SUMMARY

• 6+ years of experience in IT industry as security analyst and penetration tester.
• Ability to read and analyze code and Able to configure and connect network switches and routers.
• Worked as an Information Security Test Consultant, involved in recommending security solutions of new applications incorporating secured SDLC, OWASP Top 10 based Vulnerability Assessment of various internet facing point of sale web applications.
• Provide high quality customer service in a professional, service - oriented manner using skills in active listening and problem solving.
• Ability to research and problem solve complex problems and situations.
• Hands on Experience on vulnerability assessment and penetration testing using various tools like Burp Suite, DirBuster, OWASP ZAP Proxy, Nmap, Nessus, Kali Linux, Metasploit, Accunetix.
• Document server issues using ticketing software.
• Involved in the Software Development Life Cycle phases like AGILE and estimating the timelines for projects and to ensure security controls are in place.
• Troubleshoot networking and PC issues, execute and document course of action, test/document solutions, escalate where/as needed, and keep client updated throughout issue lifecycle.
• Diagnosing problems in computer networks and identifying root causes.
• Mature and strong work ethic.
• Experience in Threat Modelling during Requirement gathering and Design phases.
• APen Tester with experience of penetration testing on various applications in different domains.
• Experience in Threat Modelling during Requirement gathering and Design phases and Static Code Analysis during development phase.
• Well versed with Object Oriented concepts and good understanding on programming language (java).
• Has an experience with UI technologies such as HTML, CSS, JavaScript and, Angular Js.
• Penetration testing based on OWASP Top 10.
• Capable of quickly learning and delivering solutions as an individual and as part of a team.
• Having Strong written and oral communication skills.
• Experience managing daily communication with an offshore development teams.
• Ability to work on small teams and big teams as well as independently.
• A good team player, Inquisitive, good in basic concepts and an excellent team player.

TECHNICAL SKILLS

Tools: Burp Suite, DirBuster, OWASP ZAP Proxy, Nmap, Nessus, Kali Linux, Metasploit, Accunetix, sqlmap, IBMappscan, HP Fortify, HP webinspect

Programming languages: Python, PHP, Java, C, Data structures

Web technologies: HTML, CSS, XML, JavaScript

Operating system: Kali Linux, GNU/Linux, Windows

Database system: MySQL, Oracle, MSSQL

PROFESSIONAL EXPERIENCE

Confidential, Cleveland, Ohio

Application Security Engineer

Responsibilities:

• Performed Data Analysis.
• OWASP Top 10 Issues identifications like SQLi, CSRF, XSS, Path Manipulation.
• Created written reports, detailing assessment findings and recommendations.
• Performed, reviewed and analyzed security vulnerability data to identify vulnerability and false positives.
• Worked closely with research and development teams for vulnerability remediation.
• Analyzed and assessed risk in the environment
• Analyzed parsed data from Qualys, Nessus for Vulnerability Remediation.
• Worked on Vendor based Applications, Middleware and layer products.
• Provided both strategic analysis and near real-time auditing, investigating, reporting, remediation, coordinating and tracking of security-related activities for customer
• Analyzed data and prepared reports that document vulnerabilities from network-based attacks and recommended actions to prevent, repair or mitigate these vulnerabilities
• Performed web application penetration testing and infrastructure testing by using the tools like NMAP, Dirbuster, Qualysguard, Nessus, HP Fortify.
• Performed remediation activities for Applications, OS, Database, Middleware, Digital Certificate, Layer Products, Java
• Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, Encryption, Privilege escalations.
• Proactively identified system vulnerabilities to reduce or eliminate potential exploitation using Nessus Security Centre and Passive Vulnerability Scanning.
• Worked closely with all competency teams to effectively and efficiently remediate vulnerabilities.
• Used Qualys, SPI, Remedy and various other tools in remediation effort
• Ensured compliance, Standards and guidelines

Environment: Qualys, HP Fortify, Checkmarx, Shell Script, Nessus, Nmap.

Penetration Tester

Responsibilities:

• Worked as a Technical Security Consultant in the areas of application security highlighting the security controls needed at the design level.
• Understanding & implementation of security into SDLC via application risk assessment, requirements gathering, design review, application vulnerability assessment.
• Validate Input validations, sessions management, client protocol controls, cryptography, Logging, Information leakage.
• Performed thorough penetration testing on web applications.
• Performed both manual and automation vulnerability assessment using tools like burp suite, SQLMap.
• Ensured the issues identified are reported as per the reporting standards.
• Performed validation on design of features like authentication, authorization, accountability.
• Provided the report and explain the issues to the development team.
• Identified attacks like SQLi, XSS, CSRF, RFI/LFI, logical issues.
• Provided security implementation for authorization, by controls like principle of lease privilege, Relinquishing privilege when not in use, Non-Guessable tokens, forced browsing.
• Information gathering of the application using websites like Shodan, Reverse DNS, Hackertarget.com, Google dorks.
• Worked on static code analysis by using the automated tool HP fortify.
• Using various Firefox add-ons like Flag fox, Live HTTP Header, Tamper data and to perform the pen test
• Generated automated report by using HP WebInspect.
• Performed manual testing based on the automated generated report.
• Performed monitoring using security assessment tools.
• Reviewed projects during the SDLC and made recommendations to the project team.
• Burpsuite, Dirbuster, HP Fortify, Nmap tools on daily basis to complete the assessments.
• Managed risk by analyzing the root cause of issues, impact to technology and required corrective actions leveraging advanced analytical skills.

Environment: Kali Linux, Burpsuite, Dirbuster, Microsoft Visual Studio, HP Fortify, Nmap, Wireshark.

Security Engineer

Responsibilities:

• Performed pen tests on different application a week.
• Preparation of security testing checklist to the company.
• Ensured all the controls are covered in the checklist.
• Updated the checklist on weekly basis to ensure all the test cases are up to date as per the attacks happening in the market.
• Information gathering of the application using websites like Shodan, Reverse DNS, Hackertarget.com.
• Using various Firefox add-ons like Flag fox, Wappalyzer, Live HTTP Header, Tamper data to perform the pentest.
• Network scanning using tools like NMap and Nessus.
• Metasploit to exploit the systems.
• Initiative to stream line the access control mechanism of various applications.
• Black box pen testing on internet and intranet facing applications.
• OWASP Top 10 Issues identifications like SQLi, CSRF, XSS.
• Preparation of risk registry for the various projects in the client.
• Trained the development team on the secure coding practices.
• Provided the details regarding the issues identified and the remediation plan to the stake holders.
• Gray Box testing of the applications.
• Identified different vulnerabilities of applications by using proxies like Burp Suite to validate the server-side validations.

Environment: Kali Linux, Burp Suite, DirBuster, IBM Appscan Enterprise, Nmap, Nessus.