SUMMARY

• 6+ years of experience in IT industry as web Application Securityprofessional. Specialized in information technology assurance, web application security, application securitycontrols and validation, regulatory compliance and Secure Software Development Life Cycle (Secure SDLC).
• Experience in Developing and Implementing of InformationSecurityPolicies and Guidelines as per OWASP (Open Web applicationProjects), SANS Secure Coding guidelines
• Hands on Experience on vulnerability assessment and penetration testing using various tools like Burp Suite, Fiddler, ZAP Proxy, SQL map, HP Web Inspect and IBM App Scan, checkmarx, HP fortify.
• Having experience in identifying SQL Injection, Script Injection, XSS, Phishing and CSRF attacks.
• Involved in Secure Software Development Life Cycle (secure SDLC) process.
• Possesses substantial understanding and experience on the SSDLC, which has been effectively translated across many consulting engagements.
• Hands - on with DAST, SAST and manual ethical hacking.
• Production - planning the production run, including redesigning machine tools, equipment, and processes to make new parts, monitoring costs, and production schedules, and overseeing quality control
• Critical thinking ability sufficient for diagnosis of systems failures
• Interpersonal abilities sufficient to interact with customers, supervisors, and fellow employees from a variety of social, emotional, cultural, and intellectual backgrounds
• Remain continuously on task for several hours while standing, sitting, moving, lifting, bending, and/or working in awkward positions.
• Ability to focus and concentrate on diagnostic, repair, and maintenance tasks requiring electrical and technological skills.
• Troubleshooting, evaluation of logs, and captured test fleet issues with ITIL guidance.

PROFESSIONAL EXPERIENCE

Confidential

Security Engineer

Responsibilities:

• Identifying the critical, High, Medium, Low vulnerabilities in theapplicationsbased on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality Environment: ASP, Kali Linux, Nessus, Nmap, Metasploit, HPfortify, HPwebinspect.
• Worked on SQL Injection protection, XSS protection, script injection and major hacking protection techniques.
• Identify vulnerabilities and assess system compliance.
• Compile vulnerability and compliance reports, provide remediation recommendations, and tabulate metrics on vulnerabilities and remediation activities.
• Completing regular situational awareness reports and other reports on a recurring basis.
• Understands and advises on enterprise policies and technical standards with specific regard to vulnerability management and secure configuration.
• Liaise with stakeholders to understand, prioritize, and coordinate vulnerability remediation activities
• To address and integrateSecurityin SDLC by following techniques like Threat Modeling, Risk Management, Logging, Penetration Testing, etc
• Hands-on experience on OWASP -Top 10 for Web applications.
• Expertise knowledge in Penetration Testing, DAST, SAST and manual ethical hacking.
• Experienced in System Support and Linux Platforms focusing on InformationSecurity.
• Working Knowledge of Secure Software Development Life Cycle SSDLC .
• Have a good understanding of WebApplicationbased attacks to include Denial-of-service attacks, MITM attacks, Local file inclusion(LFI), Remote file inclusion(RFI) and Buffer overflow.
• Experience in conducting ITSecurityRisk Assessments in accordance to NIST and FFIEC framework.
• Performedsecuritydesign and architecture reviews for web and mobileapplications.

Confidential, Philadelphia, PA

Security Engineer / Cyber Security Analyst

Responsibilities:

• Worked on Identity and Access Management controls to authenticate the users based on their roles in the organization.
• Developed a security awareness document for the employees.
• Reviewed and assessed IT applications to mitigate risks associated with the security response plans.
• Streamlined Security Control policies for applications and website using NIST .
• Developed end user security access rules and profiles across multiple systems and platforms.
• Developed and maintain documentation for security systems, procedures and security diagrams.
• Worked with stakeholders to establish and remediation policies, practices and implementation.
• Skilled using Burp Suite,IBMApp Scan, N-Map, ZAP.
• Conducted Vulnerability Assessment (DAST and SAST) of Web and Mobile (iOS and Android Applications, including third party applications. The tools IBM AppScan, ZAProxy,BurpSuitePro SecureAssist, HPE Fortify Web Inspect, CheckMarx, Qradar, Fortify, WAS. Have been utilized for scanning the applications.
• Evaluating organization's SDLC and identifying gaps or missing security related tasks and activities and making recommendations. Assist to integrate secure SDLC into functional model.
• Conducted IT security risk assessments including, threat analysis and threat modeling (STRIDE, DREAD).
• Specialize in Security s Solutions- OWASP Top 10 and SANS 25.
• Hands on experience in planning and conducting security risk assessment and vulnerability analysis.
• Expert in performing risk assessment and providing recommendations for improvements in policies and standards.
• Identify vulnerabilities and assess system compliance.
• Compile vulnerability and compliance reports, provide remediation recommendations, and tabulate metrics on vulnerabilities and remediation activities.
• Completing regular situational awareness reports and other reports on a recurring basis.
• Understands and advises on enterprise policies and technical standards with specific regard to vulnerability management and secure configuration.
• Liaise with stakeholders to understand, prioritize, and coordinate vulnerability remediation activities
• Skilled in analyzing application security, performing security design review, identifying application vulnerability and providing vulnerability remediation.
• Experience with Identity and Access Management (IAM) and development of user roles and policies for user access management.
• Researched complex legal issues regarding various areas of business law.
• Drafted and filed complaints, initial disclosure statements, and various other court documents in suits for contract breach. Drafted an operating agreement for a new technological business.
• Organized business entities and filed securities registration with the state's corporation commission, and filed tax elections with IRS.
• Responsible for the overall program management, coordination, execution, control and completion of identified Program/Project deliverables.
• Support the identification of business processes and systems that relate to personal data and deemed in-scope ofGDPR.
• Development of project scopes and objectives, involving all relevant stakeholders and ensuring technical feasibility.
• Development of a detailed project plan to track progress.
• Management of projects from kickoff through deployment.
• Preparation of periodic project status reports and conducting review meetings with stakeholders.
• UnderstandingGDPRcompliance standards and translating them into business and data management. requirements in the form of user stories/functional specifications or business change documentation.
• Analyzed correlation rules developed for Security Incident and Event Management (SIEM) system. Reviewed the solution implemented for "log forwarding" from various network devices to ArcSight central logging for alerting and security monitoring.
• Assisting customer in understanding risk and threat level associated with vulnerability so that customer may or may not accept risk with respect to business criticality
• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality for remediation.
• Assisting in review of solution architectures from security point of view which helps avoiding security related issues/threats at the early stage of project
• Ensuring compliance with legal and regulatory requirements.

Confidential

Security Engineer

Responsibilities:

• Responsible for developing information security risk identification, classification, triaging and mitigation.
• Worked with the enterprise architecture team, Security Governance, and Policy team.
• Good understanding of administering and implementing SIEM, DLP, Web sense, Advance malware detection program, vulnerability assessment, and prevention,
• Worked on PCI, SOX and HIPPA security baseline support and as Information Security Professional.
• Executes the PCIData Security Standards (PCI DSS) assessments for all controls, including communication of key milestones, gap remediation consulting/tracking, and guidance on compensating controls.
• Participate in risk assessment and perform walkthrough procedures and control testing.
• Participate in a risk advisory role on company initiatives or information systems projects to ensure proactive identification of relevant risks.
• Deliver reporting and metrics to inform management of risk and status.
• Worked directly with various teams to document exceptions, identify compensating controls, and remediation action plans accordingly.
• Perform compliance analysis to identify noncompliance areas with respect to OMB guidance, NIST publications, and FISMA.
• Expertise in Gathering and analyzing metrics, key risk indicators and maintain scorecards defined within the area of information security to ensure our information security program is performing effectively and efficiently.
• Familiar with general security risk management principals and best practices.
• Supported and helped mature the security risk management program. Familiar with general Governance, Risk and Compliance (GRC) programs with specific knowledge of vendor risk and policy management.
• General knowledge in the areas of IT management, acquisition and maintenance of systems, system operations and Information security control activity.
• Knowledge and experience in standard security and regulatory frameworks including ISO … NIST, HITRUST CSF and PCI DSS..
• Familiarity with vulnerability assessment and penetration best practices.
• Experience with vulnerability and penetration testing techniques.
• Worked on PCI, SOX and HIPPA security baseline support and as Information Security Professional.