Senior Security Analyst Resume

SUMMARY

Professional with 5+ years of progressive experience in Information Technology with extensive experience in Information Security, Application Security, Software Security, Enterprise Vulnerability Management, penetration testing and generating reports using tools.
Experience as an Information Security Analyst, involved in OWASP Top 10 based Vulnerability Assessment of various internet facing point of sale web applications and Web services.
Experience in vulnerability assessment and penetration testing using various tools like Burp Suite, Dir Buster, OWASP ZAP proxy, N - Map, Nessus, IBM App Scan enterprise, Kali Linux, Metasploit.
Reporting the identified issues in the industry standard framework.
Simulate how an attacker would exploit the vulnerabilities identified during the dynamic analysis phase.
Experience in software Licensing audit.
Good experience in Web technologies like HTTP, HTML, CSS, Forms, Database Connectivity.
Excellent team player, enthusiastic initiator, and ability to learn the fundamental concepts effectively and efficiently.
Good knowledge in programming and scripting in asp, Java.
Ability to work in large and small teams as well as independently.
Coordinate with dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.
Reporting the identified issues in the industry standard framework.
Sound knowledge and industry experience in Vulnerability Assessment and Penetration.

PROFESSIONAL EXPERIENCE

Confidential

Senior Security Analyst

Responsibilities:

Rolled out IBM App Scan products such as App Scan Enterprise (ASE), Standard, Developer plug-ins to various development teams across the business lines.
Worked extensively with software development teams to review the security vulnerabilities generated by IBM App Scan enterprise and standard, Burp Suite, HP Web Inspect, HP Fortify and eliminated false positives.
Review the requirements for authorized access on an everyday basis and provide recommendations.
Establishing and improving the processes for privileged user access request.
Highlight the user access and privileged user access risks to the organization and providing the remediation plan.
Initiative to stream line the access control mechanism of various applications.
Provided the development team with detailed reports based on the findings obtained from the manual and automated testing methodologies, also provide the necessary remediation for individual findings.
Attended meetings with development team to discuss the previously submitted reports on the findings to ensure dat the fixes are made to those applications.
Performed a threat analysis on the new requirements and features.

Confidential

Security Analyst

Responsibilities:

Working in collaboration with both networking and security teams and participated in security assessment of web applications, systems and networks.
Scheduled a Penetration Testing Plan throughout the organization and completed all the tasks in the given time frame.
Conducted penetration tests on systems and applications using automated and manual techniques with tools such as Metasploit, Burp Suite, Kali Linux, and other open source tools as needed and report the findings.
Worked with tools like Burp Suite, Dir Buster, HP Fortify, N-map, Web inspect, Nessus, IBM app scan as part of the penetration testing, on daily basis to complete the assessments.
Uncovered high vulnerabilities at the infrastructure level for internet facing web sites.
Documented information security guidance in step by step operational procedures.
Performed static code reviews with the help of automation tools.
Network scanning using tools like N-Map and Nessus.
Initiative to streamline the access control mechanism of various applications.

Confidential

Penn Tester

Responsibilities:

Performed Automation scanning and analysis on the applications monthly.
Uncovered high vulnerabilities at the infrastructure level for internet facing web sites.
Worked with tools like Dir Buster, HP Fortify, N-map, Web inspect, Nessus, wire shark, IBM app scan standard and enterprise as part of the penetration testing, on daily basis to complete the assessments.
Documented information security guidance in step by step operational procedures.
Performed static code reviews with the help of automation tools.
Network scanning using tools like NMap and Nessus.
Initiative to streamline the access control mechanism of various applications.
Provided the development team with detailed reports based on the findings obtained from the manual and automated testing methodologies, also provide the necessary remediation for individual findings.
Attended meetings with development team to discuss the previously submitted reports on the findings to ensure dat the fixes are made to those applications.
Performed a threat analysis on the new requirements and features.
Burp Suite, Dir Buster, N-Map tools were used as part of the penetration testing, on daily basis to complete the assessments.