SUMMARY

• Penetration tester with 6 years of experience in the creation and deployment of solutions protecting applications, networks, systems and information assets for diverse companies and organizations.
• Highly skilled in installing, testing, maintaining and designing advance secure network solutions
• Experience as an Information Security Analyst, involved in OWASP Top 10 based Vulnerability Assessment of various internet facing point of sale web applications and Web services.
• Skilled in identifying the business requirements for information security as well as regulations of information security
• Experience on vulnerability assessment and penetration testing using various tools like Burp Suite, DirBuster, OWASP ZAP Proxy, NMap, Nessus, Kali Linux, Metasploit, HP Web inspect and IBM Appscan.
• Developed, implemented and enforced security policies through experience, in - depth knowledge of security software, and asking the customer the right questions
• An enthusiastic team player who embodies a strong work ethic and a leader who utilizes complex problem solving skills for incident analysis.
• As a Security Consultant involved in enhancing the security stature of the project by initiatives like Threat Modelling, Security awareness sessions, Dormant & Never Logged IDs clean-up.
• Technical business expert employing tremendous Information Security Audit, Strategy and Risk Management Techniques.
• Excellent communication, analytical, troubleshooting, customer service and problem solving skills; excels in mission-critical environments requiring advanced decision-making.
• Mobile application penetration testing iOS and/or Android using open source/custom tools
• Good knowledge on mobile application security testing using Mobisec.
• Involved in software development life cycle (SDLC).
• Have good understanding on object oriented programing concepts.
• Involved in web application development with UI technologies like CSS, HTML, JavaScript
• Certified as an Ethical Hacker.

TECHNICAL SKILLS

Vulnerability Assessment Tools: Burp Suite, Dirbuster, OWASP ZAP Proxy, NMap, Nessus, Kali Linux, IBM Appscan, Metasploit, Accunetix, HP Web inspect, HP Fortify

Languages: C, C++, JAVA, C#.

Technologies: HTML, CSS, XML, JavaScript.

Operating System: Windows, Linux, Mac OSX

RDBMS: Oracle, MySQL

PROFESSIONAL EXPERIENCE

Confidential, Auburn Hills, MI

Security Analyst

Responsibilities:

• Support activities relating to the Confidential US Application Security program.
• Support the application development process group and the SDLC processes related to identifying security vulnerabilities within the application development process.
• Conduct application security assessments using standard Confidential US application security tools.
• Collect and report status on application security assessments including milestones, deliverables, timing, tasks, risk areas, and status.
• Performed Automated Scans for java and .net applications using HP Fortify.
• Performing automated scanning for dynamic assessment using HP Web Inspect.
• Review scanner reports and work with the application development community to remediate issues following a risk based approach.
• Involved actively in the release management process to ensure all the changes of the application had gone to security assessment.
• Giving remediation’s for developers to fix the found vulnerabilities in an application.
• Perform security analysis of the different layers of the systems by performing manual testing and automated system vulnerability assessment scans using various web application vulnerability scanners.
• Performed automated Source code review using IBM App Scan.
• Maintain detailed documentation of test procedures, policies, guidelines and findings in the Vulnerability management system.
• Perform manual vulnerability assessment and penetration testing of applications, produce report walk development team through issues.
• Based on the publicly disclosed vulnerabilities determine the patching priority and notify the stakeholders. Review the applied patch by scanning the disclosed vulnerabilities.
• Performed manual penetration testing using Burp suite of the applications to identify the OWASP Top 10 vulnerabilities and SANS 25.
• Perform Validation on deign of features like authentication, authorization and accountability.
• Participated and involved in the meetings with application teams and off shore teams to discuss Fortify Reports.
• Good Knowledge on compliance and regulations such as SANS 25 and NIST 800 to maintain the security posture of the network.
• Execute daily vulnerability assessments, threat assessment, mitigation and reporting activities in order to safe guard information assists and ensure protection has been put in place on the systems.
• Validate input validations, session management, client protocol controls, logging, and information leakage.
• Evaluating the business requirements, application functionality with project teams to do assessments.
• Provide remediation steps to the team and follow up.
• Re testing the applications for found vulnerabilities and post production support and fixed issues and ensure the closure
• Capable of identifying flaws like Security Misconfiguration, Insecure direct object reference, Sensitive data exposure, Functional level access control, Invalidated redirects.
• Involved in testing of GUI mostly on technologies like CSS, jQuery, Java script.
• Burp suite, Dirbuster, HP Fortify NMap tools on daily basis to complete the assessments
• Used JavaScript for validations and integrating business server side components on the client side with in the browser.
• Explanation of the security requirements to the design team in initial stages of SDLC to minimize the efforts to rework on Issues identified duringpenetrationtests.
• Drafted JavaScript with respect to the vulnerabilities like XSS, Identified critical vulnerabilities like session management, IDOR, path traversal would impact business and ensured they were fixed.

Confidential, New York, NY

Pen Tester

Responsibilities:

• Schedule the pen test for the whole year, also make sure that all the applications are covered in the schedule and completed in the time frame.
• Perform risk assessments to ensure corporate compliance.
• Performed Vulnerability Assessments to the web applications used in the organization using the tools Burp suite, HP Fortify also performed Data Classification
• Provide oral briefings to leadership and technical staff, as necessary.
• Provide the report and explain the issues to the development team
• Experience with Burp Suite, SQL Map, NMap, and Nessus.
• Using various Firefox add-ons like Flag fox, Live HTTP Header, Tamper data to perform the pen test
• Provide remediation steps to the team and follow up
• Retest the fixed issues and ensure the closure
• Conducted onsite penetration tests from an insider threat perspective
• Involved actively in the release management process to ensure all the changes of the application had gone to security assessment.
• Burp suite, Dirbuster, HP Fortify NMap tools on daily basis to complete the assessments
• Perform secure code review of the code base.
• Experience in using HP Fortify for Static Analysis and False Positive Elimination
• Assist with formulation and distribution of Information Security Metrics and Event Reports.
• Validate the false positives and report the issues
• Diagnosed and troubleshot UNIX and Windows processing problems and applied solutions to increase client security.
• Advised on secure data deletion and equipment sanitization, decommissioning. And reuse guidelines for high security environments.
• Regularly performed research to identify potential vulnerabilities in and threats to existing technologies, and provided timely, clear, technically accurate notification to management of the risk potential and options for remediation.
• Used JavaScript for validations and integrating business server side components on the client side with in the browser.
• Explanation of the security requirements to the design team in initial stages of SDLC to minimize the efforts to rework on issues identified duringpenetrationtests.
• Drafted JavaScript with respect to the vulnerabilities like XSS.
• Involved in testing of GUI mostly on technologies like CSS, jQuery, Java script.

Confidential, Iowa city, IA

Security Engineer

Responsibilities:

• Black box pen testing on internet and intranet facing applications
• Explanation of the security requirements to the design team in initial stages of SDLC to minimize the efforts to rework on issues identified during penetration tests
• Perform peer reviews of Security Assessment Reports
• Hands on Experience in conducting web application security scan using IBM Appscan, HP web inspect and Accunetix
• Performed threat modelling of the applications to identify the threats.
• OWASP Top 10 Issues identifications like SQLi, CSRF, XSS
• Training the development team on the secure coding practices
• Suggest and implement new tools and efficiency improvements for developing secure software
• Using various add on in Mozilla to assess the application like Wappalyzer, Flagfox, Live HTTP Header, cookie manager, Tamper data.
• Providing details of the issues identified and the remediation plan to the stake holders
• Involved in a major merger activity of the company and provided insights in separation of different client data and securing PII
• Identification of different vulnerabilities of applications by using proxies like Burp suite to validate the server side validations
• Assists with review of Network and Application vulnerability scan alerts and reports.
• Execute and craft different payloads to attack the system to execute XSS and different attack.
• SQLMap to dump the database data to the local folder
• Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, encryption, Privilege escalations
• Build relationships with peers and stakeholder teams, Establish a trusted security advisor role