We provide IT Staff Augmentation Services!

Security Engineer / Security Test Engineer Resume

Scottsdale, ArizonA


  • A cyber security professional with 5 years of experience in Information security and Network security.
  • Very good experience in implementing/executing, maintaining application security throughout teh Software development life cycle.
  • Good experience in Threat modelling during requirement gathering and design phases.
  • Very good hands - on experience in security testing during various phases such as Static application security testing(SAST), Dynamic testing (DAST), and Penetration testing.
  • Good experience in requirement/information gathering, automated testing, manual verification, Penetration testing and report generation.
  • Hands-on experience with Web application security assessment tools, and vulnerability assessment.
  • Very good experience with automated testing tools such as Veracode, Burp suite professional, HPfortify, Web inspect, OWASP ZAP Proxy, and IBM App Scan.
  • Good experience in performing secure code review (SCR) of various applications using static code analyzer like HP fortify, and Veracode
  • Good experience and understanding teh security compliance/standards such as NIST, SOX, ISO-27002, OWASP Top 10,PCI, PII, HIPAA and SAN 25.
  • Very good experience with a cloud-based application such as Salesforce and tradition web application.
  • Experienced in profile validation, profile permissions validation, security configuration such as single-sign-on, SAML and from object level to field level security configuration.
  • Very good experience with JIRA speciality for communication with developing teh team and teh Salesforce administrator.
  • Validated all teh test cases and test results against requirements. Validates resource requirements.
  • Decent experience in programming and database languages such as python, MS SQL Server, Oracle DB.
  • Experienced with Web service-security testing, RestFul API and SOAP API’s.
  • Performed security testing on RestFul API and SOAP API by using SoapUI and POSTMAN desktop application.
  • Experienced with SAFE Agile, UML, Object Oriented Programming (OOP) and XML.
  • Good experience and noledge in MS Windows Product Suite (MS-Project, MS-Visio, MS-Excel, MS-PowerPoint, and MS-Word).
  • Has very good interpersonal skills, proactive, analytical, logical, practical, problem-solving, and smart working.
  • Able to work on own initiative or as part of a team, backed by excellent communication skills along with teh capability to solve problems efficiently.
  • Very good task initiator, able to work individually and very good collaborator with teh rest of teh team to work smartly and result oriented with proper ideology.


Vulnerability testing: Tenable Nessus, Nmap, Qualys Guard

Application security & Penetration testing: Websense, IBM Rational AppScan, Burp suite, HP WebInspect, HP Fortify, Sqlmap, Metasploit, Kali Linux, Wireshark, Acunetix automatic Scanner and Nexpose

Methodologies: OWASP Top 10, CWE, NIST, ISO 27002, HIPAA, PTES and SAN 25

Languages: SQL, PL/SQL, Python, Shell Scripting and PERL Scripting

Databases: SQL Server, SQL Developer, SQL Server Management Studio

Programming: Shell scripting, Python Scripting.

Platforms: UNIX (Solaris), Linux (RedHat), Kali Linux, Windows Server


Confidential, Scottsdale, Arizona

Security Engineer / Security Test Engineer


  • Worked on various projects at client location especially with Salesforce applications and traditional web applications.
  • Worked on salesforce profile validation security testing manually on various programs such as Novartis ‘s COSENTYX, NPAF, PANO, AIMOVIG, Sun Pharma, TOBI.
  • Worked on Mobile based security testing on COSENTYX application which is a manually based and with teh consideration of OWASP security standards.
  • Very good experience with Browser stack for functional testing in terms of security perspective.
  • Tested CoPay application manually to find vulnerabilities and remediated with a suitable solution.
  • Tested web services/Restful API’s security testing by using SoapUI and Postman desktop application.
  • Identifying teh critical, High, Medium, Low vulnerabilities in teh applications based on OWASP Top 10 and prioritizing them based on teh hypercritical.
  • Collaborated with engineering team to solve identified security defects in a timely manner.
  • Work prioritization around security testing based on requirements.
  • Provided technical inputs, system security controls, evaluate and recommended with new and emerging security products and technologies, to support development and monitoring of on-prem and cloud based dynamic environments

Environment: Salesforce, Burpsuite professional, Browserstack, SoapUI, Postman.

Confidential, Dallas, Texas

Penetration tester / Information security Analyst


  • Worked on Web Application Vulnerability Assessment and Threat Modeling, Gap Analysis, Secure Code Review on teh applications.
  • Established vulnerability assessment practice, proactively ensuring teh safety of client-facing applications and minimizing client audit findings.
  • Performing security analysis and identifying possible vulnerabilities in teh key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate teh severity of teh system & suggestions to mitigate any exposures & testing non vulnerabilities.
  • Identified issues like SQL injection, XSS, CSRF using Burp Suite.
  • Identifying teh critical, High, Medium, Low vulnerabilities in teh applications based on OWASP Top 10 and SANS 25 and prioritizing them based on teh hypercritical.
  • Responsible for identifying how attacker exploits vulnerabilities during teh dynamic analysis phase.
  • Performed security analysis for identifying vulnerabilities and rate teh severity and created vulnerability assessment report.
  • Used tools like Nmap, and Burp Suite for performing penetration testing to complete assessments on daily basis.
  • Performed through penetration testing on web applications.
  • Performed SAST and DAST security testing on production applications.
  • Used N-map and Sureness tools to perform network scanning.
  • Application Security Review of all teh impacted and non-impacted issues.
  • Ensuring compliance with legal and regulatory requirements.
  • Identified issues on sessions management, input-validations, output encoding, Logging, Exceptions, Cookie attributes, encryption, Privilege escalations.
  • Conducting web application security scan using IBM App Scan, HP web inspects and Acunetix.
  • Identified different vulnerabilities of applications by using proxies like Burp suite to validate teh server-side validations.
  • Perform periodic network vulnerability assessments to identify weak systems and vulnerabilities.
  • Managing and prioritizing multiple tasks in accordance with high-level objectives Perform pen tests on teh different application a week Metasploit to exploit teh systems.

Environment: Burp Suite, OWASP Top 10, SANS Top 25, Kali Linux, QualysGuard, Web Inspect, IBM App Scan, HP Fortify, Metasploit, Nessus, Security Center, App scan Enterprise.

Confidential, Alpharetta, Ga

Penetration tester


  • Performed Manual Code Review to find logic flaws, which are not identified by Automated Tools.
  • Well versed in Understanding Application-Level Vulnerabilities like SQL Injection, XSS, CSRF, Authentication Bypass, Authentication Flaws, Cryptographic Attacks, etc.
  • Extensively used Burp Suite, Acunetix Automatic Scanner, and Nmap for Web Application Penetration Testing and Conducted Functional Testing of RSA 2-factor Authentication.
  • Conducted Social Engineering Attacks using Backtrack and Kali Linux.
  • Worked on Vulnerability Assessment of various web applications used in teh organization using Paros Proxy, Burp Suite and Webscarab.
  • Generated and presented reports on Security Vulnerabilities on both internal and external customers.
  • Trained development team on teh most common vulnerabilities and common code review issues and explaining teh remediation.
  • Interacted with teh customer in understanding teh business issues, requirements, doing exhaustive analysis and providing end-to-end solutions.
  • Well versed in Understanding Application-Level Vulnerabilities like SQL Injection, XSS, CSRF, Authentication Bypass, Authentication Flaws, and Cryptographic Attacks.
  • Monitored, Analyzed and responded to security incidents in teh infrastructure. Investigate and resolve any security issues found in teh infrastructure as per teh security standards and procedures.
  • Executed and craft different payloads to attack teh system for finding vulnerabilities with respect to input validation, authorization checks, etc.
  • Daily monitoring teh systems, systems and key processes, reviewing system and application logs, and verifying completion of scheduled jobs such as backups.

Environment: Acunetix, Burp Suite, IBM AppScan, Application Firewall, Paros Proxy, Webscarab, HP Webinspect, Kali Linux.

Confidential, Montgomery, AL

Student Technician


  • Responsible for installing and supporting network hardware, software, and application on personal computers and Apple computers.
  • Handled responsibilities of analyzing hardware and software problems and implemented teh corrective measures.
  • Installed and troubleshot Networked Printers.
  • Worked on issues related to configuring, troubleshooting and setting up a university email client.
  • Assist with password resets and account management.
  • Troubleshooting issues related to virus and malware.
  • Installing and configuring third-party applications on computers for student use.
  • Maintained and secured teh network by using MAC filtering procedures without interruption.
  • Technical support to teh students facing network issues connecting to teh university network.
  • Experienced in deploying Cisco routers and switches and managing network monitoring services.
  • Responsible for monitoring, troubleshooting, configuring, and deploying LAN/WAN solutions.
  • Skilled in MS Word, Excel and PowerPoint, Legal Solutions, Internet, and Email.
  • Proficiency in handling network monitoring tools and packet capturing tools.
  • Adept skills in technical documentation and presentations using Microsoft Visio/ Office.
  • Maintained and monitored all teh installed system and teh infrastructure.
  • Installed, configured, tested and maintained application software and system management tools.
  • Maintained security, backup, and redundancy strategies.
  • Installed, troubleshoot, repaired, and maintained Cisco VOIP/Call Manager/Unity/Network equipment on teh LAN/WAN.
  • Configured VLANs with 802.1q tagging according to teh server team's requirements.
  • Configured and managed Cisco access layer routers and switches, carried out route redistribution & manipulation.
  • Configured Client VPN technologies including Cisco's VPN client via IPSEC.


Jr. Network Engineer


  • Performed network monitoring, provided analysis using various tools.
  • Support and maintain networking devices, cabling, and standalone systems.
  • Proactive monitoring including a weekly review of log files, reports, weekly noledge base updates, to determine teh health and performance of Secure appliances.
  • Worked with teh basic communication protocols like TCP/IP, UDP, Ethernet.
  • Managed service providers/vendors relationships from a project and technology perspective.
  • Managed VPN, IPSec, Endpoint-Security, Status Policy, Application Control, IPS (Tipping Points), Monitoring, Anti-Spam, Smart Provisioning, DLP using Checkpoint Firewalls.
  • Troubleshoot using various command tools on Cisco routers and network segments at various OSI layer.
  • Tracked, documented, and updated all issues and their solutions using a ticket tracking system.
  • Involved in troubleshooting of DHCP and other IP conflict problems.
  • Performed troubleshooting of connectivity problems using PING and Traceroute.
  • Troubleshoot TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
  • Maintained complex LAN/WAN networks with several VLANs and provided support for routing protocols.
  • Involved in troubleshooting of DNS, DHCP and other IP conflict problems, worked on Gigabit Ethernet and Fast Ethernet.
  • Cisco Routers, Cisco Switches, VLANs, VLAN Trunking, Routing protocols, port security and f5 load balancer.

Hire Now