SUMMARY

• Security professional with 7 years of experience in Web Vulnerability Assessment & Penetration Testing, Network and Information Security.
• IT Audit, Security Assurance, IT Security Testing, Enterprise Governance Risk and Compliance, Incident Response/Management, Project Management, hands on security platforms such as Enterprise Infrastructure Perimeter Network Security and Application Security, End Point Security, Vulnerability and Risk Assessment, Identity and Access Management, Active Directory and VMWare Security.
• Exceptionally analytic individual with vast experience in determining possible network exploits by delving deep into different computer software and systems. Adept at running tests aimed at deciphering system weaknesses and providing suggestions to overcome them.
• Documented success in running both pre - determined and self-designed tests by employing creativity and imagination.
• Deep insight into conducting formal tests on web-based applications and networks, using deep assessment parameters.
• Hands-on experience in reviewing and defining requirements for information security solutions.
• Proficient in ensuring continuous enhancement of existing methodologies and supporting assets.
• Highly Proficient in different types of testing like Functional and Regression testing, System testing, GUI testing, Integration testing, User Acceptance testing, Smoke & Sanity testing and Cross Browser testing.

TECHNICAL SKILLS

Security Tools: McAfee ePO, DLP, Splunk, RSA Archer, Arc Sight, Cisco IronPort, Nmap, Metasploit Burp Suite, OWASP ZAP, Fiddler, Fortify, Nessus, Imperva

Databases: Oracle 11g, SQL, PL/SQL, SQL*Plus, TOAD.

Operating Systems: IBM OS/390, Windows, UNIX, Linux, Kali Linux, Parrot OS

Other Tools: HP Quality Center, QAC, SVN, WSDL, Bugzilla

PROFESSIONAL EXPERIENCE

Confidential, Santa Clara, CA

Information Security Analyst

Responsibilities:

• Responsible for Implementation and management of Systems Security and Application Scanning, risk remediation and performance of the frontend and backend provisioning and monitoring builds.
• Concluded findings for Systems, Networks and Application, provided recommendations for risk remediation with respect to addressing the gap (patches upgrades) and refining the policy compliance.
• Security Review, PCI DSS Standards, FISMA and HIPAA regulations.
• Involved in Security benchmarking processing and reporting of security devices incident using State Event Analysis machine analytics.
• Ensures compliance with policies & procedures, safety, state and federal laws, regulations and standards
• Designed and performed IT general controls testing for PCI DSS Standards and FISMA regulations.
• Worked with team to build and finalize project development, implementation and execution plans with adherence to compliance with the code of conduct and standards requirements.
• Participated in Consumer Web application testing to perform security testing of segregation of duties to assist the client in improving their user management, authentication management, authorization management, access management, and provisioning capabilities.
• Worked on providing a five-star benchmark for every security release in Performance, Endurance, Functional testing, regression testing and Application scan for any security holes.
• Perform application and infrastructure penetration tests along with physical security reviews.
• Monitor adherence to all applicable regulatory requirements, policies, procedures, and Information Security processes to ensure that the appropriate control environment is documented and tracked; consults with management on complex or risky issues.
• Defines and balances IT process and compliance risk with business requirements.
• Contributes to the identification, definition and development of the process to collect key measures or metrics for monitoring or performance reporting purposes.

Confidential, Portland, OR

Security Analyst

Responsibilities:

• Identifying security weaknesses across a variety computer systems.
• Perform complex security related testing, creating test cases, performing manual and automated tests, reporting on problems encountered and documenting test results for follow-up.
• Analyze security test results, draw conclusions from results and develop targeted testing as deemed necessary.
• Proven ability to communicate technical issues to technical and non-technical business area representatives.
• Experience in large scale information technology implementations and operations preferred.
• Design, interpret & communicate information security policies & controls
• Analyze operational IT processes to identify systemic risk issues
• Develop processes and implement tools and techniques to perform ongoing security assessments of the environment
• Implement tools and techniques to identify and prevent unauthorized IT asset deployments
• Keep current on industry security testing best practices and industry security risks

Confidential, San Jose, CA

Security Analyst

Responsibilities:

• Investigating RSA SIEM events to determine any true intrusions.
• Identifying and remediating any threats and vulnerabilities as a Security Monitoring (SOC), Triage and Escalation to T2.
• Documenting incident results and reporting details through ticketing system
• Researching, analyzing and understanding log sources from security and networking devices such as firewalls, routers, anti-virus products, and operating systems
• Escalating issues to Tier-2 and follow up as required.
• Identifying and remediating any threats and vulnerabilities.
• Monitoring DDoS portals and alerting the team by reporting them using pager and opening the bridge call.
• Providing half an hour updates on traffic by monitoring portals from ISP’s.
• Triaging emails sent by internal users depending on the categories and responding to the customers after investigating the emails.
• Gathering all the required information from IDS, SA and Wireshark to investigate some of the attacks like SQLi, Zmeu, RAT, etc., and escalating to T2 and following up on these tickets.
• Execute on appropriate mitigation strategies for identified threats.
• Involved as a team member on a large audit engagement to perform technical software and environment testing
• Perform Risk Assessment on all the components of Infrastructure.

Confidential, Washington DC

Mainframe Tester/QA Engineer

Responsibilities:

• Creating test cases, test data as per the requirements and updating them as change in business and functionality
• As a member of Business Quality Assurance Testing Team (BQATT), developed test scripts in Quality Center from the business requirements for the Facets Claims Processing + ITS module in CFG Batch
• Performed configuration testing of Facets implementation 4.61 for both Hospital and Medical Claims.
• Used Different modules of Facets to test the inter-relation between modules like Claims Inquiry + ITS, Utilization Management, Subscriber/Family, Product etc.
• Involved in various phases of testing like Configuration Integration Testing(CIT), Business validation testing(BVT) and System Integration Testing(SIT)
• Executed the test cases in Quality Center
• Performed backend validations on Oracle DB for testing the results on front end are same as in back end
• Developed automation scripts for regression testing of Web based Facets Application using QTP
• Participating in Weekly Status Meetings and Defect review Meetings.

Environment: - Facets 4.61, ITS 10.41, Quality Center, Merant Tracker, Java, Oracle, QTP, OS/390, Windows, UNIX, COBOL, JCL, TSO/ISPF, DB2, SQL, File-Aid.

Confidential

Mainframe Developer

Responsibilities:

• Analyzing HLR’s to prepare Tech Designs and TDRs.
• Interacting with the customer to get the requirements Clarified.
• Understanding financial application and its interfacing with NPS.
• Preparing test cases and test plans.
• Maintaining deliverables, contributing significantly in taking Tools training to the team. Mentoring and SME.
• Chaired weekly status meeting with onsite team and participated in Load Share meetings.
• Worked on tools like Xpeditor, File Manager, COMP, FROG and SCAM.
• Worked on COBOL, JCL, VSAM and DB2 to extract data in batch and produce results as per requirements.
• Involved in CSR Pre-review part.
• Unit testing of the reports to ensure the correctness of the data

Environment: COBOL, DB2, SQL, VSAM, JCL, File Manager, Xpeditor, COMP, FROG, SCAM, LINKIT, FTP, PDM, NDM, DOCO