SUMMARY

• Professional with 3 years’ experience in Information Technology Industry - Information Security, Vulnerability Assessments, Penetration Testing and generating reports using manual and automated tools.
• Strong Experience on assessing and mitigating vulnerabilities identified in network and applications.
• Detected various vulnerabilities (including OWASP top 10) comprised overauthentication, authorization, input validation, session management, server configuration, cryptography, information leakageareas.
• Extensive Experience in Conducting Social Engineering test and provide security awareness training based on assessment result.
• Good knowledge of network and security technologies such as Firewalls, TCP/IP, LAN/WAN, IDS/IPS, Routing and Switching.
• Well versed with numerous programming languages like C, C++, Python, Java, JavaScript.
• Proficient in Linux operating system, utilities and programming.
• Strong knowledge of information security frameworks and standards like NIST-CSF, FFIEC, NYCRR-DFS, HIPPA, ISO27001.
• Profound Knowledge ofSIEM(Security Information and Event Management) solution Splunk, able to perform searches, create reports, alerts and dashboards.
• Exceptional ability to quickly adapt to latest technology especially security features, passion for high quality and technical expertise.
• Excellent analytical and problem solving skills with strong reasoning skills.
• Highly motivated with strong interpersonal written and oral communication skills.
• Knowledge and understanding of ITIL processes.
• In depth understanding about risk assessment, penetration testing frameworks and governance, risk and compliance model.

TECHNICAL SKILLS

Tools: Wireshark, Nmap, Nessus, WPScan, Aircrack-ng, Metasploit, Armitage, Burpsuite, OWASPZAP, SQLmap, DirBuster, Maltego, Foca, BeEf, Nikto, HTTrack, Recon-ng, Firewalk, OpenVas, Vega, Arachini

Programming Languages: C, C++, Python, Java, JavaScript, HTML, PHP, MySQL, Assembly language

Operating Systems: Microsoft Windows, Linux

PROFESSIONAL EXPERIENCE:

Confidential, New Jersey

Security Analyst

Responsibilities:

• Developed, implemented, and documented Security guidelines and policies based on NIST cybersecurity framework.
• Involved in conducting and managing Vulnerability assessments and Penetration testing that assist the financial clients to submit their reports of bi annual vulnerability assessments and annual penetration testing reports to comply with 23NYCRR-500(New York Code Rules and Regulations). Identified vulnerabilities, recommend corrective measures and ensure the adequacy of existingSecuritycontrol.
• Performed manual and automated Penetration Test on internal and external network infrastructure.
• Author quality penetration test reports with professional documentation of identified and exploited vulnerabilities/weaknesses. Provide detailed mitigation and remediation guidance for findings of Penetration Testing.
• Responsible for providing detailed technical reports and executive reports to the financial clients, ready to submit to the New York- Department of Financial Services.
• Conducted social engineering test for clients. Performed assessments of security awareness training using social engineering.
• Worked on improvements for security services, including continuous enhancement of existing methodology material and supporting assets.
• Continual Research on open-source intelligence feeds for current and emerging threat information.
• Identified vulnerabilities of applications by using proxies like Burp Suite to validate the server-side validations.
• OWASP Top 10 Issues identifications like SQLi, CSRF, XSS, XML injection, Path traversal, IDOR, and file upload vulnerabilities.
• Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, Encryption, Privilege escalations.

Confidential, Brooklyn, New York

Graduate Research Assistant

Responsibilities:

• Assisted faculty in ongoing research on cloud-based security tools for strengthening the network infrastructure.
• Supported the team to develop risk assessment methodology based on industry best practices.
• Coordinated with team for Security policy development to implement procedures to manage sensitive information.
• Researched on SIEM tool Splunk Enterprise Security which empowers security teams to proactively stay current with the changing threat landscape and the defense tactics to enable organization threat management.
• Explored Cloud based log management tool Sumo logic to detect, investigate and respond to security issues.
• Analyze the privileged access management technologies in cyber security and developed understanding of CyberArk Solutions.
• Reviewed cloud-based Vulnerability management tool Qualys to continuously detect attacks.

Confidential, Brooklyn, New York

Graduate Teaching Assistant

Responsibilities:

• Aided faculty in designing network security labs and collaborating research resources.
• Conducted Network Security lab sessions, clarifying concepts of network penetration testing, wireless security, intrusion detection system, intrusion prevention systems, cryptography, firewalls and perimeter security.
• Grade reports by verifying, testing and analyzing student’s lab assignments.

Confidential, Weston, Connecticut

Cybersecurity Analyst Intern

Responsibilities:

• Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
• Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring closure.
• Provided detailed reports on the findings of network and application penetration tests including mitigation and remediation activities.
• Supported team performing risk assessments based on NIST framework and HIPPA compliance standard.

Confidential

Programmer Analyst

Responsibilities:

• Underwent comprehensive Technical Training in C, MySQL, Advanced Java Technology and on client relationship management.
• Accomplished intensive software training through hands on and practical exam after each module to scrutinize proficiency in coding.
• Identifying and gathering the requirements, high level design from clients to implement the code.
• Analyze code for system testing and debugging, create test transactions to find, isolate and rectify issues.
• Created and managed database that processed several stored procedures in MySQL.
• Led a Project Bank Management System to create online bank contributing services to customers- opening bank account, bank statement generation, delivering loan, updating account and retrieving customer details in Java and MySQL.