- A cyber security professional with 5 years of experience in Information security and Network security.
- Very good experience in implementing/executing, maintaining application security throughout teh Software development life cycle.
- Good experience in Threat modelling during requirement gathering and design phases.
- Very good hands - on experience in security testing during various phases such as Static application security testing(SAST), Dynamic testing (DAST), and Penetration testing.
- Good experience in requirement/information gathering, automated testing, manual verification, Penetration testing and report generation.
- Hands-on experience with Web application security assessment tools, and vulnerability assessment.
- Very good experience with automated testing tools such as Veracode, Burp suite professional, HPfortify, Web inspect, OWASP ZAP Proxy, and IBM App Scan.
- Good experience in performing secure code review (SCR) of various applications using static code analyzer like HP fortify, and Veracode
- Good experience and understanding teh security compliance/standards such as NIST, SOX, ISO-27002, OWASP Top 10,PCI, PII, HIPAA and SAN 25.
- Very good experience with a cloud-based application such as Salesforce and tradition web application.
- Experienced in profile validation, profile permissions validation, security configuration such as single-sign-on, SAML and from object level to field level security configuration.
- Very good experience with JIRA speciality for communication with developing teh team and teh Salesforce administrator.
- Validated all teh test cases and test results against requirements. Validates resource requirements.
- Decent experience in programming and database languages such as python, MS SQL Server, Oracle DB.
- Experienced with Web service-security testing, RestFul API and SOAP API’s.
- Performed security testing on RestFul API and SOAP API by using SoapUI and POSTMAN desktop application.
- Experienced with SAFE Agile, UML, Object Oriented Programming (OOP) and XML.
- Good experience and noledge in MS Windows Product Suite (MS-Project, MS-Visio, MS-Excel, MS-PowerPoint, and MS-Word).
- Has very good interpersonal skills, proactive, analytical, logical, practical, problem-solving, and smart working.
- Able to work on own initiative or as part of a team, backed by excellent communication skills along with teh capability to solve problems efficiently.
- Very good task initiator, able to work individually and very good collaborator with teh rest of teh team to work smartly and result oriented with proper ideology.
Vulnerability testing: Tenable Nessus, Nmap, Qualys Guard
Application security & Penetration testing: Websense, IBM Rational AppScan, Burp suite, HP WebInspect, HP Fortify, Sqlmap, Metasploit, Kali Linux, Wireshark, Acunetix automatic Scanner and Nexpose
Methodologies: OWASP Top 10, CWE, NIST, ISO 27002, HIPAA, PTES and SAN 25
Languages: SQL, PL/SQL, Python, Shell Scripting and PERL Scripting
Databases: SQL Server, SQL Developer, SQL Server Management Studio
Programming: Shell scripting, Python Scripting.
Platforms: UNIX (Solaris), Linux (RedHat), Kali Linux, Windows Server
Confidential, Scottsdale, Arizona
Security Engineer / Security Test Engineer
- Worked on various projects at client location especially with Salesforce applications and traditional web applications.
- Worked on salesforce profile validation security testing manually on various programs such as Novartis ‘s COSENTYX, NPAF, PANO, AIMOVIG, Sun Pharma, TOBI.
- Worked on Mobile based security testing on COSENTYX application which is a manually based and with teh consideration of OWASP security standards.
- Very good experience with Browser stack for functional testing in terms of security perspective.
- Tested CoPay application manually to find vulnerabilities and remediated with a suitable solution.
- Tested web services/Restful API’s security testing by using SoapUI and Postman desktop application.
- Identifying teh critical, High, Medium, Low vulnerabilities in teh applications based on OWASP Top 10 and prioritizing them based on teh hypercritical.
- Collaborated with engineering team to solve identified security defects in a timely manner.
- Work prioritization around security testing based on requirements.
- Provided technical inputs, system security controls, evaluate and recommended with new and emerging security products and technologies, to support development and monitoring of on-prem and cloud based dynamic environments
Environment: Salesforce, Burpsuite professional, Browserstack, SoapUI, Postman.
Confidential, Dallas, Texas
Penetration tester / Information security Analyst
- Worked on Web Application Vulnerability Assessment and Threat Modeling, Gap Analysis, Secure Code Review on teh applications.
- Established vulnerability assessment practice, proactively ensuring teh safety of client-facing applications and minimizing client audit findings.
- Performing security analysis and identifying possible vulnerabilities in teh key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate teh severity of teh system & suggestions to mitigate any exposures & testing non vulnerabilities.
- Identified issues like SQL injection, XSS, CSRF using Burp Suite.
- Identifying teh critical, High, Medium, Low vulnerabilities in teh applications based on OWASP Top 10 and SANS 25 and prioritizing them based on teh hypercritical.
- Responsible for identifying how attacker exploits vulnerabilities during teh dynamic analysis phase.
- Performed security analysis for identifying vulnerabilities and rate teh severity and created vulnerability assessment report.
- Used tools like Nmap, and Burp Suite for performing penetration testing to complete assessments on daily basis.
- Performed through penetration testing on web applications.
- Performed SAST and DAST security testing on production applications.
- Used N-map and Sureness tools to perform network scanning.
- Application Security Review of all teh impacted and non-impacted issues.
- Ensuring compliance with legal and regulatory requirements.
- Identified issues on sessions management, input-validations, output encoding, Logging, Exceptions, Cookie attributes, encryption, Privilege escalations.
- Conducting web application security scan using IBM App Scan, HP web inspects and Acunetix.
- Identified different vulnerabilities of applications by using proxies like Burp suite to validate teh server-side validations.
- Perform periodic network vulnerability assessments to identify weak systems and vulnerabilities.
- Managing and prioritizing multiple tasks in accordance with high-level objectives Perform pen tests on teh different application a week Metasploit to exploit teh systems.
Environment: Burp Suite, OWASP Top 10, SANS Top 25, Kali Linux, QualysGuard, Web Inspect, IBM App Scan, HP Fortify, Metasploit, Nessus, Security Center, App scan Enterprise.
Confidential, Alpharetta, Ga
- Performed Manual Code Review to find logic flaws, which are not identified by Automated Tools.
- Well versed in Understanding Application-Level Vulnerabilities like SQL Injection, XSS, CSRF, Authentication Bypass, Authentication Flaws, Cryptographic Attacks, etc.
- Extensively used Burp Suite, Acunetix Automatic Scanner, and Nmap for Web Application Penetration Testing and Conducted Functional Testing of RSA 2-factor Authentication.
- Conducted Social Engineering Attacks using Backtrack and Kali Linux.
- Worked on Vulnerability Assessment of various web applications used in teh organization using Paros Proxy, Burp Suite and Webscarab.
- Generated and presented reports on Security Vulnerabilities on both internal and external customers.
- Trained development team on teh most common vulnerabilities and common code review issues and explaining teh remediation.
- Interacted with teh customer in understanding teh business issues, requirements, doing exhaustive analysis and providing end-to-end solutions.
- Well versed in Understanding Application-Level Vulnerabilities like SQL Injection, XSS, CSRF, Authentication Bypass, Authentication Flaws, and Cryptographic Attacks.
- Monitored, Analyzed and responded to security incidents in teh infrastructure. Investigate and resolve any security issues found in teh infrastructure as per teh security standards and procedures.
- Executed and craft different payloads to attack teh system for finding vulnerabilities with respect to input validation, authorization checks, etc.
- Daily monitoring teh systems, systems and key processes, reviewing system and application logs, and verifying completion of scheduled jobs such as backups.
Environment: Acunetix, Burp Suite, IBM AppScan, Application Firewall, Paros Proxy, Webscarab, HP Webinspect, Kali Linux.
Confidential, Montgomery, AL
- Responsible for installing and supporting network hardware, software, and application on personal computers and Apple computers.
- Handled responsibilities of analyzing hardware and software problems and implemented teh corrective measures.
- Installed and troubleshot Networked Printers.
- Worked on issues related to configuring, troubleshooting and setting up a university email client.
- Assist with password resets and account management.
- Troubleshooting issues related to virus and malware.
- Installing and configuring third-party applications on computers for student use.
- Maintained and secured teh network by using MAC filtering procedures without interruption.
- Technical support to teh students facing network issues connecting to teh university network.
- Experienced in deploying Cisco routers and switches and managing network monitoring services.
- Responsible for monitoring, troubleshooting, configuring, and deploying LAN/WAN solutions.
- Skilled in MS Word, Excel and PowerPoint, Legal Solutions, Internet, and Email.
- Proficiency in handling network monitoring tools and packet capturing tools.
- Adept skills in technical documentation and presentations using Microsoft Visio/ Office.
- Maintained and monitored all teh installed system and teh infrastructure.
- Installed, configured, tested and maintained application software and system management tools.
- Maintained security, backup, and redundancy strategies.
- Installed, troubleshoot, repaired, and maintained Cisco VOIP/Call Manager/Unity/Network equipment on teh LAN/WAN.
- Configured VLANs with 802.1q tagging according to teh server team's requirements.
- Configured and managed Cisco access layer routers and switches, carried out route redistribution & manipulation.
- Configured Client VPN technologies including Cisco's VPN client via IPSEC.
Jr. Network Engineer
- Performed network monitoring, provided analysis using various tools.
- Support and maintain networking devices, cabling, and standalone systems.
- Proactive monitoring including a weekly review of log files, reports, weekly noledge base updates, to determine teh health and performance of Secure appliances.
- Worked with teh basic communication protocols like TCP/IP, UDP, Ethernet.
- Managed service providers/vendors relationships from a project and technology perspective.
- Managed VPN, IPSec, Endpoint-Security, Status Policy, Application Control, IPS (Tipping Points), Monitoring, Anti-Spam, Smart Provisioning, DLP using Checkpoint Firewalls.
- Troubleshoot using various command tools on Cisco routers and network segments at various OSI layer.
- Tracked, documented, and updated all issues and their solutions using a ticket tracking system.
- Involved in troubleshooting of DHCP and other IP conflict problems.
- Performed troubleshooting of connectivity problems using PING and Traceroute.
- Troubleshoot TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
- Maintained complex LAN/WAN networks with several VLANs and provided support for routing protocols.
- Involved in troubleshooting of DNS, DHCP and other IP conflict problems, worked on Gigabit Ethernet and Fast Ethernet.
- Cisco Routers, Cisco Switches, VLANs, VLAN Trunking, Routing protocols, port security and f5 load balancer.