We provide IT Staff Augmentation Services!

Application Security Consultant Resume

2.00/5 (Submit Your Rating)

Charlotte, NC

SUMMARY

  • Around 8+ years of experience in application security, cloud security, mobile & data security, vulnerability assessments, cryptography, secure coding, security design, and software development in diverse industries, including financial and high - tech
  • Well conversant wif the latest technological trends in Information security field including Management practices and regulatory Issues.
  • Strong experience on working wif cloud security related projects such as Identity and access management, privileged access management and hytrust RBAC
  • Security incident and event manager (SIEM) configurations and Log analysis.
  • Conduct network vulnerability assessments using Expose tool to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.
  • Will perform cyber security incident response, event analysis and investigations
  • Log Monitoring and Manage the SIEM infrastructure.
  • DevSecOps Security by Design” Plan & Guidelines for Infrastructure & Applications
  • Conduct routine social engineering tests and clean-desk audits.
  • IPS/IDS (Intrusion Prevention Systems) management, signatures analysis.
  • Vulnerability assessment and penetration testing.
  • Utilized IPS/IDS (intrusion prevention systems/intrusion detection systems) systems daily to determine if customer(s) are experiencing specific malware attacks.
  • Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder.
  • Expert in handling High volume of data for transformation and routing.
  • Provided ad-hoc and scheduled database data refreshes for application development teams.
  • Familiar wif: Kali Linux, Aircrack-ng, Hydra, Metasploit, HashCat, Nmap, Wireshark, Sqlmap, John-Ripper, Nessus.
  • Performed SAST and DAST for Android & iOS apps using check Marx and proxy tools for OWASP Mobile Top 10
  • Conducted incident prevention, detection/analysis, containment, eradication and aid recovery across IT systems and Administering Splunk ES.
  • Knowledge of networking (TCP/IP, Ethernet), NIS, DNS, NFS, DHCP, SMTP and RAID.
  • Knowledge of Routers and Switches, Subnet, VLAN, TCP/IP, VPN, OSI model, VOIP, and Sarbanes Oxley compliance (SOX).
  • Experience in Shell scripting (ksh, bash) to automate system administration jobs
  • Self-motivated wif good analytical abilities to comprehend things and carry out assignments in a prioritized manner
  • Perfectionist and committed to accuracy and attention to detail.
  • Excellent communication skills, enthusiastic wif the drive and determination to do whatever it takes to get the job done.
  • Performing detailed Quality Assurance review of web-based applications, identify and validate application vulnerabilities, and perform actual remediation at architectural and source code levels.

TECHNICAL SKILLS

Vulnerability Assessment tools: Rapid 7, Nessus, Qualys, Hydra, Burp suite, Nmap, Metasploit

DAST and SAST Tools: Checkmarx, IBM App scan, Burp Suite pro, HP Fortify

Compliance: ISO 27001, NIST, HIPAA, PCI, SOX

Operating Systems: Operating Systems: Linux (Red Hat & Ubuntu), Microsoft Windows / 2003/2008/2012- Windows 7 and 10

Scripting: Shell Scripting, Java script, HTML, Python

Programming languages: C, C++, java

Technologies: AWS, MS Azure, Splunk 7.x.

Network security tools: Nmap, Wire shark, Metasploit, Nessus, Qualys Guard, SSLDigger, SSLSmart, SSLScan, open ssl

PROFESSIONAL EXPERIENCE

Confidential, Charlotte, NC

Application Security Consultant

Responsibilities:

  • Managed security assessment to ensure compliance to firm’s security standards (me.e., OWASP Top 10). Specifically, manual testing has been performed to identify Cross-Site Scripting and SQL Injection related attacks wifin the code.
  • Performed Static Application Security Testing Assessments for the Web Applications, Microservices and Mobile Applications using Checkmarx.
  • Performed pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews
  • Planed and created penetration methods, scripts, and tests.
  • Performed Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities from applications deployed in DEV, PRE-PROD and PROD environments.
  • Performed Automated, Manual Dynamic and static Scans for java applications using IBM AppScan.
  • Oversee tuning of the barracuda Web Application Firewall (WAF), security controls, etc.
  • Worked extensively wif software development teams to review the source code, triage the security vulnerabilities generated by Checkmarx and eliminated false positives.
  • Set up DBs in AWS using RDS and configured instance backups to S3 bucket.
  • Perform vulnerability assessment and Penetration Testing on Networks and Applications.
  • Improving the Application Security Posture of the company's online business by performing periodic assessments on mission critical applications.
  • Assisting wif management, configuration, and ongoing maintenance of Web Application Firewalls (WAF) and load balancers to include Imperva and F5.
  • Log defects in Jira and assign to the application team for the fixes and Work wif application teams to help them remediate the security vulnerabilities.
  • Knowledge of Programming languages and concepts of Java, Angular JS, Python.
  • Experienced in configuring Sonatype Nexus and using it as a repository manager.
  • Analyzed the organization’s code base for known vulnerabilities using Sonatype Nexus Repository Manager and CLM.
  • Deployed, managed scalable and fault-tolerant systems on AWS.
  • Performed Infrastructure and Application Vulnerability Assessments, Penetration Testing, C&A, Policy Review, DR/BCP, Risk Assessments, Ethical Penetration Testing.
  • Perform assessments on PCI and PII applications to check if the applications are compliant wif the industry leading best security practices.
  • Generated executive summary reports showing the security assessments results, recommendations and risk mitigation plans and presented them to the respective business sponsors and senior management.
  • Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Havij, DirBuster for web application penetration tests.
  • Conducted Vulnerability Assessment of networks using Qualys and Nessus.
  • Review new Vulnerabilities disclosed and perform proactive assessments on the Network environment, applications, and system.
  • Participated in monthly developer workshops to educate and train developers on secure SDLC, scan source code using Checkmarx, triage and resolve the security vulnerabilities.
  • Participated in the implementation of AWS Cloud security for applications being deployed in the Cloud environment.
  • Performed Security control assessments for the applications and suggested mitigation plans to reduce the risk.

Confidential, Bentonville, AR

Cloud Security Analyst

Responsibilities:

  • Designing and implementing a common end user computing infrastructure, including desktop and notebook hardware, operating systems and desktop software.
  • Defined and established and managed security risk metrics and tracked TEMPeffectiveness in the environment.
  • Assisted in the evaluation and implementation of new security technologies.
  • Conduct network vulnerability assessments using tools Symantec and Beyond trust to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.
  • Manage WAF rule - set to address application security vulnerabilities where necessary.
  • Worked wif SCCM team in patch compliance and Client remediation process for desktops for better Saturation numbers.
  • Develop, implement and operate controls to secure cloud-based systems
  • Utilize cloud-based APIs when appropriate to write network/system level tools for securing cloud environments
  • Deployed, managed scalable and fault-tolerant systems on AWS
  • Managed AWS services like VPC, EC2, S3, ELB, Auto Scaling Groups (ASG), EBS, RDS, IAM, Cloud Watch and Cloud Front
  • Experience in Amazon EC2 setting up instances, VPCs, security groups.
  • Set up DBs in AWS using RDS and configured instance backups to S3 bucket.
  • Use IAM for creating roles, users, groups and implement MFA to provide additional security.
  • Recognize, adopt, utilize and teach best practices in cloud security engineering.
  • Monthly SUVP (Software Update Validation Program) testing and providing feedback to Microsoft.
  • Ensure software is patched and able to protect from threats.
  • Developed hardened Windows 10 image used by security Operations to monitor the corporate environment using self-created VB scripts/batch and include pre-configured access to AD/Exchange/PowerShell/etc.
  • Created an organizational AMI template baseline for other Cloud application projects that will in corporate the AWS Web Application Firewall (WAF), Elastic Load Balancer or API
  • Gave an hours long workshop on previously undetected Security Vulnerabilities that existed wifin the environment.
  • Used Burp suite to Manual Penetration Testing for internal sites
  • Conduct routine social engineering tests and clean-desk audits.
  • Manage and maintain Jenkins integration jobs to support application security automation.
  • Built VPCs from scratch and used AWS CloudFormation to create private, public subnets, network access lists and configured internet gateways.
  • Created AMI, user access management/role-based access/MFA, API access and, configured Auto Scaling Groups (ASG) and elastic load balancer (ELB) for scaling services.
  • Configured SNS for notifications and enabled CloudWatch to collect log metrics.
  • Automated Application security using Barracuda CloudGen WAF, Vulnerability remediation service on MS Azure.
  • Configured VMs using PowerShell scripting, JSON templates and Azure resource Manager.
  • Configured Azure Alerts for services using Azure Monitor
  • Deployed Azure Encryption for Azure Storage, Azure Key Vault services to protect Applications.
  • Played a key role as Subject Matter Expert in ensuring security baseline met Command Cyber criteria for excellent rating during security audit. Guided leadership, peers and subordinates in tactics, techniques, and procedures.

Confidential

Information Security Analyst

Responsibilities:

  • Implemented web application administration and managed incident tickets.
  • Identify web application security vulnerabilities (SAST/DAST) and offer resolution advice
  • Develop, maintain, and communicate future and current state security architecture strategies and models
  • Conduct risk assessments, threat modelling and information security reviews on workstations, applications and platforms
  • Implemented threat modelling and participated in penetration testing.
  • Helped in code reviews and risk assessments wif tools like Check Marks and HP Fortify.
  • Planning and managing the delivery of application Security tests both and source code reviews on high-risk web applications.
  • Collect application vulnerability metrics and introduce automated security checks into application build process
  • Performed manual penetration testing to exploit and mitigate security threats such as CSRF, XSS, Buffer Overflows, SQL injections and DOS Attacks etc.,
  • Highest client technical escalation point.
  • Designed and developed security-based tools and applications.
  • Generated technical reports containing security-based findings.
  • Document secure coding guidelines and run training programs to assist internal development personnel
  • Responsible for the identification, evaluation, and inclusion of 3rd party Open-source Intelligence (OSINT) data sources.
  • Defines, develops & implements Security Event Monitoring and Incident Response strategies & methodologies.
  • Participated in routine client calls for existing clients and prospects.
  • Provided Sales Engineering support both on and off site of client locations.
  • Managed Proof of Concepts (PoC) and pilots to win contracts.

Confidential

Software Engineer

Responsibilities:

  • Worked on Implementation, test and operate advanced software security techniques in compliance wif technical reference architecture
  • Perform on-going security testing and code review to improve software security
  • Collaborating wif management, departments and customers to identify end-user requirements and specifications
  • Designing algorithms and flowcharts to create new software programs and systems
  • Producing efficient and elegant code based on requirements
  • Testing and deploying programs and applications
  • Involved in writing the Test Estimates, Test Planning and Test Strategy planning of Test Preparation and Execution.
  • Preparing QTP plans for testing the work requests after delivering from the developers.
  • Performed Unit testing, Integration testing, Regression Testing and System testing of the software.
  • Implemented Regression and Smoke tests execution as separate step of the deployment process.
  • Developed tool for easy code check-in and deployment.
  • Created documents related to System Development Life Cycle (SDLC) deliverables.
  • Assisted in business process design and documentation as needed for new technology solution implementations.

We'd love your feedback!