SUMMARY

• Around 8+ years of experience in application security, cloud security, mobile & data security, vulnerability assessments, cryptography, secure coding, security design, and software development in diverse industries, including financial and high - tech
• Well conversant with the latest technological trends in Information security field including Management practices and regulatory Issues.
• Strong experience on working with cloud security related projects such as Identity and access management, privileged access management and hytrust RBAC
• Security incident and event manager (SIEM) configurations and Log analysis.
• Conduct network vulnerability assessments using Expose tool to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.
• Will perform cyber security incident response, event analysis and investigations
• Log Monitoring and Manage the SIEM infrastructure.
• DevSecOps Security by Design” Plan & Guidelines for Infrastructure & Applications
• Conduct routine social engineering tests and clean-desk audits.
• IPS/IDS (Intrusion Prevention Systems) management, signatures analysis.
• Vulnerability assessment and penetration testing.
• Utilized IPS/IDS (intrusion prevention systems/intrusion detection systems) systems daily to determine if customer(s) are experiencing specific malware attacks.
• Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder.
• Expert in handling High volume of data for transformation and routing.
• Provided ad-hoc and scheduled database data refreshes for application development teams.
• Familiar with: Kali Linux, Aircrack-ng, Hydra, Metasploit, HashCat, Nmap, Wireshark, Sqlmap, John-Ripper, Nessus.
• Performed SAST and DAST for Android & iOS apps using check Marx and proxy tools for OWASP Mobile Top 10
• Conducted incident prevention, detection/analysis, containment, eradication and aid recovery across IT systems and Administering Splunk ES.
• Knowledge of networking (TCP/IP, Ethernet), NIS, DNS, NFS, DHCP, SMTP and RAID.
• Knowledge of Routers and Switches, Subnet, VLAN, TCP/IP, VPN, OSI model, VOIP, and Sarbanes Oxley compliance (SOX).
• Experience in Shell scripting (ksh, bash) to automate system administration jobs
• Self-motivated with good analytical abilities to comprehend things and carry out assignments in a prioritized manner
• Perfectionist and committed to accuracy and attention to detail.
• Excellent communication skills, enthusiastic with the drive and determination to do whatever it takes to get the job done.
• Performing detailed Quality Assurance review of web-based applications, identify and validate application vulnerabilities, and perform actual remediation at architectural and source code levels.

TECHNICAL SKILLS

Vulnerability Assessment tools: Rapid 7, Nessus, Qualys, Hydra, Burp suite, Nmap, Metasploit

DAST and SAST Tools: Check marx, IBM App scan, Burp Suite pro, HP Fortify

Compliance: ISO 27001, NIST, HIPAA, PCI, SOX

Operating Systems: Linux (Red Hat & Ubuntu), Microsoft Windows / 2003/2008/2012- Windows 7 and 10

Scripting: Shell Scripting, Java script, HTML, Python

Programming languages: C, C++, java

Technologies: AWS, MS Azure, Splunk 7.x.

Network security tools: Nmap, Wire shark, Metasploit, Nessus, Qualys Guard, SSLDigger, SSLSmart, SSLScan, open ssl, LockPath KeyLight

PROFESSIONAL EXPERIENCE

Confidential, Charlotte, NC

Application Security Consultant

Responsibilities:

• Managed security assessment to ensure compliance to firm’s security standards (i.e., OWASP Top 10).
• Specifically, manual testing has been performed to identify Cross-Site Scripting and SQL Injection related attacks within the code.
• Performed Static Application Security Testing Assessments for the Web Applications, Microservices and Mobile Applications using Checkmarx.
• Performed pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews
• Planed and created penetration methods, scripts, and tests.
• Performed Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities from applications deployed in DEV, PRE-PROD and PROD environments.
• Performed Automated, Manual Dynamic and static Scans for java applications using IBM AppScan.
• Oversee tuning of the barracuda Web Application Firewall (WAF), security controls, etc.
• Worked extensively with software development teams to review the source code, triage the security vulnerabilities generated by Checkmarx and eliminated false positives.
• Improving the Application Security Posture of the company's online business by performing periodic assessments on mission critical applications.
• Assisting with management, configuration, and ongoing maintenance of Web Application Firewalls (WAF) and load balancers to include Imperva and F5.
• Log defects in Jira and assign to the application team for the fixes and Work with application teams to help them remediate the security vulnerabilities.
• Knowledge of Programming languages and concepts of Java, Angular JS, Python.
• Experienced in configuring Sonatype Nexus and using it as a repository manager.
• Analyzed the organization’s code base for known vulnerabilities using Sonatype Nexus Repository Manager and CLM.
• Perform assessments on PCI and PII applications to check if the applications are compliant with the industry leading best security practices.
• Generated executive summary reports showing the security assessments results, recommendations and risk mitigation plans and presented them to the respective business sponsors and senior management.
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Havij, DirBuster for web application penetration tests.
• Conducted Vulnerability Assessment of networks using Qualys and Nessus.
• Review new Vulnerabilities disclosed and perform proactive assessments on the Network environment, applications, and system.
• Participated in monthly developer workshops to educate and train developers on secure SDLC, scan source code using Checkmarx, triage and resolve the security vulnerabilities.
• Participated in the implementation of AWS Cloud security for applications being deployed in the Cloud environment.
• Performed Security control assessments for the applications and suggested mitigation plans to reduce the risk.

Confidential, Bentonville, AR

Cloud Security Analyst

Responsibilities:

• Designing and implementing a common end user computing infrastructure, including desktop and notebook hardware, operating systems and desktop software.
• Defined and established and managed security risk metrics and tracked effectiveness in the environment.
• Assisted in the evaluation and implementation of new security technologies.
• Conduct network vulnerability assessments using tools Symantec and Beyond trust to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.
• Manage WAF rule - set to address application security vulnerabilities where necessary.
• Worked with SCCM team in patch compliance and Client remediation process for desktops for better Saturation numbers.
• Develop, implement and operate controls to secure cloud-based systems
• Utilize cloud-based APIs when appropriate to write network/system level tools for securing cloud environments
• Deployed, managed scalable and fault-tolerant systems on AWS
• Managed AWS services like VPC, EC2, S3, ELB, Auto Scaling Groups (ASG), EBS, RDS, IAM, Cloud Watch and Cloud Front
• Experience in Amazon EC2 setting up instances, VPCs, security groups.
• Set up DBs in AWS using RDS and configured instance backups to S3 bucket.
• Use IAM for creating roles, users, groups and implement MFA to provide additional security.
• Recognize, adopt, utilize and teach best practices in cloud security engineering.
• Monthly SUVP (Software Update Validation Program) testing and providing feedback to Microsoft.
• Ensure software is patched and able to protect from threats.
• Developed hardened Windows 10 image used by security Operations to monitor the corporate environment using self-created VB scripts/batch and include pre-configured access to AD/Exchange/PowerShell/etc.
• Created an organizational AMI template baseline for other Cloud application projects that will in corporate the AWS Web Application Firewall (WAF), Elastic Load Balancer or API
• Gave an hours long workshop on previously undetected Security Vulnerabilities that existed within the environment.
• Conduct routine social engineering tests and clean-desk audits.
• Manage and maintain Jenkins integration jobs to support application security automation.
• Built VPCs from scratch and used AWS CloudFormation to create private, public subnets, network access lists and configured internet gateways.
• Created AMI, user access management/role-based access/MFA, API access and, configured Auto Scaling Groups (ASG) and elastic load balancer (ELB) for scaling services.
• Configured SNS for notifications and enabled CloudWatch to collect log metrics.
• Automated Application security using Barracuda CloudGen WAF, Vulnerability remediation service on MS Azure.
• Configured VMs using PowerShell scripting, JSON templates and Azure resource Manager.
• Configured Azure Alerts for services using Azure Monitor
• Deployed Azure Encryption for Azure Storage, Azure Key Vault services to protect Applications.
• Played a key role as Subject Matter Expert in ensuring security baseline met Command Cyber criteria for excellent rating during security audit.
• Guided leadership, peers and subordinates in tactics, techniques, and procedures.

Confidential

Information Security Analyst

Responsibilities:

• Implemented web application administration and managed incident tickets.
• Identify web application security vulnerabilities (SAST/DAST) and offer resolution advice
• Develop, maintain, and communicate future and current state security architecture strategies and models
• Conduct risk assessments, threat modelling and information security reviews on workstations, applications and platforms
• Implemented threat modelling and participated in penetration testing.
• Helped in code reviews and risk assessments with tools like Check Marks and HP Fortify.
• Planning and managing the delivery of application Security tests both and source code reviews on high-risk web applications.
• Collect application vulnerability metrics and introduce automated security checks into application build process
• Performed manual penetration testing to exploit and mitigate security threats such as CSRF, XSS, Buffer Overflows, SQL injections and DOS Attacks etc.
• Highest client technical escalation point.
• Designed and developed security-based tools and applications.
• Generated technical reports containing security-based findings.
• Document secure coding guidelines and run training programs to assist internal development personnel
• Responsible for the identification, evaluation, and inclusion of 3rd party Open-source Intelligence (OSINT) data sources.
• Defines, develops & implements Security Event Monitoring and Incident Response strategies & methodologies.
• Participated in routine client calls for existing clients and prospects.
• Provided Sales Engineering support both on and off site of client locations.
• Managed Proof of Concepts (PoC) and pilots to win contracts.

Confidential

Software Engineer

Responsibilities:

• Worked on Implementation, test and operate advanced software security techniques in compliance with technical reference architecture
• Perform on-going security testing and code review to improve software security
• Collaborating with management, departments and customers to identify end-user requirements and specifications
• Designing algorithms and flowcharts to create new software programs and systems
• Producing efficient and elegant code based on requirements
• Testing and deploying programs and applications
• Involved in writing the Test Estimates, Test Planning and Test Strategy planning of Test Preparation and Execution.
• Preparing QTP plans for testing the work requests after delivering from the developers.
• Performed Unit testing, Integration testing, Regression Testing and System testing of the software.
• Implemented Regression and Smoke tests execution as separate step of the deployment process.
• Developed tool for easy code check-in and deployment.
• Created documents related to System Development Life Cycle (SDLC) deliverables.
• Assisted in business process design and documentation as needed for new technology solution implementations.