documented, and updated all issues and their solutions using a ticket tracking system.
• Involved in troubleshooting of DHCP and other IP conflict problems.
• Performed troubleshooting of connectivity problems using PING and Traceroute.
• Troubleshoot TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
• Maintained complex LAN/WAN networks with several VLANs and provided support for routing protocols.
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems, worked on Gigabit Ethernet and Fast Ethernet.
• Cisco Routers, Cisco Switches, VLANs, VLAN Trunking, Routing protocols, port security and f5 load balancer.