SUMMARY

• Over 6+ years of experience in Information Security.
• Experience in manual penetration and application testing and network security tools.
• Conducted network vulnerability assessments using tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.
• Monitor teh security of critical systems (e.g., e - mail servers, database servers, web servers, etc) and changes to highly sensitive computer security controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
• Good noledge of Security Incident handling and Incident response.
• Expose to security vulnerability testing methodologies such as SANS, CWE and OWASP Top 10 vulnerabilities.
• Good noledge on Software Development Life Cycle (SDLC) in various stages of application development.
• Perform ethical cracks ("hacks") to assess teh vulnerabilities of test, Internet, and/or Intranet connected systems, networks, and applications.
• Perform onsite and remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment.
• Knowledge onDynamic and Static Application Security Testing tools (SAST & DAST).
• Identified vulnerabilities posing a high risk to teh business and communicated them to teh appropriate stakeholders for remediation, resulting in improved security posture and increased attack resiliency.
• Reviewed security architecture specifications and modelled real-world threats against teh architecture.
• Hands on experience in conducting Web Application Security scan, Network Penetration Testing and Ethical Hacking using commercial and non-commercial applications and methodologies such as OWASP Top 10, IBM AppScan, Fortify, Burp Suite, DirBuster, Nmap, Nessus, Kali Linux, Metasploit, Accunetix.
• Proficiency in scripting, Unix operating systems and windows.
• Generate and present reports on security vulnerabilities to both internal and external customers.

TECHNICAL SKILLS

Tools: BurpSuite, DirBuster, OWASP ZAP Proxy, Nmap, Nessus, Kali Linux, Metasploit, Accunetix, Nexpose

Programming languages: Python, PHP

Web technologies: HTML, CSS, XML, JavaScript

Operating system: Kali Linux, GNU/Linux, Windows

Database system: MySQL, Oracle,MSSQL

PROFESSIONAL EXPERIENCE

Confidential, Columbia, MD

Information Security/ Vulnerability

Responsibilities:

• Provided security implementation for authorization, by controls like principle of lease privilege, Relinquishing privilege when not in use, Non Guessable tokens, forced browsing.
• Experience in implementing NIST cyber security frame work (NIST 800-53 controls) and verifying post implementation.
• Performing security testing according to HIPPA, SOX standards on web applications, databases and servers.
• Participating in security assessments of web applications, systems and networks by manual and automated methodologies.
• Done as-is review on critical business assets and defined to-be controls to be compliant wif NIST
• NIST risk assessment methodology in identifying assets, finding teh vulnerabilities, identifying existing controls and defining teh risk value and suggesting mitigative measures.
• Performed semi-automated and manual Web Application and Network Penetration Testing utilizing multiple tools to include Burp Suite, NetSparker, Tenable Nessus, SQLMap, AppDetective, Custom Scripts, metasploit, nmap, netcat, and other tools wifin teh Kali Linux toolset.
• Used automated tools like OWASP ZAP and Acunetix for detection of web vulnerabilities.
• Defining security requirements based on customer requirements in compliance to regulatory and corporate policies like EU privacy laws etc.,
• Maintaining and performing all Network configurations.
• Experienced in configuration and debugging applications like Web Server, FTP Server, Firewall Configuration, Mail Server and customization.
• Expertise in Maintaining all teh Printer configurations and password protection to all teh users’ in order to prevent them from unauthorized access.
• Strong Hands-on Experience in Penetration Testing, Vulnerability Testing, Security Analysis.
• Checking if teh site vulnerable to SQL injection.
• Analysing software security vulnerabilities by using HP-Fortify Static Code Analyzer.
• Identified attacks like SQLi, XSS, CSRF, RFI/LFI, logical issues.
• Experienced in performing user administration activities such as setting up user login Ids and assigning and resetting passwords, locking and unlocking users.
• Using various Firefox add-ons like Flag fox, Live HTTP Header, Tamper data to perform teh pen test and also network scanning tools like nmap, Nessus.
• Diagnosed and troubleshot UNIX and Windows processing problems and applied solutions to increase client security.
• Regularly performed research to identify potential vulnerabilities in and threats to existing technologies, and provided timely, clear, technically accurate notification to management of teh risk potential and options for remediation.
• Proficient in most application scan penetration tools using commercial and non-commercial applications and methodologies such as OWASP Top 10, IBM Appscan.

Environment: JAVA, PHP, MS SQL, Apache Kali Linux, Burp Suite, Dirbuster, IBM Appscan Enterprise, Nmap, Nessus, IP360

Confidential, New York, NY

Application Security Analyst/ Vulnerability

Responsibilities:

• Analyzed product requirements, outlined test plans and conducted tests.
• Supervised product quality tests by conducting penetration testing and security tests.
• Performing dynamic analysis of teh applications by using WebInspect and also testing for security vulnerabilities by using IBM AppScan
• Formulated scripts to test systems and performed validation security testing. performing security testing according to PCI DSS, ISO Standards
• Analyzed teh SSL tests provided by various scan tools.
• Identified vulnerabilities of applications by using proxies like Burpsuite to validate teh server side validations.
• OWASP Top 10 Issues identifications like SQLi, CSRF, XSS.
• Teh ability to balance risk mitigation wif business needs.
• Executed different payloads to attack teh system using XSS.
• Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, Encryption, Privilege escalations.
• Provided and validated teh controls on logging like Authentication, profile modification, logging details, log retention, duration, log location, synchronizing time source, HTTP logging.
• Identified vulnerabilities, recommend corrective measures and ensure teh adequacy of existing information security controls.
• Educated business unit managers, IT development team, and teh user community about risks and security controls.
• Prepared detail practices and procedures on technical processes.
• Participated security research, analysis and design for all client computing systems and teh network infrastructure.
• Developed, implemented, and documented formal security programs and policies.

Environment: PHP, ASP, MS SQL, MY-SQL, Apache, OWASP ZAP Proxy, Dirbuster, HP Fortify, Nmap, Metasploit. Nikto

Confidential

Security Engineer

Responsibilities:

• Interacting wif related technical groups for resolving teh pending hardware problems Provided basic operations and engineering support for information security systems and services, including Windows and Linux servers, endpoint security, computer forensics, vulnerability/penetration assessments, and security information and event management (SIEM).
• In-depth understanding of teh OSI Reference Model and its security implications.
• Capable of designing, configuring, and maintaining network security devices wif adherence to industry, best practice, and PCI standards.
• Done network assessments using IP360 for risk management and compliance process.
• Analysing teh security alerts from Intrusion Detection System(IDP) and Intrusion Prevention System(IPS)
• Analysing teh data loss from Data Loss Prevention (DLP), log analysis on target network
• Experienced in Firewall implementation, firewall management, network management and troubleshooting connectivity, routing, and configuration issues wif routers, switches, firewalls.
• Perform operating system, network and application vulnerability assessments to identify security exposures in teh environment for Incident handling and Incident Response
• Checking for uploading java scripts & html tags and source code disclosure exploit.
• Worked in teh area of LAN & WAN. Monitoring and optimizing teh Network Performance.
• Created, modified & deleted users, roles and assigned appropriate authorizations for application access.
• Established security policies for systems, and designed and managed secure networks for clients.
• Validate Input validations, sessions management, client protocol controls, cryptography, Logging, Information leakage.
• Used burp suite to assess teh traffic between client and teh server.
• Using common analysis tools in finding out teh vulnerabilities in teh network in assessment.
• Researched new attack vectors and mitigating solutions and providing guidance to teh teams.
• Provided analysis/opinions to senior management/project teams on “hard-to-solve” problems.
• Used Burp Suite, Dirbuster, HP Fortify Nmap tools on daily basis to complete teh assessments.

Environment: JAVA, Asp.net, MySQL, Apache Kali Linux, Burp Suite, Dirbuster, Microsoft Visual Studio, HP Fortify, Nmap, Wireshark.