SUMMARY

• 8+ years of experience in IT and 4+ years of experience Web Application Security, Logging and Alerting, Security Design, Penetration Testing, Secure Coding, Application Security Controls and Validation, Risk Assessments, Regulatory Compliance and Secure Software Development Life Cycle (secure SDLC).
• Conduct Penetration Testing and Web application security assessments on all the critical servers, web applications and network devices.
• Demonstrated experience establishing a Risk Management process for PCI DSS compliance using the National Institute of Standards and Technology (NIST) & .
• Experience in implementing security in every phase of SDLC.
• Good working knowledge on OWASP Penetration testing methodology, attack vectors in web applications, risk assessment and vulnerability reporting.
• Proficient in understanding application - level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws etc.
• Experience in different web application security testing tools like Burp Suite, Nessus, Veracode, Nmap.
• Excellent client handling skills at every level of security engagement like requirement gathering & scope analysis, security testing & reviews, reporting & demonstration of the issues.
• Hands - on experience on tools like Nmap, Nessus, Qualys Guard, Metasploit, Wireshark, HP Fortify.
• Experience in working with C and .Net, Java, JavaScript, J2EE, XML, Software teams and try to solve the errors in order to reduce Flaws.
• Conducted security assessments for external and internal web applications including N-tier apps, single page web application (SPA), API and web services.
• Capable of identifying flaws like Injection, XSS, Insecure direct object reference (IDOR), Security Misconfiguration, Sensitive data exposure, Functional level access control, CSRF, Invalidated redirects.
• Experience designing and implementing cloud services (e.g., IaaS, PaaS, SaaS, etc.) offered from public cloud service providers such as Microsoft Azure.
• Good experience in dynamic application security testing (DAST) and manual penetration testing of applications.
• Experience of undertaking both automated and manual application Penetration Testing assessments within Agile environments.
• Experience in detecting - SQL injection, XML injection, techniques to obtain command prompts on the servers, PDF exploits, HTTP response splitting attacks, CSRF, web services vulnerabilities.
• Having Experience in security standards/Guideline in PCI DSS, HIPPA, CVSS Scoring.
• Knowledge of Cryptography and Public Key Infrastructure (PKI).
• Expertise in vulnerability validations and providing cost-effective solutions by following industry best practices (OWASP & SANS 25)
• Hands-on experience, specializing in Cisco and Aruba Environment in Data Center, systems, network and user administration, LAN / WAN, routing, switching, and wireless.
• Experience in analyzing security logs generated by Intrusion Detection/Prevention Systems (IDS/IPS), firewalls, network flow systems, Anti-Virus, and/or other security logging sources.
• Worked with management to coordinate responses to information security control testing and vulnerability scans, audits, and assessments.
• Extensive knowledge of OSI and various network Protocols (DNS, DHCP, TCP/IP, FTP, TFTP, UDP, ICMP, IPV4, IPV6, HTTP, SNMP, NFS)
• Excellent Verbal, written communication skills and Interpersonal skills with ability to work with large teams as well as independently with minimum supervision & team player.

TECHNICAL SKILLS

Web security Penetration testing: Burp Suite, OWASP Zap, Acunetix, SQLMap, Kali (OS), Wappalyzer.

Network security Penetration Testing: Nessus, Wireshark, Nmap, Hydra, Nets parker, Metasploit framework, Open Vas, Net cat, Custom scripts.

Mobile Penetration Testing: MOBSF, Drozer, Santoku (OS), Dex2jar, jd-gui, SQLite Browser, ADB, Android Studio, GenY motion(emulator).

Primary Skills: Reconnaissance, Gaining Access, Enumeration, Maintaining Access.

Networking Skills: LAN, WAN, Switching, Routing, NAT, VTP, VLAN, TCP/IP, UDP, ARP, NTP, OSPF, VoIP,SIP, SSL, VPN, ESP, 802.11 Wireless, HTTP, HTTPS, FTP, POP3, SMTP, DNS, DHCP.

Security Vulnerabilities: SQL injection, XSS, CSRF, Session Management, Cryptographic issues.

Security Testing Tools: Fortify, Coverity, Burp Suite, Zed attack proxy, Nmap, Nessus, Wireshark, Metasploit, Kali Linux

Operating Systems, scripting and Language: Window 7/8, Linux, Unix, MS DOS, C++, python, Java Script. PowerShell Script.

Web Technologies: HTML 4.0/5, XHTML, DHTML, CSS2/CSS3, JAVASCRIPT, JQUERY, AJAX, JSON and XML

PROFESSIONAL EXPERIENCE

Confidential, Charlotte NC

Security/Application Pen Tester Engineer

Responsibilities:

• Responsible for Planning, conducting, and reporting vulnerabilities and risks assessed for Confidential applications.
• Involved with a team of 5 security analysts, managing and executing complex security testing projects and ensuring high level of quality in service delivery.
• Identifying the critical, High, Medium, Low vulnerabilities in the Confidential applications based on OWASP Top 10 and SANS 25 vulnerabilities and prioritizing them based on the criticality.
• Security assessment on the Confidential web application to identify vulnerabilities in different categories like Authentication, Authorizing and Input data validation.
• Used industry testing tools to include, Nessus, Tenable, Web Inspect, AppDetective, DB Protect and XACTA.
• Participated in the implementation of Azure Cloud security for applications being deployed in the Cloud.
• Reverse engineered third party applications and developed proof of concepts exploits.
• Identify issues in the web applications in various categories like Cryptography, Exception Management.
• Work with software development teams, DB/Unix administrators and solution architects as a subject matter expert related to security compliance with PCI DSS and industry standards.
• Explain risks associated with vulnerability to the project team for better understanding and guide project team towards its closure / remediation.
• Identifying issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, Encryption, Privilege escalations.
• Execute and craft different payloads to attack the system for finding vulnerabilities with respect to input validation, authorization checks.
• Experience in Microsoft products, protocols and tools: Microsoft Exchange O365, SharePoint, Active Directory, SQL, DNS.
• Administered AZURE AD for providing O365 and Defender ATP permissions.
• Worked on Kali Linux to do web application assessment with tools like Nmap, NSookup, SQL map and Auxiliary modules.
• Works with Cyber Security engineering tools like AlienVault, Tenable, Tanium and Symantec all deployed in cloud instances. Conducted security assessment of PKI Enabled Applications.
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP for web mobile application penetration tests. Vulnerability assessment (VA), Security policy, and network and security audit.
• Configuration and management of Cisco IDS, Checkpoint firewall.
• Acquainted with various approaches to Grey Black box security testing.
• Provide preventive, mitigating, and compensating controls to ensure the appropriate levels of protection and adherence to the goals of the overall information security strategy.
• Assist customer in understanding risk and threat level associated with vulnerability so that customer may or may not accept risk with respect to business criticality.
• Develop Best Practices to maximize the use of Splunk Enterprise Security with Carbon Black, Qualys, Varonis, CyberArk, Symantec, and Zscaler.
• Worked on installation, configuration, administration and troubleshooting of LAN/WAN infrastructure.
• Risk assessment on the application by identifying the issues and prioritizing the issues based on risk level.
• Preparing Test plan to the complete engagement with licensing costs and number of business days for the project.
• Develop Best Practices to maximize the use of Splunk Enterprise Security with Carbon Black, Qualys, Varonis, CyberArk, Symantec, and Zscaler.
• Monitor, Analyze and respond to security incidents in the infrastructure.
• Investigate Make sure the mobile applications should follow the OWASP Mobile Application Security Verification Standard (MASVS).
• Performed installation and configuration management of security systems and applications including Cisco Email Security, Cisco tetration, Burp Suite, Confidential defender ATP, including policy assessment and compliance tools, network security appliances and host-based security systems.
• Managing all ACC systems from endpoint perspective using Defender ATP tool which includes managing Agent, VSE, pushing client tasks.
• Provided leadership in architecting and implementing security solutions towards Nessus, ATP defender, Cisco tetration, Cisco Umbrella, Cisco stealth watch and Cisco Email security
• Good experience in Web technologies like HTTP, HTML, CSS, Forms, Database Connectivity.
• Preparing threat profile for the business logic checks by performing the requirement & scope analysis Monitor compliance and ensure enforcement with all PCI DSS, and NIST requirements as applicable to the organization.
• Participate in documentation and product review process for new product introductions.

Confidential, Jacksonville, FL

Security Engineer/Penetration Testing

Responsibilities:

• Worked on OWASP Top 10 Issues identifications like SQLi, CSRF, XSS, Path Manipulation and Performed pen tests on different applications.
• Working with Red team to do application testing, Web application testing etc.
• Conduct vulnerability assessment and penetration testing and configuration review for Confidential applications, systems, and networks.
• Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, encryption, Privilege escalations.
• Execute and craft different payloads to attack he system to execute XSS and different attacks.
• Review and Validate the User Access Compliance on a quarterly basis.
• Review the requirements for privileged access on an every.
• Found web site security issues (XSS, CSRF, session fixation, SQL injection, information leakage, application logic etc.) across various platforms.
• Plan and implement proof of concept implementations for Varonis for SharePoint, Kenna risk management product and Symantec DLP.
• Documenting the Confidential ’s Security procedures and changes related to design, installation, and support.
• Working experience with Identity and security access management (ISAM), network security within SaaS, IaaS, PaaS, and Azure cloud environments.
• Verifying the security posture of the applications with respect to OWASP TOP 10 vulnerabilities.
• Understanding the functionalities of the application to perform Business logic test and verifying all the sensitive information is properly protected.
• Identified High Severity issues like SQL INJECTION, XSS, CSRF, Missing Functional Level Access Control, and SSL/TLS related issues etc.
• Reporting the identified vulnerabilities with detailed description about the issues, step to reproduce the issues and its countermeasures.
• Responsible for network management including network performance tuning, security monitoring, file server backup, email server administration, and public domain.
• Created written reports, detailing assessment findings and recommendations.
• Acquainted with various approaches to Grey & Black box security testing.
• Used Burp Suite, NMAP, Nessus, SQL Map for Confidential web application penetration tests and infrastructure testing.
• Manual penetration testing of the applications and APIs to identify the OWASP Top 10 vulnerabilities and SANS 25.
• Proficient in understanding application-level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws etc.
• Performing onsite & remote security consulting including penetration testing, application testing and web application security assessment.
• Checking Network Monitoring System and generating a report for all Network event by using the Wireshark
• Document the vulnerabilities with proper POC’s for scanned results by performing vulnerability assessment and penetration testing.
• Generated reports for the Confidential management with proper mitigation as per threats and latest vulnerabilities.
• Provide Weekly Project Status updates to the Project Manager.
• Validate configurations to make sure they are aligned with existing methods and practices. Identifies and mitigates project risks and conflicts.

Confidential, Brooklyn, New York

Information Security Engineer

Responsibilities:

• Develop process and implement tools and techniques to perform ongoing security assessments of the environment.
• Worked on analyzing the development of technical documentation, including test plans, executive briefs, and test reports.
• Assist in reviews of business solution architectures from security point of view which helps avoiding security related issues / threats at the early stage of project.
• Worked with external vendors to perform penetration tests on network devices, operating systems, databases, and application as necessary.
• Analyzing all the business requirements and providing high level estimations with work breakdown structure.
• Extensive, demonstrable knowledge of security vulnerabilities and remediation techniques.
• Performed web application testing (manually and with tools such as Burp suit, Dir buster, SQL Map, Hydra).
• Review the requirements for the privileged access on an everyday basis and provide recommendations.
• Performed application penetration tests as well as physical security review and social engineering tests for the clients.
• Worked on Cisco IronPort Email and Web Security.
• Involved in providing windows, Linux, and Unix server administration and office 365 administration, including Gmail.
• Having ability to plan, organize and coordinate work assignments, and to communicate technical data effectively, verbally and in writing.
• Write reports, assessments and provide decision support on information security risks and controls to executives
• Integration request status and remediation efforts for RSA Archer and any other integrated security tools
• Content development request for RSA Archer and any other integrated security tools
• Responsible for enhancing the Risks & Controls
• Perform cyber security assessments on emerging business initiatives, third-party services by assessing the impact and likelihood of risk events.
• Assess the impact of potential adverse events and recommend effective controls and mitigations.
• Review and evaluate third-party products/services.
• Regularly maintain systems and procedures and effectively assess the information risk.
• Support customer business partners to understand IT security risks, standards, and best practices.
• Prepare security assessment plan, secure resources, and hold kick-off meetings prior to assessment.
• Conducted vulnerability testing using tools like Nessus, Burp Suite, Retina and Web Inspect, and analyzed reports.
• Administering Nexpose by creating multiple sites, tags, static/dynamic groups, reports on a regular basis.
• Produce vulnerability, configuration, and coverage metrics and reporting to demonstrate assessment coverage and remediation effectiveness by using Nexpose.
• Configure and troubleshoot McAfee ePO policies for managed systems on production networks and provide system admiPCIrator support.
• Contribute to the technical direction on all areas of PKI architecture, including policies, standards, strategies, automation, and governance.
• Provide guidance to key stakeholders on PKI lifecycle, processes, and procedures.

Confidential, Pittsburg - PA

Network Engineer

Responsibilities:

• Responsible for installing and configuring Cisco Catalyst switches 6500, 4000, 3750 & 3550 series
• Experience in layer-3 Routing with, Cisco 7600, 7200, 3810, 3925, 2811 series.
• Designing, Implementing and Troubleshooting Cisco Routers and Switches using different routing protocols like RIP, OSPF, EIGRP, BGP, ISIS & MPLS L3 VPN, and VRF.
• Have experience and worked with configuring session persistence and web services.
• Experience in Wireless LAN (IEEE 802.11) and deployment of Aruba access point.
• Configured ACLs, VLSM, NAT, DHCP server, and DHCP relay on Cisco routers.
• Configured HSRP and VLAN Trunking 802.1Q, VLAN routing on catalyst 6500 switches.
• Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Configured VRRP & GLBP and VLAN Trunking 802.1Q & ISL, STP, Port Security on Catalyst 6509 switches.
• Troubleshooting and escalation management of day-to-day issues for offices. Managing Co-location and Datacenter infrastructure in North America.
• Security policy review and configuration in Palo Alto and Junipers Firewall in US offices and Datacenter. Designed and configured of OSPF, BGP on Juniper Routers and SRX Firewalls.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500 with ACL, NAT, Object Groups, Failover, Multi-Contexts
• Involved in Switching Technology Administration including creating and managing VLANS's, Port security, Trunking, STP, Inter-Vlan routing, LAN security etc.
• Responsible for day-to-day management of Cisco Devices, Traffic management and monitoring.
• Having Knowledge in Configuring Site-to- Site and Remote Access VPNs, NAT/PAT policies on Palo Alto Firewalls.
• Performing the ACL requests changes for various clients by collecting source and destination information from them.
• Implemented SNMP on devices to allow for network management.
• Monitoring the network flow and identifying flaw in the networking using the network monitoring tools (Wireshark and solar winds) and reporting to the Sr. Engineer
• Provided Technical supports for internal users and resolved trouble shooting tickets.

Confidential

Network Support Analyst

Responsibilities:

• Involved in the design using the best practices for the layout of rack, switch, and company’s cabling infrastructure.
• Install and managing network devices including Hubs, routers, and Switches.
• Supported and maintained networking devices, cabling, and standalone systems as part of job duties.
• Implementation of name resolution using DNS in TCP/IP environment
• Worked on Cisco Layer 2 switches (spanning tree, VLAN, VTP, Trunking using dot1q).
• Perform Hardware Support and troubleshooting.
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems
• Implementation of name resolution using DNS in TCP/IP environment
• Implementation of firewalls from Scratch to administration and maintenance of Cisco and Checkpoint Firewalls.
• Installed and configured routers including 1800, 2800 along with Cisco switches including 3750 and 6500.
• Installed and Configured Active Directory in Windows Server 2003 and helped System Admin to set up LAN network in the company.