SUMMARY

• Over 6+ Years of professional IT Experience in Application SecurityTestingparticularly focused on performing technical activities such asPenetrationtesting, Code review, Secure ApplicationTesting, Vulnerability Analysis based on OWASP.
• Delivered training programs on "Tool Based Solutions for Quality Deliverables" giving demos on various tools for Application Static Analysis, Quality Analysis, Security Analysis, Automation Build & Continuous Integration.
• Skilled and experienced in tools like Burp Suite, SQLMAP, Acunetix, Metasploit, QualysGuard, Nexpose, Nessus, Nmap, OWASP ZAP Proxy and HP Fortify.
• Experience in Open Web Application Security Project (OWASP TOP 10), WASC THREAT CLASSIFICATION2.0, Web Application Security Project (WASP) methodologies.
• Worked on Application Security Analysis for some of the major Clients using IBM AppScan &HP Fortify.
• Have real time experience in SQL Injection protection, Script Injection, XSS Protection and major hacking protection techniques.
• Vulnerability Assessment includes analysis of bugs in various applications spread across N - tier on various domains by using both manual and Automation tools.
• Excellent programming skills on JavaScript, Ruby, and Python Scripting.
• Expertise in working on Patch Management,PenetrationTestingand Vulnerability Scanners.
• Proficient in Windows/Linux, Unix operating system configuration, utilities, and programming.
• Strong knowledge in software, hardware, and networking technologies to provide a powerful combination of analysis, implementation, and support.
• Excellent knowledge and industry experience in Vulnerability Assessment andPenetrationTesting on WEB based Applications, Infrastructurepenetrationtestingand Mobile based applications.
• Having good experience in Secure SDLC and Source Code Analysis (Manual & Tools) on WEB based Applications.
• Security assessment based on OWASP framework and reporting the identified issues in the industry standard framework. Worked on exploiting the recognized vulnerabilities and Performed Software Licensing audit.
• Experience in Threat Modeling during Requirement gathering and Design phases.
• Strong analytical, problem solving and communication skills.
• Experience with Security Risk Management in TCP-based networking.
• Ability to work in large and small teams as well as independently.
• Ability to successfully manage multiple deadlines and multiple projects.

PROFESSIONAL EXPERIENCE

Confidential, Omaha, NE

Application Security Engineer

Responsibilities:

• Provide leadership and guidance regarding security best practices for application development, access control, incident response and security awareness.
• Develop, implement, and maintain an application security plan as well as Secure SDLC
• Prepare, document, maintain and disseminate security policies and procedures.
• Conduct Security awareness education and training for software development engineering teams.
• Identify vulnerabilities within an application and work with the software development teams to resolve these issues.
• Provide frequent updates on the state of application security.
• Provide or coordinate the information technology response to internal and external security assessments/pentests/bug bounty programs.
• Lead team for in-house pen-testing.
• Analyze static and dynamic scans from various sources (Fortify, Veracode & Whitehat) and provide guidance to software development teams with resolutions.
• Conducted onsitepenetrationtests from an insider threat perspective.
• Analyzed malware behavior, network infection patterns and security incidents.
• Analyzed classified network security intelligence reports daily.
• Produced advisory reports regarding 0-day exploits, CVE vulnerabilities, current network.
• Performed host, network, and web applicationpenetrationtests through Burp Suite
• Performed network security analysis and risk management for designated systems
• Performed source code security analysis using Fortify and App scan tools.
• Proposed remediation strategies for remediating system vulnerabilities.
• Developed Security Assessment Plan, Security Assessment Report, Security Assessment Questionnaire, Rules of Engagement, kick off Brief, and Exit Brief templates
• Performed dynamic and static source code review using Fortify source code scanner and through manualtesting.
• Created OWASP web application test cases and mapped them to associated NIST Rev.4 security controls. Familiar with SOX, ISO 2700x, NIST.
• Performed peer reviews of Security Assessment Reports (SAR)s.
• Researched and analyzed known hacker methodology, system exploits and vulnerabilities to support Red Team Assessment activities.
• Created written reports, detailing assessment findings and recommendations.
• Provided oral briefings to leadership and technical staff, as necessary.
• Aided with the development and maintenance of internal Red Team methodology, to include training program.
• Performed risk assessments to ensure corporate compliance.
• Developed agenda for quarterly audit program.
• Conducted security event monitoring for corporate wide in-scope applications. Performed application security andpenetrationtestingusing Rational AppScan.

Environment: - Burp suite, AppScan, Fortify Source code analysis, Brakeman, IDA pro, SoapUI, Nessus, SEIM tools, Kali Linux, Virus total, Cuckoo, Nmap, Zenmap, Wireshark, Acunetix, Aircrack, John the ripper, Metasploit, Zed, Cain & Abel, SQLmap, SQLNinja, BeEF, Nicto, NVD, Linux/Unix, IDS/IPS, Firewalls, IDS, IPS, Firewalls

Confidential, Richardson, TX

PenetrationTester/Information Security Analyst

Responsibilities:

• Conducted onsitepenetrationtests from an insider threat perspective.
• Analyzed malware behavior, network infection patterns and security incidents.
• Analyzed classified network security intelligence reports daily.
• Produced advisory reports regarding 0-day exploits, CVE vulnerabilities, current network.
• Performed host, network, and web applicationpenetrationtests through Burp Suite
• Performed network security analysis and risk management for designated systems
• Performed source code security analysis using Fortify and App scan tools.
• Proposed remediation strategies for remediating system vulnerabilities.
• Developed Security Assessment Plan, Security Assessment Report, Security Assessment Questionnaire, Rules of Engagement, kick off Brief, and Exit Brief templates
• Performed dynamic and static source code review using Fortify source code scanner and through manualtesting.
• Created OWASP web application test cases and mapped them to associated NIST Rev.4 security controls. Familiar with SOX, ISO 2700x, NIST.
• Performed peer reviews of Security Assessment Reports (SAR)s.
• Researched and analyzed known hacker methodology, system exploits and vulnerabilities to support Red Team Assessment activities.
• Created written reports, detailing assessment findings and recommendations.
• Provided oral briefings to leadership and technical staff, as necessary.
• Aided with the development and maintenance of internal Red Team methodology, to include training program.
• Performed risk assessments to ensure corporate compliance.
• Developed agenda for quarterly audit program.
• Conducted security event monitoring for corporate wide in-scope applications. Performed application security andpenetrationtestingusing Rational AppScan.

Environment: - Burp suite, AppScan, Fortify Source code analysis, Brakeman, IDA pro, SoapUI, Nessus, SEIM tools, Kali Linux, Virus total, Cuckoo, Nmap, Zenmap, Wireshark, Acunetix, Aircrack, John the ripper, Metasploit, Zed, Cain & Abel, SQLmap, SQLNinja, BeEF, Nicto, NVD, Linux/Unix, IDS/IPS, Firewalls, IDS, IPS, Firewalls