SUMMARY:

• IT Professional with 7+ years of experience as Applications Security Engineer; specialized in information technology assurance, web application security, application security controls and validation, regulatory compliance and Secure Software Development Life Cycle (Secure SDLC).
• Experience in developing and implementing Information Security Policies and Guidelines as per OWASP (Open Web Application Security Projects), SANS Secure Coding guidelines.
• Hands on Experience on vulnerability assessment and penetration testing using various tools like Burp Suite, Fiddler, ZAP Proxy, SQL map, HP Web Inspect and IBM AppScan, CheckMarx, HP fortify.
• Experience in identifying SQL Injection, Script Injection, XSS, Phishing and CSRF attack.
• Possesses substantial understanding and experience on the SSDLC, which has been effectively translated across a number of consulting engagements.
• Hands - on with DAST, SAST and manual ethical hacking.
• Vulnerability Assessment includes analysis of bugs in various applications spread across N-tier on various domains by using both manual and Automation tools.
• Excellent communication, interpersonal, negotiation, judgment, decision-making, analysis and problem-solving skills.

TECHNICAL COMPETENCIES:

Core Expertise: Web Application, Security Vulnerability Assessments, Threat Management, Penetration Testing, SDLC, Support/Troubleshooting

Web Applications: Acunetix Web Vulnerability Scanner, IBM AppScan, Zap, HP Web Inspect, Paros, Fiddler2, Brup Suite, FortyDB

Servers & Databases: MSSQL, Oracle

Web Services Testing: Soap UI tool and SOA Test tools for web services security

Tracking Tools: Bugzilla, QC Trac, Team Forge

Network Auditing: Nessus, GFILAN Guard, NMAP

Web Technologies: HTML, Web Services, XML

Languages: C, Java, Python Scripting

PROFESSIONAL EXPERIENCE:

Confidential, Reston, VA

Sr. Application Security Engineer

Responsibilities:

• Performed Web Application Security /Penetration Testing in accordance with OWASP standards using manual techniques and also automated tools.
• Recommend Best Practices for securing the Application.
• Communicating and coordinating day-to-day project activities within the project team and assure that priorities are developed and known.
• Provide assistance to IT staff and provide all security specifications for all vendor products and evaluate all requests for security architecture.
• Assess all risk and evaluate all impact for technology changes in processes and maintain knowledge of all security systems and deploy all required infrastructure.
• Manage all repeated threats to all systems and perform vulnerability tests.
• Evaluate all system and recommend all application patches and suggest appropriate security products and perform regular audit on systems and ensure compliance to all standards and policies.
• Vulnerability assessment using Nessus and other monitoring tools.
• Build enterprise risk dashboards and generate reports as needed for the organization

Environment: Web inspect, Burp suite, Nmap, Nessus, GRC Tools, Archer, Windows, Linux

Confidential, Blue Bell, PA

Sr. Application Security Engineer

Responsibilities:

• Conducted application penetration testing of 20+ business applications.
• Conducted Vulnerability Assessment of Web Applications.
• Responsible for leading in the research, mitigation, and coordination of actions designed to reduce information security risk across internet facing presence.
• Coordinate with dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.
• Security assessment of online mobile applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
• Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing system.
• Created clear communication and collaboration with internal and external teams.
• Performing onsite & remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment.
• Responsible for performing application penetration testing on web, thick client, and other types of applications to identify significant vulnerabilities that threaten the confidentiality, integrity, and availability of customer systems.
• Change Management to highly sensitive Computer Security Controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
• Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System Vulnerabilities and develop remediation plans and Security Procedures.
• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.

Environment: ASP, Kali Linux, Nessus, Nmap, Metasploit, HPfortify, HPwebinspect

Confidential

Sr. Application Penetration Tester

Responsibilities:

• Established vulnerability assessment practice, proactively ensuring safety of client-facing applications and minimizing client audit findings.
• Performing security analysis and identifying possible vulnerabilities in the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities.
• Worked on SQL Injection protection, XSS protection, script injection and major hacking protection techniques
• To address and integrate Security in SDLC by following techniques like Threat Modeling, Risk Management, Logging, Penetration Testing, etc.
• Providing fixes & filtering false findings for the vulnerabilities reported in the scan reports.
• Adding new vulnerabilities to the Vulnerability Database for various platforms with proper exploits.
• Scan Networks, Servers, and other resources to validate compliance and security issues using numerous tools
• Assisting in preparation of plans to review software components through source code review or application security review
• Assist developers in remediating issues with Security Assessments with respect to OSWASP standards

Confidential

Sr. Web Application Security Engineer

Responsibilities:

• Customized reusable shopping cart components and UIs using simple adapters.
• Worked with web services, web views and populated list from databases using cursor adapters.
• Integrated Google Map's API for users to find nearby branches.
• Managed session using Shared Preferences and Alarm Manager to every activity - allowing customers to stay signed in for longer sessions of inactivity.
• Assigned services and Alert Notification API to implement event reminder feature into the mobile app.
• Participated in the Quality Assurance of the app including, testing of the User Interface and testing the app on different mobile devices.
• Developed update patches, modules and components to fix bugs, adhere compliance & mitigate security risks.
• Configured security of the app with HTTP and SSL connection.

Environment: Android SDK, Eclipse, SQLite, Node.js, XML, Java