We provide IT Staff Augmentation Services!

Security Engineer Resume

3.00/5 (Submit Your Rating)

Phoenix, ArizonA

PROFESSIONAL SUMMARY:

  • An Information security professional with 8+ years of experience in vulnerability assessment and, penetration testing on various applications, across different domains
  • Exceptionally analytic individual with vast experience in determining possible network exploits by delving deep into different computer software and systems.
  • Hands - on experience in reviewing and defining requirements for information security solutions.
  • Deep insight into conducting formal tests on web-based applications and networks, using deep assessment parameters.
  • Hands-on all possible mitigation techniques.
  • Excellent knowledge in CWE, OWASP Top 10 2010, and WASC THREAT CLASSIFICATION 2.0 methodologies.
  • Broad knowledge of various security compliance programs such as Sensitive rmation Management, PCI compliance, and Threat Management.
  • Involvement in various web application security testing tools like Fortify, Metasploit, Burp Suite, SQL map, OWASP ZAP Proxy, Nessus, Nmap and IBM QRadarSEIM Tool.
  • Experience in various Software Development Languages like Java, C++, etc.
  • Vulnerability Assessment includes analysis of bugs in various applications spread across N-tier on various domains by using both manual and Automation tools.
  • Sound knowledge and industry experience in Vulnerability Assessment and Penetration Testing on WEB based Applications, Mobile based application and Infrastructure penetration testing.
  • Having Good knowledge in gathering requirements from stakeholders, Constructing RFP/RFQs, devising and planning and strong technical understanding of vulnerabilities, and how attackers can exploit vulnerabilities to compromise systems.
  • Experience using a wide variety of security tools to include Kali-Linux, Metasploit, Burp Suite Pro, Wireshark, Rapid7Nessus, Web Inspect, Nmap, Cain and Abel, Nitko, Dirbuster, IBM AppScan, Nessus, Open Vas, W3AF, BeEF, Etthercap, Maltego.
  • Experience in Threat Modeling during Requirement gathering and Design phases.
  • Experience with Security Risk Management with TCP-based networking.
  • Knowledge of Public Key Infrastructure (PKI) and, the different transportation algorithms.

TECHNICAL SKILLS:

Tools: Burp-Suit, DIR-Buster, IBM App Scan, SQL Map, Acunetix Web Scanner, SQL Injection Tools, Havij, CSRF Tester and Kali Linux, HP Fortify

Network Tools: N-Map, Nessus, Wire Shark, Sandboxie, etc.

Programming Languages: Java, HTML5, CSS3

Development Tools: NetBeans IDE 8.0.2, Visual Studio, MS Office Suite, GitHub, Bit Bucket, Tableau

Databases: MySQL, Oracle, MS SQL

Operating Systems: Windows XP/7/8, OSx, Windows Server 2008

Collaboration Tools: Trello, Slack

PROFESSIONAL EXPERIENCE:

Confidential, Phoenix, Arizona

Security Engineer

Responsibilities:

  • Have worked with a team of individuals dedicated for conducting research, attack detection and build mitigation techniques for threats posed in network and application layers.
  • Conducted application penetration testing over various business applications.
  • Responsible for assessing the controls to identify gaps and to design and analyze segregation of duties, least privilege for that application.
  • Performed functional testing of security solutions like RSA 2-factor Authentication, Novell Single Sign-on, Data Loss Prevention (DLP), etc.
  • Enforced Password Cracking tests over the administrator and user accounts to evaluate the strength of passwords used.
  • Used John the Ripper, RainbowCrack, Hydra, Ophcrack for Password cracking tests.
  • Conducted testing over the applications to comply with PCI DSS Standards.
  • Capturing and analyzing network traffic at all layers of OSI model.
  • Built a Management Evaluation Environment utilized to address the business requirements and risks involved to mitigate or decrease the intensity of threat exploitation.
  • Monitoring and analyzed the security logs and applications data logs from NIDS and Application Firewall using SPLUNK.
  • Logging security incidents and conducting Root Cause Analysis.
  • Performed Vulnerability Assessments using Paros Proxy, Burp Suite, WebScarab, Yasca, Maltego.
  • I have evaluated the Bank's requirements using various Scanning Tools both on-site and remote locations.
  • Assisting in review of business solution architectures from security point of view which helps avoiding security related issues/threats at the early stage of project
  • Effectively communicated the security issues with the security engineers and non-technical personnel from different domains.
  • Re-evaluated the issues to ensure the closure of vulnerabilities addressed during analysis phase.
  • Conducted analysis using Kali Linux environment and effectively neutralized DOS, DDOS, XSS and SQL Injection Attacks.

Environment: RSA 2-factor Authentication, Novell Single Sign-on, Data Loss Prevention (DLP), John the Ripper, RainbowCrack, Hydra, Ophcrack, network traffic at all layers of OSI model, NIDS, Application Firewall, SPLUNK, Paros Proxy, Burp Suite, WebScarab, Yasca, Maltego and Kali Linux.

Confidential

Application Security Tester

Responsibilities:

  • Conducted application penetration testing of 10+ business applications
  • Conducted Vulnerability Assessment on Various Applications.
  • Acquainted with various approaches to Grey & Black box security testing
  • Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws etc.
  • Conducted security assessment of PKI Enabled Applications.
  • Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Havij, DirBuster for web application penetration tests.
  • Generated and presented reports on Security Vulnerabilities to both internal and external customers.
  • Manual and Dynamic penetration testing of web applications using Burp Suite and AppScan.
  • Configuration of the IBM AppScan tool to meet individual scanning requirements
  • Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
  • Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, and Web Scarab, YASCA, HP Web Inspect.
  • the development team on the most common vulnerabilities and common code review issues and explaining the remediation.
  • Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.
  • Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing System

Environment: Vulnerability Assessment, Application level vulnerabilities, PKI Enabled Applications, Burp Suite, Acunetix Automatic Scanner, Nmap, Havij, DirBuster, Paros Proxy, Web Scrab, Yasca, HP Web Inspect.

Confidential

Security Engineer

Responsibilities:

  • Established vulnerability assessment practice, proactively ensuring safety of client-facing applications and minimizing client audit findings.
  • Performing security analysis and identifying possible vulnerabilities in the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities.
  • Having real time experience in DDos, Sql Injection protection, XSS protection, script injection and major hacking protection techniques
  • To address and integrate Security in SDLC by following techniques like Threat Modeling, Risk
  • Management, Logging, Penetration Testing, etc.
  • Providing fixes & filtering false findings for the vulnerabilities reported in the scan reports.
  • Adding new vulnerabilities to the Vulnerability Database for various platforms with proper exploits.
  • Scan Networks, Servers, and other resources to validate compliance and security issues using numerous tools.
  • Assisting in preparation of plans to review software components through source code review or application security review
  • Assist developers in remediating issues with Security Assessments with respect to OSWASP standards.

Confidential

 Jr. Security Engineer

Responsibilities:

  • Established vulnerability assessment practice, proactively ensuring safety of client-facing applications and minimizing client audit findings.
  • Performing security analysis and identifying possible vulnerabilities in the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities.
  • Having real time experience in DOS, DDOS, SQL Injection protection, XSS protection, script injection and major hacking protection techniques
  • Supported to address and integrate Security in SDLC by following techniques like Threat Modeling, Risk Management, Logging, Penetration Testing, etc.
  • Providing fixes & filtering false findings for the vulnerabilities reported in the scan reports.
  • Adding new vulnerabilities to the Vulnerability Database for various platforms with proper exploits.
  • Scan Networks, Servers, and other resources to validate compliance and security issues using numerous tools
  • Assisting in preparation of plans to review software components through source code review or application security review
  • Assist developers in remediating issues with Security Assessments with respect to OSWASP standards.

Environment: DOS, DDOS, SQL Injection protection, XSS protection, script injection, major hacking protection techniques, Threat Modeling, Risk Management, Logging, Penetration Testing, and Application Security review, Security Assessments.

We'd love your feedback!