SUMMARY

• Over 8 years of experience in IT professional within Information Security.
• Involved in Software development Life cycle (SDLC) to ensure security controls are in place.
• Experience in Threat Modeling during Requirement gathering and Design phases.
• Responding to inquires/issues from end users related to active directory.
• Experience on vulnerability assessment and penetration testing using various tools like HP web inspect, IBM App Scan, Burpsuite, DirBuster, OWASP ZAP Proxy, NMap, Nessus, Kali Linux, Metasploit, Accunetix
• Experience in C, C++, JAVA & Python
• Undertake interviewing processes and recruit the e - commerce analysts, marketing executives, etc.
• Experience with Security Risk Management with TCP-based networking.
• Experience with TCP/IP, Firewalls, LAN/WAN.
• Experience in Linux system administration.
• Static Code Analysis during development phase.
• A Certified Ethical Hacker.
• A Pen tester with experience of penetration testing on various applications in different domains.
• Penetration testing based on OWASP Top 10.
• A good team player, Inquisitive, good in basic concepts and an excellent team player.
• Performed the gap analysis to identify scenarios like privilege escalation.
• Performed software Licensing audit.
• Interpreted least privilege for applications and segregation of duties.
• SOX Compliance Audit experience on controls like User access management, Change Management, Incident Management.

TECHNICAL SKILLS

Tools: Web Inspect, IBM App Scan, Burp-Suit, Nmap, Nessus, DIR-Buster, SQL Map, Acunetix Web Scanner, SQL Injection Tools AND Kali Linux.

Language: C, C++, Java, Python, .NET &ASP.NET

Web Technologies: HTML, JavaScript

Platforms: Windows 98/2000/XP/Vista/Windows 7, Windows Server 2000/2003

Web Server: Apache, IIS 6.0/7.0

Database: My SQL 5.0, MS Access, MS SQL 2000

Packages: MS - Office, Visual Studio 2005/08/10, E-Draw Max 5.6

Network Tools: Nmap, Wire Shark, Nessus

PROFESSIONAL EXPERIENCE

Confidential, Sunnyvale, CA

Security Analyst

Responsibilities:

• Conducted application penetration testing of 50+ business applications
• Conducted Vulnerability Assessment of Web Applications
• Performed functional testing of security solutions like RSA two factor authentication, Novel single sign on, DLP and SIEM.
• Conducted security assessment of C, C++ & Python Web Applications
• Worked on various business development activities like drafting response to RFP’s and preparing SOW’s documents
• Undertake interviewing processes and recruit the e-commerce analysts, marketing executives, etc
• Identifying and evaluating new marketing opportunities to increase the website traffic and online production
• Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF,authentication bypass, cryptographic attacks, authentication flaws etc
• Skilled using Burp Suite, IBM APP Scan,Acunetix Automatic Scanner, NMAP, Havij, Dirbuster, Qualysguard, Nessus, SQLMapfor web application penetration tests and infrastructure testing.
• Performing onsite & remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment.
• Capturing and analyzing network traffic at all layers of the OSI model.
• Monitor the Security of Critical System (e.g. e-mail servers, database servers, Web Servers, Application Servers, etc.).
• Change Management to highly sensitive Computer Security Controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
• Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System Vulnerabilities and develop remediation plans and Security Procedures.
• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.
• The experience has enabled me to find and address security issues effectively, implement new technologies and efficiently resolve security problems. With having strong Network Communications, Systems & Application Security(software) background looking forward for implementing, creating, managing and maintaining information security frameworks for large scale challenging environments.
• Conducted application penetration testing of 10+ business applications
• Acquainted with various approaches to Grey & Black box security testing
• Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF,authentication bypass, weak cryptography, authentication flaws etc.
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Havij, Dirbuster for web application penetration tests.
• Undertake interviewing processes and recruit the e-commerce analysts, marketing executives, etc
• Responding to inquires/issues from end users related to active directory
• Generated and presented reports on Security Vulnerabilities to both internal and external customers.
• Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
• Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, and Web Scarab, YASCA, HP Web Inspect.
• Training the development team on the most common vulnerabilities and common code review issues and explaining the remediation’s.
• Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.
• Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing system

Confidential

Security Analyst

Responsibilities:

• 1yr and 3 months of experience in Application Security testing with Confidential Corporation.
• Conducted application penetration testing of 90+ business applications
• Conducted Compliance Audits
• Responding to inquires/issues from end users related to active directory
• Acquainted with various approaches to Grey & Black box security testing
• Conducted security assessment of PKI Enabled Applications.
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP for web application penetration tests.
• Good knowledge of network and security technologies such as Firewalls, TCP/IP, LAN/WAN, IDS/IPS, Routing and Switching.
• Monitor, Analyze and respond to security incidents in the infrastructure. Investigate and resolve any security issues found in the infrastructure according to the security standards and procedures.
• Actively search for potential security issues and security gaps that are beyond the ability of detection by any security scanner tool. Initiate and develop new mechanisms to addresses unidentified security holes & challenges.
• Real-time Analysis and defense.
• Vulnerability assessment (VA), Security policy, and network and security audit.
• Configuration and management of Cisco IDS, Checkpoint firewall, Snort.