SUMMARY OF EXPERIENCE:

• Over 7+ years of experience in Information Security.
• Experience with NGINX load balancers for creating, configuring the new VIPs, SSL certs, context switching, virtual servers, service groups.
• Involved in troubleshooting network traffic and its diagnosis using Linux operating system servers.
• Established, maintained and configured secure communication using SSL certificate generation and exchange revised and modified as necessary to secureenvironment.
• Experience in manual penetration and application testing .
• Conducted network vulnerability assessments using tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.
• Monitor the security of critical systems (e.g., e - mail servers, database servers, web servers, etc) and changes to highly sensitive computer security controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
• Perform ethical cracks ("hacks") to assess the vulnerabilities of test, Internet, and/or Intranet connected systems, networks, and applications.
• Perform onsite and remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment.
• Identified vulnerabilities posing a high risk to the business and communicated them to the appropriate stakeholders for remediation, resulting in improved security posture and increased attack resiliency.
• Reviewed security architecture specifications and modelled real-world threats against the architecture.
• Hands on experience in conducting Web Application Security scan, Network Penetration Testing and Ethical Hacking using commercial and non-commercial applications and methodologies such as OWASP Top 10, IBM AppScan, Fortify, Burp Suite, DirBuster, Nmap, Nessus, Kali Linux, Metasploit, Accunetix, Hp WebInspect.
• Involved in Software development Life cycle (SDLC) to ensure security controls are in place.
• Proficiency in scripting, Unix operating systems and windows.
• Generate and present reports on security vulnerabilities to both internal and external customers.

TECHNICAL SKILLS

Tools: BurpSuite, DirBuster, OWASP ZAP Proxy, Nmap, Nessus, Kali Linux, Metasploit, Accunetix

Programming languages: Python, PHP

Web technologies: HTML, CSS, XML, JavaScript

Operating system: Kali Linux, Linux, Windows

Database system: MySQL, Oracle,MSSQL

PROFESSIONAL EXPERIENCE

Confidential, Sunnyvale, CA

Web Security Engineer

Responsibilities:

• Collaborated with Internal Network Teams like DNS, Traffic Management and Application development teams in building and delivering the Infrastructure environments in the targeted deadlines.
• Commissioning and decommissioning, configuring URL and Web filtering, monitoring, logging, migrating from one network to other.
• Performed the ACL request changes for various clients by collecting source and destination information from them.
• Understanding of techniques for distributed authentication and identity management
• Created MOPS (Method of procedures) and sought the approval of peers to perform configuration changes.
• Involved in meetings with engineering teams to prepare the configurations according to the client requirement.
• Creation of change tickets and implement according to the customer requirements.
• Worked with different operations groups to implement the comprehensive application monitoring strategy and Patch management.
• Being an active member of Infrastructure team, used to provide solutions to the applications teams and clients with all infrastructural needs.
• Requested, Processed and renewed SSL Certificates from Certificate Authority
• Raised and prioritized the tickets across all the D2P application Environments based on client needs.
• Provided guidelines and assisted the application team in driving the technical design to meet the application requirements.
• Leveraged log indexing tools like Splunk.

Environment: NGINX Load Balancer, Firewalls, DNS, SSL Certificates, Health Checks, Context Switching, Rate Limiting, Linux, Splunk.

Confidential, Boston, MA

Pen tester

Responsibilities:

• Provided security implementation for authorization, by controls like principle of lease privilege, Relinquishing privilege when not in use, Non Guessable tokens, forced browsing.
• Performed semi-automated and manual Web Application and Network Penetration Testing utilizing multiple tools to include Burp Suite, NetSparker, Tenable Nessus, SQLMap, AppDetective, Custom Scripts, metasploit, nmap, netcat, and other tools within the Kali Linux toolset.
• Maintaining and performing all Network configurations.
• Experienced in configuration and debugging applications like Web Server, FTP Server, Firewall Configuration, Mail Server and customization.
• Expertise in Maintaining all the Printer configurations and password protection to all the users’ in order to prevent them from unauthorized access.
• Strong Hands-on Experience in Penetration Testing, Vulnerability Testing, Security Analysis.
• Checking the site vulnerable to SQL injection.
• Identified attacks like SQLi, XSS, CSRF, RFI/LFI, logical issues.
• Experienced in performing user administration activities such as setting up user login Ids and assigning and resetting passwords, locking and unlocking users.
• Using various Firefox add-ons like Flag fox, Live HTTP Header, Tamper data to perform the pen test.
• Network scanning using tools like Nmap and Nessus.
• Diagnosed and troubleshot UNIX and Windows processing problems and applied solutions to increase client security .
• Recommended and implemented "white list" input validation by OWASP's ESAPI that has an extensible library of white list input validation routines.
• Regularly performed research to identify potential vulnerabilities in and threats to existing technologies, and provided timely, clear, technically accurate notification to management of the risk potential and options for remediation.
• Proficient in most application scan penetration tools using commercial and non-commercial applications and methodologies such as OWASP Top 10, IBM Appscan, Hp WebInspect.

Environment: JAVA, PHP, MS SQL, Apache Kali Linux, Burp Suite, Dirbuster, IBM Appscan Enterprise, Nmap, Nessus & Hp WebInspect.

Confidential, Bethpage, NY

Application security Researcher

Responsibilities:

• Analyzed product requirements, outlined test plans and conducted tests.
• Identified vulnerabilities of applications by using proxies like Burpsuite to validate the server side validations.
• OWASP Top 10 Issues identifications like SQLi, CSRF, XSS.
• The ability to balance risk mitigation with business needs.
• Executed different payloads to attack the system using XSS.
• Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, Encryption, Privilege escalations.
• Provided and validated the controls on logging like Authentication, profile modification, logging details, log retention, duration, log location, synchronizing time source, HTTP logging.
• Identified vulnerabilities, recommend corrective measures and ensure the adequacy of existing information security controls.
• Provided detailed reports on the findings of network and application penetration tests including mitigation and remediation activities.
• Educated business unit managers, IT development team, and the user community about risks and security controls.
• Prepared detail practices and procedures on technical processes.
• Participated security research, analysis and design for all client computing systems and the network infrastructure.
• Developed, implemented, and documented formal security programs and policies.

Environment: PHP, ASP, MS SQL, MY-SQL, Apache, OWASP ZAP Proxy, Dirbuster, HP Fortify, Nmap, Metasploit.

Confidential

Security Project Engineer

Responsibilities:

• In-depth understanding of the OSI Reference Model and its security implications.
• Capable of designing, configuring, and maintaining network security devices with adherence to industry, best practice, and PCI standards.
• Experienced in Firewall implementation, firewall management, network management and troubleshooting connectivity, routing, and configuration issues with routers, switches, firewalls.
• Used safe API to avoid the use of interpreter entirely or provides a parameterized interface for preventing Injection.
• Perform operating system, network and application vulnerability assessments to identify security exposures in the environment.
• Checking for uploading java scripts & html tags.
• Checking for source code disclosure exploit.
• Worked in the area of LAN & WAN. Monitoring and optimizing the Network Performance.
• Created, modified & deleted users, roles and assigned appropriate authorizations for application access.
• Established security policies for systems, and designed and managed secure networks for clients.
• Validate Input validations, sessions management, client protocol controls, cryptography, Logging, Information leakage.
• Increased efficiency of risk assessment engagements.
• Researched new attack vectors and mitigating solutions.
• Provided guidance to regional security teams.
• Provided analysis/opinions to senior management/project teams on “hard-to-solve” problems.
• Used Burp Suite, Dirbuster, HP Fortify Nmap tools on daily basis to complete the assessments.
• Engaged with development teams and promote secure design/development early in the SDLC.sec

Environment: JAVA, Asp.net, MySQL, Apache Kali Linux, Burp Suite, Dirbuster, Microsoft Visual Studio, HP Fortify.